Administratively Logging into the Terminal Services Agent and Source Port Allocation

Administratively Logging into the Terminal Services Agent and Source Port Allocation

16750
Created On 09/25/18 20:36 PM - Last Modified 06/09/23 03:03 AM


Resolution


Symptoms

There are two settings for source port allocation under Palo Alto Networks TS agent

  1. System Source Port Allocation Range: Displays the port range for system processes that are not associated with individual users. Format is low-high (default 1025-5000).
  2. Source Port Allocation Range: This range of ports will be allocated to the user sessions. This setting controls the source port allocation for processes belonging to remote users (default 20000-39999).

TS-agent-1.PNG

If a port allocation request comes from system services that cannot be identified as a particular user process, the TS agent lets the system allocate the source port from the system port range, excluding system reserved source ports.

 

Issue

If the user establishes a console connection to the server where the TS is installed or does an administrative login via  RDP connection (with a " /admin" switch), that user will be always unknown.

admin-login1.PNG

 

What is happening/explanation

The /admin switch bypasses the Terminal Server software and just hits the built-in RDP functionality that comes with every install of server.

The switch will cause the RDP session to bypass the Terminal Services which are used to run administrative tasks on the TS and thus utilizes "System Source Port Allocation Range"

The Terminal Server maps the ip-address to the source port from the "Source Port Allocation Range" hence the domain user who logs in administratively will always remain unknown.

 

owner: ppatel
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClijCAC&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language