This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

[closed] RDP sessions getting intermittent TCP RST+ACK’s

0

Hey guys I've got a question.

I've installed a server 2012 R2 hyper-v with a few VM's in them. One of them is a TS. My client is having issues with the TS because every now and then they get a popup from RDP that the connection is interrupted and that it will retry to setup the connection. This is visible for less then a second, but is very disruptive when working.

I've been doing some captures on the Hypervisor itself and am seeing a lot of RST, ACKs when the interruptions appear. The stream can be going for some time but they all end the same.

212651  2287.339664000  10.0.0.25   10.0.0.110  TPKT    155 Continuation
212693  2287.540852000  10.0.0.110  10.0.0.25   TCP 60  61059→3389 [ACK] Seq=76446 Ack=237599 Win=64768 Len=0
213075  2288.339741000  10.0.0.25   10.0.0.110  TPKT    155 Continuation
213292  2288.652196000  10.0.0.25   10.0.0.110  TPKT    155 [TCP Retransmission] Continuation
213319  2289.261509000  10.0.0.25   10.0.0.110  TPKT    155 [TCP Retransmission] Continuation
213334  2289.339681000  10.0.0.25   10.0.0.110  TPKT    155 Continuation
213437  2290.339736000  10.0.0.25   10.0.0.110  TPKT    155 Continuation
213444  2290.464660000  10.0.0.25   10.0.0.110  TPKT    357 [TCP Retransmission] Continuation
213631  2291.339771000  10.0.0.25   10.0.0.110  TPKT    155 Continuation
213709  2292.355402000  10.0.0.25   10.0.0.110  TPKT    155 Continuation
213735  2292.870883000  10.0.0.25   10.0.0.110  TPKT    559 [TCP Retransmission] Continuation
213828  2293.355672000  10.0.0.25   10.0.0.110  TPKT    155 Continuation
214009  2294.355357000  10.0.0.25   10.0.0.110  TPKT    155 Continuation
214204  2295.370990000  10.0.0.25   10.0.0.110  TPKT    155 Continuation
214206  2295.371172000  10.0.0.110  10.0.0.25   TCP 66  [TCP Dup ACK 212693#1] 61059→3389 [ACK] Seq=76446 Ack=237599 Win=64768 Len=0 SLE=238306 SRE=238407
214230  2295.465630000  10.0.0.110  10.0.0.25   TCP 60  61059→3389 [RST, ACK] Seq=76446 Ack=237599 Win=0 Len=0
214265  2295.538954000  10.0.0.110  10.0.0.25   TCP 66  61214→3389 [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1
214268  2295.539242000  10.0.0.25   10.0.0.110  TCP 66  3389→61214 [SYN, ACK] Seq=0 Ack=1 Win=64000 Len=0 MSS=1460 WS=1 SACK_PERM=1
214270  2295.539754000  10.0.0.110  10.0.0.25   TCP 60  61214→3389 [ACK] Seq=1 Ack=1 Win=65536 Len=0

As you can see the connection is happily resumed after the reset.

Any idea what could be causing these resets? The capture is performed on the NIC that handles all VM traffic. The client I've been using to test is connected to the same switch as the Hyper-V server. The Hyper-V isn't using any teaming on the virtual nic.

asked 10 Mar '15, 08:22

Fraeco's gravatar image

Fraeco
6112
accept rate: 0%

closed 26 Mar '15, 02:46

Jaap's gravatar image

Jaap ♦
11.7k16101

Hi,

I have same problem but with physical machines (no hyperv). The problem appear when the connection pass by a NetASQ Firewall. Have you any solution ?

(25 Mar '15, 15:01) jboitel

The question has been closed for the following reason “Question is off-topic or not relevant” by Jaap 26 Mar ‘15, 02:46