How to Troubleshoot Terminal Server Agent Problems

Issue

Terminal Servers can be difficult to troubleshoot on a per user basis, because many users are using the same IP address. A filter can be setup based on a IP address, but this still does not provide a single user's information.

Reference the following link for more information:How to Run a Packet Capture

To filter effectively, look for the source port ranges that are assigned on a per-user basis.

Resolution

• Check the user's source port allocation range in the terminal services agent. Use this data for the 'src port range' value in the filter.
• Shown below, a Wireshark filter can also be used to view a specific user's traffic in a packet capture for debugging purposes:
  tcp.dstport >= begin src port range and tcp.dstport <= end src port range or tcp.srcport >= begin src port range and tcp.srcport <= end src port range
  Note: Values that are underlined need to be replaced with the numbers collected in the first bullet.
• Make sure that the user identification is enabled on the zone that is to be monitored. This means that if user-identification feature is enabled, both the User-ID Agent and TS Agent feature will be enabled.
  
• Use the following CLI command to verify terminal server agent status:
  > show user ts-agent statistics
  
• Use the following CLI command to verify user to port mapping:
  > show user ip-port-user-mapping all

User IP-Address Vsys Port-Range

----------------------------------------------------------------------------

test1 10.1.200.1 vsys1 20000-20500

test2 10.1.200.1 vsys1 20500-21000

21500-22000

test3 10.1.200.1 vsys1 21000-21500

• The Terminal Server Agent maintains a log file which is very useful for troubleshooting. The log file can be viewed by going to File > Show Logs. To enable detailed information on the User-ID Agent operation, go to File > Debug and select Verbose. The logs will now display more detailed messages.
  

owner: kattaullah