Hello,
I have a small, newly set up network consisting of three Windows 10 Build 1607 desktops, all up to date, a 2016 Essentials server and a Windows 10 Build 1607 laptop and desktop on the other end of a OpenVPN tunnel. The remote laptop and desktop are successfully joined to the domain and mapping drives no problem. I've been pushing GPOs out to all the machines and everything seems to work, up to the point where I enabled remote desktop and began to test with it. The OpenVPN tunnel should not be an issue, as the remote desktop session to the Server 2016 Essentials machine from the remote machine is rock solid stable, even when the network is under heavy use. My problem lies with making and maintaining remote desktop sessions to each of the three Windows 10 machines in the office from the remote Windows 10 machines. All three office machines exhibit the same issue.
Here is a scenario:
You are already pinging the remote machine you want to control with RDP, and you are getting responses back as expected. You can make a connection just fine, but whether using the session or leaving it idle, you can watch the pings going to the machine randomly drop as if the NIC on the remote machine has been reset. The RDP session is interrupted, then a few seconds later reconnected. It has done this thousands of times during my troubleshooting session on all three office machines. You can see that the session is not being starved for bandwidth. The first event in the RDPCoreTS logs that happens right at the time of the connection drop is almost always a slew "TCP socket WRITE operation failed, error 64." and "TCP socket READ operation failed, error 64" followed by "The server has terminated main RDP connection with the client." Then another error-level event comes up: "'Failed CreateVirtualChannel call on this Connections Stack' in CUMRDPConnection::CreateVirtualChannel at 2349 err=[0x80004005]" followed by number disconnect events, and then: "Disconnect trace:CUMRDPConnection Disconnect trace:'calling spGfxPlugin->PreDisconnect()' in CUMRDPConnection::PreDisconnect at 4477 err=[0x0], Error code:0x0." The last event you see in this grouping is: "The disconnect reason is 14." Upon automatically reconnecting, you see: "The network characteristics detection function has been disabled because of Reason Code: 2(Server Configuration).." Then the connection is restored, only to drop in anything from a few seconds up to a few minutes later.
So, in recap (TL:DR):
RDP from the remote machines to the 2016 Essentials Server through the VPN tunnel:Rock Solid Stable
RDP from the remote machines to the office machines through the VPN tunnel:
Constant drops and numerous logged events.
RDP from 2016 Essentials Server to office machines on LAN only:
Rock Solid Stable
RDP from the office machines to the remote machines through the VPN tunnel: Constant drops and numerous logged events.
ALL network traffic ceases to and from the host machine when the drop happens, including ICMP traffic (pings).
ALL of the Windows 10 machines can ping each other without issue and without any drops when not using RDP.
What this tells me is that the issue lies in some configuration issue either with a GPO setting or something inbuilt wrong with all of the Windows 10 1607 machines I have.
I have tried a variety of fixes, and have probably put 20 hours into researching a solution to this problem so I am prepared for this to be difficult to fix. My google powers have failed me.
Okay here goes what I have tried:
Disabling firewall on both ends of the connection:
no change.
Removing DHCP reservations: no change.
Adding every scope I could think of to the routing/firewall rules: no change.
Trying to move RSA crypto keys as suggested in another post: no change.
Changing the physical NIC in the office machines to a add-in PCI-e one: no change.
Re-installing all suspect machines: no change.
GPO settings I have tried both ON and OFF:
-Allow users to connect remotely by using Remote Desktop Services: Enabled
-Configure compression for RemoteFX data: Optimized to use less network bandwidth (tried balanced too)
-Require use of specific security layer for remote (RDP) connections: Enabled, SSL
-Require user authentication for remote connections by using Network Level Authentication: Enabled
-Set time limit for disconnected sessions: Enabled, Never
-Set time limit for active but idle Remote Desktop Services sessions: Enabled, Never
-Set time limit for active Remote Desktop Services sessions: Enabled, Never
-Windows Firewall: Allow inbound file and printer sharing exception: Enabled
-Windows Firewall: Allow ICMP exceptions: Enabled, Allow inbound echo request
-Windows Firewall: Allow inbound Remote Desktop exceptions: Enabled, 10.0.20.0/24,10.0.25.0/24
I have also generated a Wireshark packet capture from both ends of the connection during the RDP drop, but I don't want to share them publicly. I will share them with you privately if asked, though. I am not a professional packet inspector,
so I couldn't gleam much from it. I can also provide a dump of the event log on the main PC I have been troubleshooting, if needed.
Any insight or suggestions you can give me would be very much appreciated. This issue is has really been trying my patience.
Thank you!