This is the summary for the other post where you have commented buddy and thank you.
If you feel that any step here can be used please go ahead and let me if any of those helps.
**************Problem description**************
we getting strange issue, users randomly disconnected from session for one second and then they reconnect again(using RDP customize file which was create by session collection)
Users who works on new RDS-Farm 2019 (about 10 users) they feel this issue once in hour they get reconnecting for one second, users who still works on old RDS servers 2016 doesn't feel the issue.
RDS-Farm(Server 2019 version) >>> *****Reason code 3489660929*******
1) RDCB+RDLS+RDS WebAccess
2) Session-Host
3) Session-Host
4) Session-Host
5) Session-Host
6) SSL VPN
7) The line speed is 200/200MBps symmetric
8) No sessions flapping
9) No proxy server
10) Connection broker is standalone
11) Any ports open from ssl-vpn network to RDS-farm
12) No session persistance configured >>>(we using roaming profile so there is no need for this configuration)
13) On the site-to-site configuration all computers has the same DNS-Suffix and DNS servers as the RDS-farm domain
**************Troubleshooting steps done**************
-RDP-TCP properties
-Encryption/Authentication settings review(TLS/SSL version supported, certificate used/Certificate attributes and among others)
-Port Allocation used for RDS/NAT port exhaustion at the FW settings review
-Dynamic Port allocation setting review
-SSL VPN is being used can be affected if there is any NAT instance in between the routing path
-Maximum connections/Limit number of connections on Group Policy settings
-Firewalls rules Server/Clients
-MTU mismatch value
-Asymmetric routing
-DNS delay or DNS flapping look up causing Asymmetric routing issues or time outs
-Confirm any network session was stuck due to ProcessID (PID)
-Packet Capture
-Bottleneck network issues(For instance: Traceroute/Tracert and so on)
-VM size upgrade if issue can be for lack for resources
-RD gateway bypass local address setting review(Not used for this)
-Turn Off UDP On Client settings
-Swap listening port On server settings
-VPN session rekey lifetime
-Encryption/encryption policy
-Certificate inspection policy
-Terminal Server fDenyTSConnections >> Setting review
-CVE bulletin >> https://msrc.microsoft.com/update-guide/vulnerability/CVE-2019-1226
-Remote Desktop Session Host Configuration" doesn't exist anymore in newest windows server versions.
-Registry key settings review
-windows firewall is disabled on all session-hosts
**************Resolution/Workaround procedure**************
Pending to perform:
the windows firewall is disabled on all session-hosts
but we will disable port 3389 UDP on external firewall
**************Observed**************
- TCP-OUT-OF order packets observed on the packet capture when session was ongoing or issue replication
If you feel I am missing any details please correct me or do not hesitate to let me know
Have a good one!
Cheers,
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.