RDP session is refused by TMG

We would like to access Azure host(Public) through TMG.

1. Source Subnet is ok;

2. All outbound is enabled.

3. Azure host ip address is correct.

4. Installed TMG client application on laptop.

5. when we try to access the Azure host ip address, the error message is present.

6. Based on above information, i captured netmon trace on Laptop and found the clue. Is there anyone can let us know why this Connection refused by TMG? Thanks. 

16 10:18:39 AM 9/3/2015 8.8922839 mstsc.exe Client TMG TCP TCP:Flags=......S., SrcPort=56750, DstPort=1745, PayloadLen=0, Seq=2367321505, Ack=0, Win=8192 ( Negotiating scale factor 0x8 ) = 8192 {TCP:5, IPv4:4}
17 10:18:39 AM 9/3/2015 8.8933019 mstsc.exe TMG Client TCP TCP:Flags=...A..S., SrcPort=1745, DstPort=56750, PayloadLen=0, Seq=1323644357, Ack=2367321506, Win=8192 ( Negotiated scale factor 0x8 ) = 2097152 {TCP:5, IPv4:4}
18 10:18:39 AM 9/3/2015 8.8935506 mstsc.exe Client TMG TCP TCP:Flags=...A...., SrcPort=56750, DstPort=1745, PayloadLen=0, Seq=2367321506, Ack=1323644358, Win=257 (scale factor 0x8) = 65792 {TCP:5, IPv4:4}
19 10:18:39 AM 9/3/2015 8.9273484 mstsc.exe Client TMG RWS RWS:Channel setup request (TMG compatible) for mstsc.exe as Steven_Song on PRCSGI1497L version 6.1.7601 {RWS:6, TCP:5, IPv4:4}
20 10:18:39 AM 9/3/2015 8.9285267 mstsc.exe TMG Client RWS RWS:Channel setup response to mstsc.exe (TMG compatible), authentication not required; encryption not required {RWS:6, TCP:5, IPv4:4}
21 10:18:39 AM 9/3/2015 8.9297390 mstsc.exe Client TMG RWS RWS: {RWS:6, TCP:5, IPv4:4}
22 10:18:39 AM 9/3/2015 8.9297390 mstsc.exe Client TMG TCP TCP:[Continuation to #21]Flags=...AP..., SrcPort=56750, DstPort=1745, PayloadLen=399, Seq=2367322405 - 2367322804, Ack=1323644639, Win=256 (scale factor 0x8) = 65536 {TCP:5, IPv4:4}
23 10:18:39 AM 9/3/2015 8.9308009 mstsc.exe TMG Client TCP TCP:Flags=...A...., SrcPort=1745, DstPort=56750, PayloadLen=0, Seq=1323644639, Ack=2367322804, Win=257 (scale factor 0x8) = 65792 {TCP:5, IPv4:4}
24 10:18:39 AM 9/3/2015 8.9308854 mstsc.exe Client TMG RWS RWS:0x2 Connect v12 request from mstsc.exe to 40.113.157.119/3389; client will send from 10.158.129.2/56751 {RWS:6, TCP:5, IPv4:4}
25 10:18:39 AM 9/3/2015 8.9320289 mstsc.exe TMG Client RWS RWS:0x2 Error to mstsc.exe for Connect v12(40.113.157.119); (10061); Connection refused {RWS:6, TCP:5, IPv4:4}
27 10:18:39 AM 9/3/2015 9.1370816 mstsc.exe Client TMG TCP TCP:Flags=...A...., SrcPort=56750, DstPort=1745, PayloadLen=0, Seq=2367323085, Ack=1323644920, Win=257 (scale factor 0x8) = 65792 {TCP:5, IPv4:4}

Have a nice day!

Rgds

Steven

September 3rd, 2015 4:48am

Assuming that the TMG is not the default gateway for the client (otherwise the TMG client is not needed).

Without having the complete picture of the rule set and the traffic I can only give you a few pointers:

- Do live logging, see if the issue si between the TMG and the remote IP. E.g. is the connection refused actually from upstream.

- Can the TMG route traffic to the remote host?

- Try the traffic simulator in the TMG console and see what the output is.

Free Windows Admin Tool Kit Click here and download it now
September 3rd, 2015 8:40am

Hi Bro,

At last we found the cause. Our Checkpoint FW did a NAT for our source subnet, that's why TMG blocked the incoming traffic. 

Thanks for your great help!!!

September 4th, 2015 9:30pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics