Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Because of an error in data encryption, this session will end. Please try connecting to the remote computer again

Does anybody know if an RDP session over hardware VPN can be affected by the tunnel?

Network diagram is attached

If I try to RDP to a 2008 server on the 30.0 network from ANY (XP, VISTA, 7) client on the 20.0 network, my rdp session terminates with an error (Because of an error in data encryption, this session will end.  Please try connecting to the remote computer again), however if I try to RDP from the same client on the 20.0 network to a 2003 server running on the same ESXi, the problem does not exist.

Also if I poke a hole (TCP 3389) in RV042 and make 2008 server accessible over RDP from outside, I don’t have any problems connecting to the 2008 server even from the laptop that was getting disconnected over hardware VPN.

Any thoughts….

P.S Transferring large files in any direction (over 300Mb) is NOT a problem from any computer on the 20.0 network to a 2008 server on the 30.0 network . (using windows shares \\Server2008\Public)

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: Because of an error in data encryption, this session will en

Hello Eugene,

Were you able to take the capture on the between the router and the modem? How big are the packets that you are receving from the endpoint on .30 network?

Mike

Mike
14 REPLIES
New Member

Re: Because of an error in data encryption, this session will en

Hi eugenebord,

This could be a VPN issue, however, the error that you are getting on the Windows Machine is not related to the VPN tunnel. That is because the RDP session has its own encryption and the tunnel has its own. The encryption of the tunnel is never seen by the Machines because it is between the two routers itself. I suspect this might be an issue with the way packets are being fragmented. To fix this, you can try:

1. Reducing the MTU of the Machines. (Try decrementing to 1475, 1450 etc.)

2. Use 'crypto ipsec fragmentation before-encryption' command on both the routers.

This document is a little unrelated, however, should help you in understanding the dynamics of the packet transport:

Try going through the examples near the end of the document.

New Member

Re: Because of an error in data encryption, this session will en

RV042 & RV082 routers don't have CLI so I don't think I can apply 'crypto ipsec fragmentation before-encryption'

will check MTU of the Machines shortly in the mean time I am attaching a wireshark trace from the client side (recorded on the same laptop while RDP session was initiated)

it disconnected around packet 1973, can anyone conclude anything from the trace or i need to get another one from the server side?

New Member

Re: Because of an error in data encryption, this session will en

according to this thread, the error has something to do with the hardware VPN tunnel

http://social.technet.microsoft.com/Forums/en-US/winservergen/thread/51d005e2-8ac4-4fa8-bbf7-f8c2e3f4dce4?prof=required

Cisco Employee

Re: Because of an error in data encryption, this session will en

Hi Eugene,

What version of the remote access client software are you using in the xp and vista system? If its a 64 bit OS then we need to install client software version that supports 64 bit OS. Here is a link to the latest client software

http://www.cisco.com/cisco/software/release.html?mdfid=281940730&flowid=4466&softwareid=282364316&os=Windows

You could try installing the latest version and check.

Regards,

Srikanth K S.

New Member

Re: Because of an error in data encryption, this session will en

Srikanth K S.,

there is no vpn client. it's a gateway to gateway tunnel.

RV042 is running 1.3.12.6-tm   frimware

RV082 is running 2.0.0.19-tm frimware

Cisco Employee

Re: Because of an error in data encryption, this session will en

Hello Eugene,

Seems that the problem comes down to a MTU size issue. I read the document that you provided and the feature that they activated was some sorft of Packet size control. What is the device that you use for hardware client? Is there any option to increase the MTU size? You can use wireshark to see how large are the packets that you are sending to the HW client and adjust the MTU size on the interface of the HW client.

Hope this helps.

Mike

Mike
New Member

Re: Because of an error in data encryption, this session will en

Mike,

MTU is set to auto on both routers, but can be adjusted. Where do I need to place Wireshark? between WAN port of RV042 router and Cable modem?

New Member

Re: Because of an error in data encryption, this session will en

Hi ,

Have you tried unchecking the option "block fragmented packets" in the router RV042 on the .30 network side ?

Thanks,

Namit

New Member

Re: Because of an error in data encryption, this session will en

Namit,

do you know what screen is "block fragmented packets" located on?

Cisco Employee

Re: Because of an error in data encryption, this session will en

Hello,

Tried to find the option for permitting fragmented packets on internet to help you out (As I think that would be a good option) but I could not find it. Regarding adjusting the MTU to the right value, Yes, wireshark needs to be placed between the modem and the router to check what is the size of the packets when they leave your router and what is the size that it is receiving it.

Hope it helps.

Mike

Mike
New Member

Re: Because of an error in data encryption, this session will en

here is an update on the issue

I attempted to copy a file from a client computer on the 20 network to a share on a 2008 server on the 30 network I had no problems. Next, I grab the same file I just copied to the share and try to bring it back to the client using the same windows copy command. Immediately I am presented with an error.

“An unexpected error is keeping you from copying the file. If you continue to receive this error, you can use the error code to search for help with this problem” Error 0x80900006: Invalid Signature.

While copying files I had wireshark capturing on the client and seeing  hundreds of duplicate ACKs and several lost segments every time I clicked Retry on the error message.

Cisco Employee

Re: Because of an error in data encryption, this session will en

Hello Eugene,

Were you able to take the capture on the between the router and the modem? How big are the packets that you are receving from the endpoint on .30 network?

Mike

Mike
New Member

Re: Because of an error in data encryption, this session will en

Mike,

Think was a fragmentation problem. I changed the MTU of RV042 from Auto to Manual and set it to 1492, which resolved the communication problem

Thank you for your help!

Cisco Employee

Re: Because of an error in data encryption, this session will en

Hi Eugene,

I think that is great! I am glad I was able to help.

Cheers!

Mike

Mike
20595
Views
0
Helpful
14
Replies