Hi all,
We use the SNX SSL VPN portal with Native Apps for our 3rd party support to access servers they support. Since the upgrade to R81.10 back in November, we are constantly having reports of the RDP session disconnecting. I have spent many hours trying to reproduce the issue, but every time I connected to the same server as someone with disconnection issues my RDP session was stable, until today.
Remote viewing via Teams, I could see a 3rd party being disconnected every 20 / 30 seconds. I asked him to load task manager and to resize the RDP session so I could keep an eye on task manager. After 5 minutes it hadn't disconnected, so I asked him to maximum the RDP to full screen and within 20 seconds the connected had dropped.
I can now reproduce the disconnection on my own equipment by running RDP in full screen. Something I didn't do before as I was always running Wireshark, etc.
After the connection drops in full screen, there is a error in the Application event log.
I also get the following error in cshell.elg on the client
16/02/2022 14:33:45 CONFIG [TunnelChecker] (TunnelChecker$DisconnectChecker run) Existed tunnel is valid. Internal Activities: 0.
16/02/2022 14:33:50 CONFIG [TunnelChecker] (TunnelChecker$DisconnectChecker run) Existed tunnel is valid. Internal Activities: 0.
16/02/2022 14:33:55 CONFIG [TunnelChecker] (TunnelChecker$DisconnectChecker run) Existed tunnel is valid. Internal Activities: 0.
16/02/2022 14:34:00 CONFIG [TunnelChecker] (TunnelChecker$DisconnectChecker run) Existed tunnel is valid. Internal Activities: 0.
16/02/2022 14:34:05 CONFIG [TunnelChecker] (TunnelChecker$DisconnectChecker run) Existed tunnel is valid. Internal Activities: 0.
16/02/2022 14:34:10 CONFIG [TunnelChecker] (TunnelChecker$DisconnectChecker run) Existed tunnel is valid. Internal Activities: 0.
16/02/2022 14:34:15 INFO [TunnelChecker] (TunnelChecker$DisconnectChecker run) Reached tunnel connection timeout. Disconnecting...
16/02/2022 14:34:15 INFO [global] (Log log) [Director] Disconnecting the component.
16/02/2022 14:34:15 INFO [global] (Log log) [Messaging] Sending DISCONNECT message
16/02/2022 14:34:15 SEVERE [CpComponent] (CpComponent run) Failed to get response from SNX.
java.net.SocketException: Socket closed
at java.base/sun.nio.ch.NioSocketImpl.endRead(NioSocketImpl.java:248)
at java.base/sun.nio.ch.NioSocketImpl.implRead(NioSocketImpl.java:327)
at java.base/sun.nio.ch.NioSocketImpl.read(NioSocketImpl.java:350)
at java.base/sun.nio.ch.NioSocketImpl$1.read(NioSocketImpl.java:803)
at java.base/java.net.Socket$SocketInputStream.read(Socket.java:981)
at java.base/java.io.BufferedInputStream.fill(BufferedInputStream.java:244)
at java.base/java.io.BufferedInputStream.read(BufferedInputStream.java:263)
at java.base/java.io.DataInputStream.readUnsignedByte(DataInputStream.java:292)
at PaddedReader.readInt(PaddedReader.java:52)
at PipeMessage.readMessage(PipeMessage.java:44)
at CpComponent.run(CpComponent.java:208)
at java.base/java.lang.Thread.run(Thread.java:832)
16/02/2022 14:34:15 INFO [TunnelChecker] (TunnelChecker$StopChecker run) Disconnect checker process has been stopped.
16/02/2022 14:34:21 INFO [CShellHTTPHandler] (CShellHTTPHandler proceedHandleRequest) Method name: Uninitialize
16/02/2022 14:34:21 WARNING [TunnelChecker] (TunnelChecker disconnectTunnel) Can't disconnect tunnel, client director is not defined.
16/02/2022 14:34:21 WARNING [TunnelChecker] (TunnelChecker stop) Can't stop disconnect checker, processed handle is not defined.
STALog.txt
17896 16752][16 Feb 14:35:21][apijack] apijack_GetProcAddress: Check for notify procaddr
[ 17896 16752][16 Feb 14:35:21][apijack] apijack_GetProcAddress: return address: 352bafd0
[ 17896 16752][16 Feb 14:35:21][apijack] apijack_GetProcAddress: Called - new ver
[ 17896 16752][16 Feb 14:35:21][apijack] apijack_GetProcAddress: modname=C:\WINDOWS\SYSTEM32\ntdll.dll, pszProcName=34869ce8
[ 17896 16752][16 Feb 14:35:21][apijack] apijack_GetProcAddress: Load by name NtQueryWnfStateData
[ 17896 16752][16 Feb 14:35:21][apijack] apijack_GetProcAddress: Go get hook
[ 17896 16752][16 Feb 14:35:21][apijack] apijack_GetProcAddress: Check for notify procaddr
[ 17896 16752][16 Feb 14:35:21][apijack] apijack_GetProcAddress: return address: 35306470
[ 17896 16752][16 Feb 14:35:21][sta] DLLMain: started !!!
[ 17896 16752][16 Feb 14:35:21][sta] DllMain has been called during process termination
[ 8892 7688][16 Feb 14:35:21][sta] WaitForStaProcess: process ended
[ 8892 7688][16 Feb 14:35:21][STAPipeClient] PipeClient::DoPipeQuery: Entered. msgID==2
[ 8892 7688][16 Feb 14:35:21][STAPipeClient] PipeClient::FillRequest: Entered
[ 8892 7688][16 Feb 14:35:21][STAPipeClient] Request structure:
[2],[len=4]:
[ 8892 7688][16 Feb 14:35:21][STAPipeClient] Initial answer structure:
[3],[len=8]:
[ 8892 7688][16 Feb 14:35:21][STAPipeClient] WriteFile failed (cbWritten==0). rqstMsg.msgData:[2]
[ 8892 7688][16 Feb 14:35:21][STAPipeClient] PipeClient::PipeServerCommunicationFailure: Entered
[ 8892 7688][16 Feb 14:35:21][STAPipeClient] PipeClient::RconnectPipeClient: Entered
[ 8892 7688][16 Feb 14:35:21][STAPipeClient] PipeClient::DestroyPipeClient: Entered
[ 8892 7688][16 Feb 14:35:21][STAPipeClient] PipeClient::DestroyPipeClient: hPipe == INVALID_HANDLE_VALUE
[ 8892 7688][16 Feb 14:35:21][STAPipeClient] PipeClient::CreatePipeClient: Entered
[ 8892 7688][16 Feb 14:35:21][STAPipeClient] PipeClient::CreatePipeClient: Could not open pipe: The system cannot find the file specified.
[ 8892 12808][16 Feb 14:35:21][apijack] apijack_fini_process_cxt: finalized process context
[ 8892 12808][16 Feb 14:35:21][sta] DLLMain: started !!!
[ 8892 12808][16 Feb 14:35:21][sta] DllMain has been called by using FreeLibrary
Thanks
Rich