Hi All, Hope you all are doing great. I am facing some issues in working with terminal service agent. I will have a small intro on what I am trying to do. As of now, I am in the testing phase for implementing TSA in our environment. For this I am using a server for testing. I installed TSA in thatbserver and called the same in a firewall and the communication is established and seems like the user mapping is working fine. Issue I face is that-
1)When a user consumes more ports than the initial port size, he/she gets assigned with a new port block, which is not released even when the user doesn't use it. Sometimes it stays there even when the user logged out.
2)When a user is logged into the server where I have installed the TSA, he/she is facing some lag in the browser from that server. For example: If I am logged into that server and trying to access some GUI through browser it either shows error page saying "The site cannot be reached" or it will load an incomplete page/an incorrect layout. This is intermittent. Please help me in this. Thank you all in advance. Regards
I do feel bad that you are having issues with the TSA.
If you increased the port count from 200 to 500, per user, does this resolve the issue.
I do not have the experience to explain why the TSA does not release the ports; that is something you would need phone support for.
As for the 2nd issue, where the browsing is slow. I am not sure of the TSA agent (which is only gathering port ranges) has anything to do with slowing down the session. Like is similar to stating the the DHCP service on your computer makes pings time out. I do not see a connection with it.
If you are getting "Page cannot be displayed", you would need to start to look at logs on the FW to determine if the traffic was seen and passing through the FW.
I know this is probably not what you wanted to hear, yet further network troubleshooting is needed.
What TSA version do you have installed?
But in general, this issue with the not released portranges sound like - as proposed by @SteveCantwell - you should call paloalto support.
With the connection problems: how many users are connected to your server? If you don't see the connections on your firewall, are there may be no available ports? Or do you have userbased policies and for some reason there is a problem with port allocation, so the firewall does not see a username?
First of all thanks a lot for finding time to reply for my query. As you said, my issues with TSA have been resolved once I increased the port count. Browsing issue which I faced was because of the port depletion. For the port release I have configure TWS & FreePortBlockDelay from the registry. As of now everything is running fine.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!