Computer networks

Does not let in half of the cases via RDP to the 2008R2 terminal, how to identify the problem?

Terminal 2008R2 on a virtual machine inside ESXi 6.5 on a dedicated server in Hetzner. PfSense serves as a virtual machine router, it has a white IP and port forwarding to the virtual machine. Except for ESXi, the latest updates are everywhere.

Suddenly, the uptime robot began to write messages about the unavailability of the server by port. Then users ceased to start up on RDP. It happens suddenly, without explanation. Just a feeling that the terminal is not available. Time from 6-7 lets, if you quickly make attempts to connect. Subjectively, with RDCman, the chance to connect is much higher than with mstsc. On Remmina, users have not heard anyone complain at all.

• I tried reinstalling pfsense.
  
• Windows logs read. In "Safety" there is not even a hint. And I don't see any events that match in number with server unavailability.
  
• I launched NetworkMonitor with a filter on port 3389, but I still don’t know what to do with it - it collects information.
  
• They definitely didn’t do anything with the hypervisor and no one could get there, it was closed by the firewall of the data center and not such a serious object.
  
• Network interfaces were intel everywhere, changed to vmx3 - nothing worked.
  
• I stopped the services of the RDP Guard program, which bans brute force fans - nothing has changed.
  

I plan to enable ICMP on PfSense, collect winmtr information, then forward ICMP to the VM and winmtr again.


udp1. I made forwarding 3390 on the router to the same place in 3389 on the machine - packets do not disappear there. It turns out that someone clogs 3389 with garbage?