Hi,
I´m using TMG (SP2+RU4) for VPN connections for about 2 years now.
Since a few months i see random SSTP-connection drops from all clients, which are not really reproducible.
I didn´t have any drops the first year using SSTP and i still don´t know what could be the reason.
Here are the facts that i could gather so far:
- I only get a drop if there is a constant high workload (= high bandwith traffic) on the specific VPN connection like a CIFS transfer or FTP download
- The same clients don´t have the problem with PPTP or L2TP
- I have no entries in the event log on the client or TMG
- Before it happens i get in the TMG log:
<External Client IP> to Destination IP <127.0.0.1> Port 6601 HTTPS -> Allowed connection
| Allowed Connection | 16.04.2014 15:54:55 |
|---|---|
| Log type:Web Proxy (Reverse) | |
| Status: 0 The operation completed successfully. | |
| Rule:[System] SSTP Publishing | |
| Source:External (x.x.x.x:49691) | |
| Destination:Local Host (FQDN 127.0.0.1:6601) | |
| Request: SSTP_DUPLEX_POST http://127.0.0.1:6601/sra_{BA195980-CD49-458b-9E23-C84EE0ADCD75}/ | |
| Filter information:Req ID: 2c448be2 | |
| Protocol: https | |
User: anonymous
| |
EDIT: At exactly the same time i get:
<VPN-Client IP> to <VPN-Client IP> Port 0 WAN Miniport (SSTP) -> Closed VPN Connection
| Closed VPN Connection | 17.04.2014 12:06:06 |
|---|---|
| Log type:Firewall service | |
| Status: The operation completed successfully. | |
| Source:VPN Clients (10.0.0.53) | |
| Destination:VPN Clients (10.0.0.53) | |
| Protocol: WAN Miniport (SSTP) | |
| User: <username> | |
| |
And one second later:
<External Client IP> to <external Interface TMG> Port 443 HTTPS -> Closed Connection
| Closed Connection | 16.04.2014 15:54:55 |
|---|---|
| Log type:Firewall service | |
| Status: A connection was abortively closed after one of the peers sent an RST packet. | |
| Source:External (x.x.x.x:49691) | |
| Destination:Local Host (x.x.x.x:443) | |
| Protocol: HTTPS | |
| |
I would appreciate any help - i have invested countless hours and i am not getting anywhere.
There seem to be a few others who seem to have similar problems: http://social.technet.microsoft.com/Forums/forefront/en-US/1b1df83b-74bf-4d23-aae2-0e30f32badcf/sstp-connection-is-dropping-on-some-clients?forum=Forefrontedgegeneral
Thanks,
Werner