https://live.paloaltonetworks.com/t5/general-topics/ts-agent-source-port-redirection-blocks-odbc-connection/m-p/68625#M39998 <P>We have a deployment of the TS Agent on 2008 R2 terminalservers. The TS agent works as designed and reassigns source ports. However, one specific segment of one specific application that is based on MS Access fails to connect to an SQL server when the TS agent service is running.The application's vendor says they don't enforce specific source ports.</P> <P>When the segment inside the application is started, in TCPView we see several system tcp sessions on random high ports (60k+) connect to the SQL server. When the agent is active and the call fails, those sessions are using the configured TS agent ports.</P> <P>&nbsp;</P> <P>Has anybody else experienced problems with connecting with ODBC to an SQL server while the TS agent is running?</P> Wed, 25 Nov 2015 13:11:39 GMT CONFORM_Servicedesk 2015-11-25T13:11:39Z https://live.paloaltonetworks.com/t5/general-topics/ts-agent-source-port-redirection-blocks-odbc-connection/m-p/68625#M39998 <P>We have a deployment of the TS Agent on 2008 R2 terminalservers. The TS agent works as designed and reassigns source ports. However, one specific segment of one specific application that is based on MS Access fails to connect to an SQL server when the TS agent service is running.The application's vendor says they don't enforce specific source ports.</P> <P>When the segment inside the application is started, in TCPView we see several system tcp sessions on random high ports (60k+) connect to the SQL server. When the agent is active and the call fails, those sessions are using the configured TS agent ports.</P> <P>&nbsp;</P> <P>Has anybody else experienced problems with connecting with ODBC to an SQL server while the TS agent is running?</P> Wed, 25 Nov 2015 13:11:39 GMT https://live.paloaltonetworks.com/t5/general-topics/ts-agent-source-port-redirection-blocks-odbc-connection/m-p/68625#M39998 CONFORM_Servicedesk 2015-11-25T13:11:39Z https://live.paloaltonetworks.com/t5/general-topics/ts-agent-source-port-redirection-blocks-odbc-connection/m-p/68700#M40023 <P><FONT face="helvetica" size="2"><SPAN>MS access application opens a large number of TCP connections, probably one for each SQL query. </SPAN></FONT><BR /><FONT face="helvetica" size="2"><SPAN>These connections are very short lived, but the OS keeps them in TIME_WAIT state for 240 seconds by default. </SPAN></FONT></P> <P><FONT face="helvetica" size="2">I have seen that these can consume the entire allocated port block.</FONT></P> <P><BR /><FONT face="helvetica" size="2"><SPAN>By default, TS agent does does not allocate an additional port range.</SPAN></FONT></P> <P><BR /><FONT face="helvetica" size="2"><SPAN>This behaviour can be changed with a registry setting HKEY_LOCAL_MACHINE\SOFTWARE\Palo Alto Networks\TS Agent\Conf\EnableTws </SPAN></FONT></P> <P>&nbsp;</P> <P><FONT face="helvetica" size="2"><SPAN>Check out the following DOC : </SPAN><A href="https://live.paloaltonetworks.com/docs/DOC-5345" target="_blank">https://live.paloaltonetworks.com/docs/DOC-5345</A></FONT></P> <P>&nbsp;</P> <P class="p1"><FONT face="helvetica" size="2"><SPAN class="s1">If EnableTws=0, we will not keep the list of ports in TIME_WAIT status, and&nbsp;</SPAN><SPAN class="s1">thus may think that those TIME_WAITed ports are available.</SPAN></FONT></P> <P class="p2">&nbsp;</P> <P class="p1"><FONT face="helvetica" size="2"><SPAN class="s1">To change this default behaviour, just change EnableTws=1, and new block of&nbsp;</SPAN><SPAN class="s1">ports will be assigned to the user.</SPAN></FONT></P> <P class="p1">&nbsp;</P> <P class="p1"><FONT face="helvetica" size="2"><SPAN class="s1">I hope this helps,</SPAN></FONT></P> <P class="p1"><FONT face="helvetica" size="2"><SPAN class="s1">-Kim.</SPAN></FONT></P> Thu, 26 Nov 2015 10:53:26 GMT https://live.paloaltonetworks.com/t5/general-topics/ts-agent-source-port-redirection-blocks-odbc-connection/m-p/68700#M40023 kiwi 2015-11-26T10:53:26Z