Users accessing Windows servers using RDP via ZTNA.

ZTNA connectors in same region as the Windows servers.

Users reporting periodic disconnects on the RDP session to some servers in the same subnet, more pronounced in the evenings.

When the disconnects happen, it is difficult to re-establish a connection and often have to wait until following morning.

Firewalls exist between the ZTNA connector and WIndows servers.

Windows Servers.

RDP application.

Network switch/bottleneck issue between ZTNA connector and Windows servers.

Issue with physical switch in path between firewall and RDP server, where packet drop count was extremely high under load.

Ran tcpdump on the ZTNA connector (filtering traffic to RDP server IP address) at the time of the issue and could clearly see that there's an issue downstream from the connector - from the PCAP, the TCP SYN requests that start the TCP connection never get an ACK response from the RDP server at 10.1.1.1, and continue re-trying until a timeout.

This same connector is accessing many other RDP servers (e.g 10.10.10.10) without any issues.

Looking at the network path to this remote server/network and tracking firewall logs to this destination showed connections in a syn_sent state i.e. confirming that no response came back from the RDP server.

The ZTNA connector debug logs showed a lot of connectivity and IO errors for the problematic RDP servers on the same subnet.