Hi everyone, first post here. I am up against a really frustrating problem I can’t seem to resolve. Users connected via Watchguard SSLVPN are experiencing frequent disconnects and freezing of their Remote Desktop Connection.
Fixes already tried:
1 - Disabling Persistent Bitmap Caching in RDP settings.
2 - Making sure power settings are not set to sleep or allow device to turn itself off to save power; checked this on HDDs and NICs.
3 - Dropping colors quality in RDP settings.
4 - Detect Connection Quality Automatically is set.
5 - Lowering MTU on firewall from 1500 to 1300.
6 - Changing data protocol from TCP to UDP.
7 - Sacrifices for the Dark Lord.
Also, I can guarantee that the users are not on the same version of RDP as we still have a few W7 boxes mingled in with W10.
Any help is appreciated.
I reverted the MTU and TCP/UDP changes after no success.
LOL…I was tackling this exact same problem lately. Though you do not explicitly state the VPN client is disconnecting or the RDP session. In my case, the RDP sessions were freezing and disconnecting with great frequency. After beating the crap out of my WatchGuard I moved on to the PCs.
Sure as shit - each PC saw the igfxcuiservice crashing the exact same time as the freeze/disconnect. The igfxcuiservice more specifically is the Intel Graphics Common User Interface Service 2.0.0.0. There was not a specific behavior on the user end - however, we could replicate this 100% of the time by launching any sort of video…even something like an animated splashscreen. Since these PCs only had onboard graphics we purchased a new PC with an add-in Nvidia. To go even further, I disabled the onboard graphics in the BIOS.
Guess what…no more freezing/disconnects. I *really* hope this helps anyone chasing these sorts of issues as I pulled out what little gray hair I had left on my head on this one.
I should also note this client has been on the sslvpn to rdp configuration for years now only until recently did we see this issue. No programming changes on firewall.
WG SSL VPN sometimes disconnects due to the timeout but doesnt alert the user. Are they actually still connected?
We had this same problem with some of our users. Have the users try 1803 rdp (mstsc file). Once users switched to the older version of remote desktop, the freezing and disconnects stopped with Watchguard.
We had a similar issue and resolved it by switching to AES-GCM (128-bit) encryption (from 256) and switching the Data channel to UDP 443.
Some still drop/freeze on occasion, but that ends up being due to crappy internet or spotty wifi at home for the most part.
If there where no changes on the Firewall it is very unlikely that the Firewall is the cause.
I have had some RDP Issues caused by a bad mstsc.exe Version. Moving back to an old one fixed it, regardless of the Firewall Manufacturer that was involved.
If the Firewall is under an active support contract, i would open a ticket at Watchguard - just to be sure.
btw: You know that you can run tcpdump with Watchguards System Manager and write that into a pcap File to analyze that File with Wireshark later?
By chance did you ever get this sorted? I have a similar issue and I’m racking my brain on it. 
Great questions! Full disclosure this is a law firm that is 60/40 remote to on site and getting the users off of the computers is very difficult especially with these issues, but it is something I will try. I checked the logs on the firewall and there didn’t seem to be a rhyme or reason to it.
No RDS, physical machines.
Thank you for the suggestions.
Yes they stay connected that was my first thought too.
Looked around couldn’t find anywhere to download this. Do you have a link?
No I didn’t think to try that. I’ll check that next. Thanks!
