Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
RichUK
Participant

SSL VPN Native Apps Disconnections

Hi all,

We use the SNX SSL VPN portal with Native Apps for our 3rd party support to access servers they support. Since the upgrade to R81.10 back in November, we are constantly having reports of the RDP session disconnecting. I have spent many hours trying to reproduce the issue, but every time I connected to the same server as someone with disconnection issues my RDP session was stable, until today.

Remote viewing via Teams, I could see a 3rd party being disconnected every 20 / 30 seconds. I asked him to load task manager and to resize the RDP session so I could keep an eye on task manager. After 5 minutes it hadn't disconnected, so I asked him to maximum the RDP to full screen and within 20 seconds the connected had dropped.

I can now reproduce the disconnection on my own equipment by running RDP in full screen. Something I didn't do before as I was always running Wireshark, etc.

After the connection drops in full screen, there is a error in the Application event log.

event.log.jpg

I also get the following error in cshell.elg on the client

16/02/2022 14:33:45 CONFIG [TunnelChecker] (TunnelChecker$DisconnectChecker run) Existed tunnel is valid. Internal Activities: 0.
16/02/2022 14:33:50 CONFIG [TunnelChecker] (TunnelChecker$DisconnectChecker run) Existed tunnel is valid. Internal Activities: 0.
16/02/2022 14:33:55 CONFIG [TunnelChecker] (TunnelChecker$DisconnectChecker run) Existed tunnel is valid. Internal Activities: 0.
16/02/2022 14:34:00 CONFIG [TunnelChecker] (TunnelChecker$DisconnectChecker run) Existed tunnel is valid. Internal Activities: 0.
16/02/2022 14:34:05 CONFIG [TunnelChecker] (TunnelChecker$DisconnectChecker run) Existed tunnel is valid. Internal Activities: 0.
16/02/2022 14:34:10 CONFIG [TunnelChecker] (TunnelChecker$DisconnectChecker run) Existed tunnel is valid. Internal Activities: 0.
16/02/2022 14:34:15 INFO [TunnelChecker] (TunnelChecker$DisconnectChecker run) Reached tunnel connection timeout. Disconnecting...
16/02/2022 14:34:15 INFO [global] (Log log) [Director] Disconnecting the component.
16/02/2022 14:34:15 INFO [global] (Log log) [Messaging] Sending DISCONNECT message
16/02/2022 14:34:15 SEVERE [CpComponent] (CpComponent run) Failed to get response from SNX.
java.net.SocketException: Socket closed
at java.base/sun.nio.ch.NioSocketImpl.endRead(NioSocketImpl.java:248)
at java.base/sun.nio.ch.NioSocketImpl.implRead(NioSocketImpl.java:327)
at java.base/sun.nio.ch.NioSocketImpl.read(NioSocketImpl.java:350)
at java.base/sun.nio.ch.NioSocketImpl$1.read(NioSocketImpl.java:803)
at java.base/java.net.Socket$SocketInputStream.read(Socket.java:981)
at java.base/java.io.BufferedInputStream.fill(BufferedInputStream.java:244)
at java.base/java.io.BufferedInputStream.read(BufferedInputStream.java:263)
at java.base/java.io.DataInputStream.readUnsignedByte(DataInputStream.java:292)
at PaddedReader.readInt(PaddedReader.java:52)
at PipeMessage.readMessage(PipeMessage.java:44)
at CpComponent.run(CpComponent.java:208)
at java.base/java.lang.Thread.run(Thread.java:832)

16/02/2022 14:34:15 INFO [TunnelChecker] (TunnelChecker$StopChecker run) Disconnect checker process has been stopped.
16/02/2022 14:34:21 INFO [CShellHTTPHandler] (CShellHTTPHandler proceedHandleRequest) Method name: Uninitialize
16/02/2022 14:34:21 WARNING [TunnelChecker] (TunnelChecker disconnectTunnel) Can't disconnect tunnel, client director is not defined.
16/02/2022 14:34:21 WARNING [TunnelChecker] (TunnelChecker stop) Can't stop disconnect checker, processed handle is not defined.

 

STALog.txt

17896 16752][16 Feb 14:35:21][apijack] apijack_GetProcAddress: Check for notify procaddr
[ 17896 16752][16 Feb 14:35:21][apijack] apijack_GetProcAddress: return address: 352bafd0
[ 17896 16752][16 Feb 14:35:21][apijack] apijack_GetProcAddress: Called - new ver
[ 17896 16752][16 Feb 14:35:21][apijack] apijack_GetProcAddress: modname=C:\WINDOWS\SYSTEM32\ntdll.dll, pszProcName=34869ce8
[ 17896 16752][16 Feb 14:35:21][apijack] apijack_GetProcAddress: Load by name NtQueryWnfStateData
[ 17896 16752][16 Feb 14:35:21][apijack] apijack_GetProcAddress: Go get hook
[ 17896 16752][16 Feb 14:35:21][apijack] apijack_GetProcAddress: Check for notify procaddr
[ 17896 16752][16 Feb 14:35:21][apijack] apijack_GetProcAddress: return address: 35306470
[ 17896 16752][16 Feb 14:35:21][sta] DLLMain: started !!!
[ 17896 16752][16 Feb 14:35:21][sta] DllMain has been called during process termination
[ 8892 7688][16 Feb 14:35:21][sta] WaitForStaProcess: process ended
[ 8892 7688][16 Feb 14:35:21][STAPipeClient] PipeClient::DoPipeQuery: Entered. msgID==2
[ 8892 7688][16 Feb 14:35:21][STAPipeClient] PipeClient::FillRequest: Entered
[ 8892 7688][16 Feb 14:35:21][STAPipeClient] Request structure:
[2],[len=4]:

[ 8892 7688][16 Feb 14:35:21][STAPipeClient] Initial answer structure:
[3],[len=8]:

[ 8892 7688][16 Feb 14:35:21][STAPipeClient] WriteFile failed (cbWritten==0). rqstMsg.msgData:[2]
[ 8892 7688][16 Feb 14:35:21][STAPipeClient] PipeClient::PipeServerCommunicationFailure: Entered
[ 8892 7688][16 Feb 14:35:21][STAPipeClient] PipeClient::RconnectPipeClient: Entered
[ 8892 7688][16 Feb 14:35:21][STAPipeClient] PipeClient::DestroyPipeClient: Entered
[ 8892 7688][16 Feb 14:35:21][STAPipeClient] PipeClient::DestroyPipeClient: hPipe == INVALID_HANDLE_VALUE
[ 8892 7688][16 Feb 14:35:21][STAPipeClient] PipeClient::CreatePipeClient: Entered
[ 8892 7688][16 Feb 14:35:21][STAPipeClient] PipeClient::CreatePipeClient: Could not open pipe: The system cannot find the file specified.
[ 8892 12808][16 Feb 14:35:21][apijack] apijack_fini_process_cxt: finalized process context
[ 8892 12808][16 Feb 14:35:21][sta] DLLMain: started !!!
[ 8892 12808][16 Feb 14:35:21][sta] DllMain has been called by using FreeLibrary

 

Thanks

Rich

0 Kudos
(1)
3 Replies
PhoneBoy
Admin
Admin

Have you opened a TAC case?

0 Kudos
RichUK
Participant

Yes, they have pointed me towards sk173765 and are going to sort out a hotfix.

The workaround is to either use Internet Explorer 11, which is not possible as some of our suppliers are already using Windows 11, or to change the behaviour of the website to not allow multiple portal browser tabs. 

0 Kudos
Alexander_Konon
Participant

Hello. I'm also have the same problem.

R81 without updates. This problem persist in any browsers except IE.

Installing take 65 doesn't solve.

My SR 6-0003271671.