[THIN] Re: Tough one!

• From: "Chris Lynch" <lynch00@xxxxxxx>
• To: <thin@xxxxxxxxxxxxx>
• Date: Wed, 18 Sep 2002 08:51:06 -0700

 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

My exact reply.  Most likely the TCP/IP KeepAlive values on your
firewall are set too short.  This is also caused with hardware
load-balancers.  I don't know exactly where you would configure this,
as I am no Linux expert.  I would imagine you could find a support
doc from the vendor you got the Linux distro from.

I'll go through some of my Linux books to see if any of them ofer any
suggestions or if it states where to change this, and I'll reply back
if I do.

CHRIS LYNCH -  MCSE, CCNA, CCA
NETWORK ENGINEER - INFORMATION TECHNOLOGY
NRT Incorporated, 27271 Las Ramblas, Mission Viejo, CA 92691
Chris.lynch@xxxxxxxxxx  Tel 949.367.3406


- -----Original Message-----
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On
Behalf Of Shannon Wyatt
Sent: Wednesday, September 18, 2002 4:29 AM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: Tough one!



My guess would be that you need to enable TCP/IP Keepalives.

- -----Original Message-----
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On
Behalf Of Kenneth Grande, Driftsjef aspIT as
Sent: Wednesday, September 18, 2002 4:01 AM
To: thin@xxxxxxxxxxxxxxx; thin@xxxxxxxxxxxxx
Subject: [THIN] Tough one!


A short description of my problem:

I have a relatively small LAN with approx 50 users, i have divided
the LAN into two, and seperated them with a firewall (security
issues). The firewall is a plain Linux firewall with masquerading,
and IPv4 Ip_forward. (the firewall acts on behalf of all the clients,
as if all clients on the inside had one "outside" ip address")

My problem occurs when one of the clients goes idle for about 10-15
minutes: The client get a message indicating that the Terminal server
has ended the connection The console on the server still indicates
that the client is idle, but the truth is that it has been
disconnected for some reason. If i log on the user again, the session
which still is indicating an idle session, remains untouched -and a
new active session is created. (this also result in a lot of cpu
usage, if the user log on and on and on and on, as a result of the
disconnect.)

Then to the really annoying part of this issue:
Both the domain administrator and the local administrator (of the
terminal server), can stay idle for 2 days without getting
disconnected. I have tried to make a domain user a member of the
domain admin/local terminalserver admin group, but with no luck. The
normal user (with administrator
priveliges) still gets disconnected.

Then to the REALLY annoying part of this issue:
If i move the client to the other side of the firewall, everything
works fine. I assumed it to be a firewall problem until i figured out
that the domain admin and the local admin (of the terminal server),
dont have a problem.

Summary:

Inside of the firewall:
Domain admin works fine
Local admin of the terminal server works fine
Domain user does not work fine
Domain user with administrator priveliges does not work fine

outside of the firewall:
Everything works fine.

Anyone know how to fix this problem?

A possible solution could perhaps be to keep the session from turning
idle, but i havent figured out a way to do this. If the user works
continuously, he/she will not experience any problems. The problems
occur after beeing idle for about 10 - 15 minutes.

Best Regards,
Med Vennlig Hilsen,

Kenneth Grande
Driftsjef
aspIT as / WAN Telemark
P.B 33
3840 Seljord
Tlf: +47 97 59 15 48
Epost: kenneth.grande@xxxxxxxx
Epost: kg@xxxxxxxxxxxxxxx
WEB: www.aspit.no
WEB: www.telemark.wan.no
- ---
Importer gjerne min PGP Key for sikker utveksling av informasjon.
- ---





**********************************************
This weeks sponsor Jetro Platforms 
Jetro Platforms Ltd. is an enterprise software developer, 
bringing a new era in server-based computing, secured internet 
access, and disaster recovery.  We make IT Easy! 
http://www.jp-inc.com/
***********************************************

For Archives, to Unsubscribe, Subscribe or 
set Digest or Vacation mode use the below link.

http://thethin.net/citrixlist.cfm

**********************************************
This weeks sponsor Jetro Platforms 
Jetro Platforms Ltd. is an enterprise software developer, 
bringing a new era in server-based computing, secured internet 
access, and disaster recovery.  We make IT Easy! 
http://www.jp-inc.com/
***********************************************

For Archives, to Unsubscribe, Subscribe or 
set Digest or Vacation mode use the below link.

http://thethin.net/citrixlist.cfm

-----BEGIN PGP SIGNATURE-----
Version: PGP 7.1

iQA/AwUBPYig6vl56xfvzmMfEQLEYQCg6rXQ+coFNsEuTJ0cLI5xUcCwW2cAnjCX
Z7kdPLmgkYhyxaHz6DGtXPxj
=wwnR
-----END PGP SIGNATURE-----

**********************************************
This weeks sponsor Jetro Platforms 
Jetro Platforms Ltd. is an enterprise software developer, 
bringing a new era in server-based computing, secured internet 
access, and disaster recovery.  We make IT Easy! 
http://www.jp-inc.com/
***********************************************

For Archives, to Unsubscribe, Subscribe or 
set Digest or Vacation mode use the below link.

http://thethin.net/citrixlist.cfm

• Follow-Ups:
  • [THIN] SV: Re: Tough one!
    • From: Kenneth Grande, Driftsjef aspIT as

• References:
  • [THIN] Re: Tough one!
    • From: Shannon Wyatt

Other related posts:

• » [THIN] Tough one!
• » [THIN] Re: Tough one!
• » [THIN] Re: Tough one!

1. Home
2. thin
3. Archive
4. 09-2002

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---