Sporadic RDP connection thru a CISCO ASA 5505 Firewall

[guest]

My users are able to connect to a Windows 2008 Foundation Server terminal server with an IP address of 192.168.1.2 fine. However the connection to the same server from an outside public address thru the firewall is sporadic. Sometimes works but most of the time it does not. Cisco support reviewed and tested the firewall for over an hour and verified that one of the public IP addresses I have in the ASA is properly mapped to 192.168.1.2 for port 3389.

He ran a packet capture and told me that “The captures show a Reset from the RDP server to the client.”

He is referring to the Letter R in the second packet of the 7 packet capture shown below.



1: 17:30:42.879944 802.1Q vlan#1 P0 75.79.36.45.50323 > 192.168.1.2.3389: S 3766146062:3766146062(0) win 8192 <mss 1260,nop,wscale 2,nop,nop,sackOK>

2: 17:30:42.880600 802.1Q vlan#1 P0 192.168.1.2.3389 > 75.79.36.45.50323: R 0:0(0) ack3766146063 win 0

3: 17:30:45.874298 802.1Q vlan#1 P0 75.79.36.45.50323 > 192.168.1.2.3389: S 617179188:617179188(0) win 8192 <mss 1260,nop,wscale 2,nop,nop,sackOK>

4: 17:30:45.874512 802.1Q vlan#1 P0 192.168.1.2.3389 > 75.79.36.45.50323: S 504077016:504077016(0) ack 3766146063 win 8192 <mss 1460,nop,wscale8,nop,nop,sackOK>

5: 17:30:45.874573 802.1Q vlan#1 P0 192.168.1.2.3389 > 75.79.36.45.50323: S 504077016:504077016(0) ack 3766146063 win 8192 <mss 1460,nop,wscale8,nop,nop,sackOK>

6: 17:30:48.880554 802.1Q vlan#1 P0 192.168.1.2.3389 > 75.79.36.45.50323: S 504077016:504077016(0) ack 3766146063 win 8192 <mss 1460,nop,wscale8,nop,nop,sackOK>

7: 17:30:54.880951 802.1Q vlan#1 P0 192.168.1.2.3389 > 75.79.36.45.50323: S 504077016:504077016(0) ack 3766146063 win 8192 <mss 1460,nop,nop,sackOK>


Any suggestion will be greately appreciated on how to resolve this issue.
Some related questions:

1- Can and how do I enable detailed logging on ther server to see what happens at that end?

2- If this is a timeout issue, can I chnage that?

Thank You and merry Christmas.

[guest]

Assume this is Event ID 675, it could be the credentails issue or network/DNS issue. Is the DC multihomed computer or is the TS is multhomed computer? Posting the result of ipconfig /all and netdaig here may help. This troubelshooting page may help too.

Event ID 675 - http://www.chicagotech.net/troubleshooting/event675.htm

Event ID 675 – Pre-authentication failed. Event Type: Failure Audit Event Source : Security Event Category: Account Logon Event ID: 675. Computer: xxx ...
www.chicagotech.net/troubleshooting/event675.htm

[guest]

Solved!

The LAN side of my firewall, the SBS domain controller and the 2008 terminal server were all connected to a switch provided by a VOIP vendor. I added a new 4 port switch and connected those three hardware items to the new switch and then connected the new switch to the VOIP switch. RDP connections from the Internet are working every single time now.

I guess the VOIP switch must have been blocking or delaying some sort of a non-voice protocol. (Don’t have the login credentials to check)

Thank you all!