I have a strange issue and hope someone can help me finding the cause.
- 2 companys (let’s say Company A and Company B) with seperate IT-infrastructures.
- Each one has its own network, own active directory, etc.
- Company A is hosting a RDS terminalserver environment with a specific business application.
- Company B needs to get access to this application on the terminalservers.
- Between Company A and Company B there is a site-to-site VPN.
- We created a active directory domain trust between them.
- The VPN traffic is filtered with a firewall …
- … We only allow the domain controllers from Company A and from Company B to talk to each other in both directions with this ports:
tcp-udp/389, tcp-udp/464, tcp-udp/88, tcp-udp/53, tcp/135, tcp/3268, tcp/3269, tcp/445, tcp/49152-65535, tcp/636, tcp/139, udp/123.
- … The client-network from Company B is allowed to access the terminalervers from Company A with tcp/3389.
- … Any other communication is blocked by firewalls at both companys.
Company B clients can login onto the terminalservers from Company A with their own domain user accounts from Company B. They can open and use the business application, too. So far so good.
The issue is, that the application is really slow and freezing permanently.
When I login from Company B client onto the terminalservers with a domain user account from Company A, then it seems like there are no problems. The application is not freezing. I tried to figure out, what the cause of this problem is, but I don’t get it. It seems like the problem only occur with users from the Company B active directory domain. Maybe some problem with the trust?
I tried to figure out, what the application is doing exactly when it freezes or responses slow. I looked into TcpView from Sysinternals and I can see, that “lsass.exe” processes are getting added into the list one after the other in the moment, when the application freezes. Maybe this could be a hint? But I don’t know, how I could further troubleshoot this problem.
Go to Source