Hello, I am troubleshooting a baffling situation where a windows workstation with IP 10.167.178.6 is unable to RDP into windows server at IP 10.0.129.208. There are no connectivity issue between the client and the server other than RDP. There is no ACLs on the routers between the two, and no firewall. The RDP session does connect initially and the user is prompted for for login credentials, but upon authentication the RDP just hangs. Packet capture shows TCP re-transmissions... I need help decrypting what is causing those retransmissions and the RST. I would greatly appreciate any feedback. Thank you in advance. See link below for the pcap: asked 06 Sep '16, 22:54  pc7 edited 06 Sep '16, 22:55 |
This is a static archive of our old Q&A Site.
Please post any new questions and answers at ask.wireshark.org.
Just a blind shot - I had a similar situation a couple of months ago. The remedy was to disable jumbo frames in the network card settings of the server. I haven't captured the traffic back then, though.
Hi Sindy, thank you for the feedback. I'll look Jumbo frames.
Seems that that the client did not receive all packets from the server (packet loss).For example: The ACK for Frame 4 is missing.
If I where you, I would trace as close as possible next to the server, but not onside.
Is the server on a virtual machine? Have checked the network path (CRC Counters)?
Hi Christian_R, yes the server is a virtual machine. I will check the network for CRC counter error. Thanks
Ok, good that you Check the network for CRC. But it could be that you got the packet loss inside the vm.