Multi-Homed TS on Win2K Server Disconnects?
From: Gordon Fecyk (gordonf_at_pan-am.ca)
Date: 02/11/05
- Next message: Patrick Rouse: "RE: setting up thin clients?"
- Previous message: Tom3234: "Why is Terminal Services running on port 80 instead of 3389?"
- Messages sorted by: [ date ] [ thread ]
Date: Thu, 10 Feb 2005 21:33:38 -0600
I've tried to run a Windows 2000 TS with Win2K Pro clients in app server
mode with more than one LAN adapter. The reasoning for this is to provide a
dedicated Internet connection for inbound TS clients.
I also deliberately hacked the TS LAN cards' settings to make sure internal
LAN traffic goes on one card and TS traffic goes on the other. The
resulting routing table looks like this:
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.101 1
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.1.0 255.255.255.0 192.168.1.101 192.168.1.101 1
192.168.1.101 255.255.255.255 127.0.0.1 127.0.0.1 1
192.168.1.255 255.255.255.255 192.168.1.101 192.168.1.101 1
192.168.64.0 255.255.255.0 192.168.64.67 192.168.64.67 1
192.168.64.67 255.255.255.255 127.0.0.1 127.0.0.1 1
192.168.64.255 255.255.255.255 192.168.64.67 192.168.64.67 1
224.0.0.0 224.0.0.0 192.168.1.101 192.168.1.101 1
224.0.0.0 224.0.0.0 192.168.64.67 192.168.64.67 1
255.255.255.255 255.255.255.255 192.168.1.101 192.168.1.101 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None
192.168.1.101 is the TS machine's Internet-side interface, which has a
default gateway. It happens to be sitting behind a NAT device which acts as
a firewall, and which I've port-forwarded TCP 3389 to 192.168.1.101 so it
can accept TS clients out on the Internet. I've also disabled Client for MS
and File & Print Sharing for MS on this adapter.
192.168.64.67 is the internal LAN, which does NOT have a default gateway.
It has Client and F&PS enabled normally.
The TS is a member of an AD domain. It is not a Domain Controller - the DC
(and TS licensing server) is elsewhere in 192.168.64.0/24. Internet-bound
traffic goes out one adapter, and LAN traffic goes out the other. I had to
do this to avoid delays in LAN access and to avoid slowdowns - there's a lot
of inter-office traffic going on over the "normal" network that required me
to set up a dedicated connection for inbound TS clients to keep the latency
low.
OK, so far, so good. Until I try connecting from the Internet. If I do
this, and I do something to make the connection idle (such as minimizing the
client window) and come back a couple of seconds (only seconds!) later, I
get a black screen and an eventual disconnection. Sometimes, I just need to
sit there looking at the TS display and do nothing, and it locks up in front
of me. This does not seem to happen when connecting to the TS from the
regular LAN.
What's more, is if I disable the second LAN adapter, provide a default
gateway for the first LAN adapter, and allow inbound TS connections through
there, the connection stays up! I can leave it idle for hours and come back
to it without losing a step.
At first I thought I had a bad router on the Internet side, so I replaced it
and updated its firmware. I reduced the MTU to stupidly low levels and
restored it back to its default (1492 for DSL). I swapped the DSL modem,
swapped cables, even swapped LAN adapters. I even tried splitting the TS
connections (calling one RDP-LAN and one RDP-INT, and specifying which LAN
card each used), to no avail. To make sure the firewall wasn't dropping my
connection, I turned it to "Keep Alive" mode (Linksys BEFSR41, firmware
version 1.05 dated OCT 2004) to make sure it wasn't dropping the DSL (PPPoE)
connection on me.
It crossed my mind to use a software PPPoE protocol (like RASPPPoE) to
eliminate the router being at fault, but I don't want to expose the TS
directly to the Internet. Were this Win 2003 Server TS, maybe I'd consider
that and enable its included firewall. There are other reasons why we
haven't switched to Win2K3 yet (mostly surrounding TS licensing costs - With
Win2K TS and Win2K Pro clients we can do it for free legally).
I'm wondering if there are some inherent problems with running TS on a
multi-homed machine. Perhaps I need to disable TS on the LAN side
entirely - this is doable if I must, though I have a couple of users with
laptops that aren't running the standard office kit, and won't let me put
said kit on their machines. TS lets me give them a standard kit on their
personal machines.
-- PGP key (0x0AFA039E): <http://www.pan-am.ca/consulting@pan-am.ca.asc> What's a PGP Key? See <http://www.pan-am.ca/free.html> GOD BLESS AMER, er, THE INTERNET. <http://vmyths.com/rant.cfm?id=401&page=4>
- Next message: Patrick Rouse: "RE: setting up thin clients?"
- Previous message: Tom3234: "Why is Terminal Services running on port 80 instead of 3389?"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
