How to Troubleshoot Terminal Server Agent Problems
53762
Created On 09/25/18 17:52 PM - Last Modified 06/07/23 20:34 PM
Resolution
Issue
Terminal Servers can be difficult to troubleshoot on a per user basis, because many users are using the same IP address. A filter can be setup based on a IP address, but this still does not provide a single user's information.
Reference the following link for more information:How to Run a Packet Capture
To filter effectively, look for the source port ranges that are assigned on a per-user basis.
Resolution
- Check the user's source port allocation range in the terminal services agent. Use this data for the 'src port range' value in the filter.
- Shown below, a Wireshark filter can also be used to view a specific user's traffic in a packet capture for debugging purposes:
tcp.dstport >= begin src port range and tcp.dstport <= end src port range or tcp.srcport >= begin src port range and tcp.srcport <= end src port range
Note: Values that are underlined need to be replaced with the numbers collected in the first bullet. - Make sure that the user identification is enabled on the zone that is to be monitored. This means that if user-identification feature is enabled, both the User-ID Agent and TS Agent feature will be enabled.
- Use the following CLI command to verify terminal server agent status:
> show user ts-agent statistics
- Use the following CLI command to verify user to port mapping:
> show user ip-port-user-mapping all
User IP-Address Vsys Port-Range
----------------------------------------------------------------------------
test1 10.1.200.1 vsys1 20000-20500
test2 10.1.200.1 vsys1 20500-21000
21500-22000
test3 10.1.200.1 vsys1 21000-21500
- The Terminal Server Agent maintains a log file which is very useful for troubleshooting. The log file can be viewed by going to File > Show Logs. To enable detailed information on the User-ID Agent operation, go to File > Debug and select Verbose. The logs will now display more detailed messages.
owner: kattaullah