Monday, June 22, 2020

Scratching my head solving a VPN problem

Hello,

First of all I am sorry for my English. It is not my primary language but I am doing my best to make everything as clear as possible. If I miss any information, please ask!

Unfortunately I am spending my latest few days trying to solve a strange with I think is a VPN problem. We've got a location which is using a Unifi USG Pro router connected to a 'central' Fortigate firewall. This firewall has a separate tunnel to to our datacenter which hosts a terminal server (2008 R2) and a check out server (2008 R2), which uses a SQL connection to/for all our locations.

When connecting to the terminal server it prompts for the login credentials. You can supply any credential and it seems to process it, but after about 15 seconds it shows up a 'Cannot connect to remote computer' screen. This is while other locations can connect to the same server perfectly fine. Sometimes we're able to make a single connection about every 3 hours, but once disconnected and attempting to reconnect it shows the mentioned error message.

We also experience a problem where the checkout server cannot make a SQL connection to the central checkout server. It is able to connect to it, but it just fails to stay connected for over 1-2 seconds.

The checkout server is running Windows 7, the same goes for all other clients attempting to connect to the terminal server. I know we have to upgrade, but a request to do so is denied by management so we're forced to ride this train..

I've tried the following things:

  • Factory reset USG Pro Router.
  • Update to the latest version of the Unifi router, switch and AP's.
  • Enabling TLS 1.0, 1.1, 1.2, 2.0 and 3.0 on the client computers.
  • Editing the local host file so it connects directly to a terminal server instead of connecting to the broker.
  • Reconnecting/reconfiguring the IPsec VPN tunnel.
  • Lowering the MTU packet size/enabling Jumbo frames.
  • Using another DNS server which also resolves the central checkout/terminal servers hosted in our datacenter.

If someone has any idea's on how to troubleshoot/solve this I would love to hear it. I'm really out of idea's..

Thank you in advance!



at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)