RDP gets disconnected randomely

eimantasas · April 3, 2025, 1:07pm

Hi all,

I have an issue with RDP clients in our office. Local office workers pings me from time to time that they are getting disconnected from RDP, and it was never VPN users (we are using L2TP over IPsec). Searched some forums, and went with idea that it`s something to do with defaults of RDP using UDP, so changed to TCP - it seems like it became more stable but still getting shoutouts about dropped connections from RDP. Today went to Firewall → Connections tab to check whats happening there, filtered port :3389 and saw only few connections there, while actually ~20 active users are working with RDP. All missing coonections are again from local subnet, VPN and GRE tunnel connections appeared in the list. Attaching my configuration. Could somebody help? RDP server ip is 192.168.10.201, attaching my configuration

conf.txt (9.6 KB)

aoakeley · April 4, 2025, 5:18am

All missing coonections are again from local subnet
Connections from the local subnet will not appear in here as they are local and not going through the firewall.
They will also be unaffected by any changes you make on the router as they are not going through the firewall.

BartoszP · April 4, 2025, 5:34am

Hi,

What do you mean writing

it was never VPN users (we are using L2TP over IPsec)

There are connections to 192.168.10.201 from 192.168.99.x & 192.168.3.y subnets so you definitely have not local-only 192.168.10.z users.

eimantasas · April 4, 2025, 6:52am

I mean that VPN users were never complaining but local subnet users only

eimantasas · April 4, 2025, 1:01pm

Maybe any ideas how to debug those TCP packet loses to RDP at least?

BartoszP · April 4, 2025, 1:57pm

What RDP’s address local users connect to? Do these connections go via router or directly over LAN to local server?

P.S. No need to quote whole previous post if you answer is consecutive to it. It suggest that your comment is related to the older one.

rplant · April 5, 2025, 9:25am

A couple of thoughts

It is on the local subnet, there should be nothing blocking the traffic between the clients and server.
(zero trust/micro segmentation excepted???)

Also nothing blocking udp rdp traffic except perhaps rdp server settings.

Is there something adjusting or shaping traffic somewhere.

Another option, perhaps the server has a larger mtu on its ethernet interface,
and is trying to send too large udp packets, which get dropped by something.
Likely switches will pass these packets but the client will drop them,
if large packet passes through the Mikrotik’s bridge ports not sure if it would drop them or not.

Tcp will get mss clamped.

eimantasas · April 7, 2025, 7:01am

What RDP’s address local users connect to?

So local subnet is 192.168.10.254/24 and RDP server IP is 192.168.10.201. Physically, traffic firstly goes through the MT switch, then to MT router and then to server (maybe even once again to MT switch before going to server, don`t remember)

Yeah so basically have few allow rules for VLAN, few ports, etc, and then block all (default rule). RDP is reconfigured to use TCP as on UDP it was even worse (at least from feedbacks I got from RDP clients)

Nothing shaping the network, all devices are MT switches and MT router. There are one ubiquiti SW, maybe some LAN clients are connected there, but its basically set on default config and used for few POE APs

MTU - shouldn`t be the case as RDP reconfigured for TCP?