F5 APM RDP Connectivity issue user logged out spontaneously

Question

Our setup is two F5 APM devices in a HA active/passive config version 11.4.1
We provide remote desktop client connections to microsoft servers with sso.&nbsp;
We had several connection problems in the past and these were resolved by applying latest hotfixes, turn off active scanning for antivirus software and disable debugging. &nbsp;
Still some connectivity issues occur then a user session is broken spontaneously. 
It occurs most of the time whithin 15 minutes &nbsp;
When a single remote desktop client session is being launched, the user is logged out and has to reauthenticate again on the windows platform.&nbsp;
When two remote desktop client sessions are open simultaneously, the users is logged out and has to reauthenticate again on the APM AND on the windows platform.&nbsp;
What is going on here? Some wrong or too strict TCP time-out setting? Is the APM more sensitive to connection loss than for example the older Firepass solution? (We suspect dodgy WIFI network)&nbsp;
regards,
Erik&nbsp;

brad_146558 · Answer

Without seeing any logs or errors my first guess would be are the user's letting their devices go to sleep. This will disconnect APM sessions, second thing I would look at is the time on local machine versus what is on the server.&nbsp;
Are there any errors on the BIG-IP or local machine that you can find and show us?&nbsp;

heskez_36146 · Answer

Hi Brad, thanks for your answer.&nbsp;
Unfortunately I don't have any error messages which point in that direction. Within the apm report says the user session is deleted because of user logout. &nbsp;
The time settings on the local workstation where APM access is started could be an issue? The time settings of the APM and Windows server are the same.&nbsp;

brad_146558 · Answer

I just bring up time because I haven't seen it first hand on APM cause issues but I've seen it cause authentication issues. An example, years ago I had an issue where certain users could occasionally connect to Windows messenger. Weeks later it had to do with Kerberos and the time on the machines versus what was on the servers sigh That was a bad month lol. If the time was more than 5 minutes off the authentication tokens would expire and deny access. Also I wouldn't trust an end user to set a clock =)&nbsp;
My guess is there is something going on with these users computer in regards to connectivity.&nbsp;
Do you have a laptop setup where you could attempt to duplicate the issue? &nbsp;

heskez_36146 · Answer

Hi Brad, the problem is we can't duplicate the problem when we want to. We have laptops but the issue isn't always there so we're depending on user input about these problems. &nbsp;

heskez_36146 · Answer

In progress of this issue we're going to plan an upgrade to version 11.5.1 and see if the problems still occur. &nbsp;

Forum Discussion

F5 APM RDP Connectivity issue user logged out spontaneously

6 Replies

Recent Discussions

Client certificate Authentication - open multiple tabs

google autenticator broken barcode

Chrome V 124+ on MacOS - Virtual Server Access Issue

vulnerabilities (CVE-2020-36363), CVE-2016-0736,CVE-2019-6593-FOR VERSION BIGIP LTM-16.1.4

Port Group on F5OS network setting

Related Content

Log tcp Connections.

Log client to vip connections

After applied ASM Policy to Virtual Server, connections will reset with Internal error in log

ASM logs

ASM LOGS