-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 My exact reply. Most likely the TCP/IP KeepAlive values on your firewall are set too short. This is also caused with hardware load-balancers. I don't know exactly where you would configure this, as I am no Linux expert. I would imagine you could find a support doc from the vendor you got the Linux distro from. I'll go through some of my Linux books to see if any of them ofer any suggestions or if it states where to change this, and I'll reply back if I do. CHRIS LYNCH - MCSE, CCNA, CCA NETWORK ENGINEER - INFORMATION TECHNOLOGY NRT Incorporated, 27271 Las Ramblas, Mission Viejo, CA 92691 Chris.lynch@xxxxxxxxxx Tel 949.367.3406 - -----Original Message----- From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Shannon Wyatt Sent: Wednesday, September 18, 2002 4:29 AM To: thin@xxxxxxxxxxxxx Subject: [THIN] Re: Tough one! My guess would be that you need to enable TCP/IP Keepalives. - -----Original Message----- From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Kenneth Grande, Driftsjef aspIT as Sent: Wednesday, September 18, 2002 4:01 AM To: thin@xxxxxxxxxxxxxxx; thin@xxxxxxxxxxxxx Subject: [THIN] Tough one! A short description of my problem: I have a relatively small LAN with approx 50 users, i have divided the LAN into two, and seperated them with a firewall (security issues). The firewall is a plain Linux firewall with masquerading, and IPv4 Ip_forward. (the firewall acts on behalf of all the clients, as if all clients on the inside had one "outside" ip address") My problem occurs when one of the clients goes idle for about 10-15 minutes: The client get a message indicating that the Terminal server has ended the connection The console on the server still indicates that the client is idle, but the truth is that it has been disconnected for some reason. If i log on the user again, the session which still is indicating an idle session, remains untouched -and a new active session is created. (this also result in a lot of cpu usage, if the user log on and on and on and on, as a result of the disconnect.) Then to the really annoying part of this issue: Both the domain administrator and the local administrator (of the terminal server), can stay idle for 2 days without getting disconnected. I have tried to make a domain user a member of the domain admin/local terminalserver admin group, but with no luck. The normal user (with administrator priveliges) still gets disconnected. Then to the REALLY annoying part of this issue: If i move the client to the other side of the firewall, everything works fine. I assumed it to be a firewall problem until i figured out that the domain admin and the local admin (of the terminal server), dont have a problem. Summary: Inside of the firewall: Domain admin works fine Local admin of the terminal server works fine Domain user does not work fine Domain user with administrator priveliges does not work fine outside of the firewall: Everything works fine. Anyone know how to fix this problem? A possible solution could perhaps be to keep the session from turning idle, but i havent figured out a way to do this. If the user works continuously, he/she will not experience any problems. The problems occur after beeing idle for about 10 - 15 minutes. Best Regards, Med Vennlig Hilsen, Kenneth Grande Driftsjef aspIT as / WAN Telemark P.B 33 3840 Seljord Tlf: +47 97 59 15 48 Epost: kenneth.grande@xxxxxxxx Epost: kg@xxxxxxxxxxxxxxx WEB: www.aspit.no WEB: www.telemark.wan.no - --- Importer gjerne min PGP Key for sikker utveksling av informasjon. - --- ********************************************** This weeks sponsor Jetro Platforms Jetro Platforms Ltd. is an enterprise software developer, bringing a new era in server-based computing, secured internet access, and disaster recovery. We make IT Easy! http://www.jp-inc.com/ *********************************************** For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link. http://thethin.net/citrixlist.cfm ********************************************** This weeks sponsor Jetro Platforms Jetro Platforms Ltd. is an enterprise software developer, bringing a new era in server-based computing, secured internet access, and disaster recovery. We make IT Easy! http://www.jp-inc.com/ *********************************************** For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link. http://thethin.net/citrixlist.cfm -----BEGIN PGP SIGNATURE----- Version: PGP 7.1 iQA/AwUBPYig6vl56xfvzmMfEQLEYQCg6rXQ+coFNsEuTJ0cLI5xUcCwW2cAnjCX Z7kdPLmgkYhyxaHz6DGtXPxj =wwnR -----END PGP SIGNATURE----- ********************************************** This weeks sponsor Jetro Platforms Jetro Platforms Ltd. is an enterprise software developer, bringing a new era in server-based computing, secured internet access, and disaster recovery. We make IT Easy! http://www.jp-inc.com/ *********************************************** For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link. http://thethin.net/citrixlist.cfm