The response from Limelight Support. We sent a Wireshark capture to them.
Reviewing the packet capture provided and the failure, it appears as though during the transfer your client is sending multiple ACK sequences. Based on this we see it is a sequence of 4. However no SIN, ACK to these, which keeps repeating until a RST. This causes a new DNS lookup and an attempt to upload again. Additionally would you be able to review/provide us any firewall rules you currently have in place and confirm there are no filters in place for our IP ranges (included below). We do look forward to hearing from you.
I checked my settings in "Security Zones/ Security Zone 'Public' "
I have only 1 IP range filtered and it's not any of the 25 or so they sent.
Is there any other location in the settings that might have any effect on this? I'd like to determine if this is on my end or theirs.
I found this info from Wireshark (Riverbed) Can this be the issue?
If my 3120 is blocking something in this manner how can I verify if my 3120 firewall is set to block in this fashion?
Question was from a fellow that was not getting a SYN-ACK:
I see three possible reasons:
- you don't see the server response (SYN-ACK( due to a known "problem" of your capture setup
- there is a SYN-ACK, but the server is dual homed (multiple interfaces in the same subnet) and it sends the response out a different interface.
- there is no SYN-ACK, which means the RDP server did not answer the SYN. That's something you can only diagnose with the help of microsoft.
Personally I believe it's option #2, although this is just a wild guess: I've seen that happen from time to time, because people give their servers several interfaces for "redundancy" reasons and then they simply assign an IP address from the same subnet (Windows does not prevent that)! This usually works on a local network without security devices (firewall, loadbalancers, etc.), but it can cause problems if those devices are in place.
In your case, the firewall might well block the SYN-ACK, if it's coming from a different MAC address than the SYN was sent to (windows sends the SYN-ACK out the other interface). This depends on the firewall type and on the firewall configuration.