Windows remote assistance is not working after migrating to Meraki MX

Solved
Satheesh91
Conversationalist

Windows remote assistance is not working after migrating to Meraki MX

We have three sites migrated to Meraki MX in Mesh.

Everything working well apart from Windows remote assistance application.

Client from Meraki env is not able to access non Meraki client sites & Vice versa.

It was working before migrating to MX, they had only MPLS link only.

Now we have MPLS + Internet link at the site and not able to access the application

We did live packet capture as well and found the Client from the Meraki ENV is sending Reset Packet and tearing the down the communicaton after few tcp transmission.

BR

Satheesh

1 Accepted Solution
SoCalRacer
Kind of a big deal

Doc showing Remote Assistance uses port 3389

https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-xp/bb456978(v=technet.10)

 

Assuming this is correct, even with all the correct setup to allow 3389 and or forward ports, you may still run into issues with Intrustion Prevention. Check the security event log 

https://documentation.meraki.com/MX/Monitoring_and_Reporting/Security_Center

 

If you see Microsoft Windows Terminal server RDP over non-standard port attempt

then Intrustion Prevention is causing the issue and you will need to adjust . I believe balanced ruleset is the option, but you may have to move mode to detection also. YMMV

 

These options may come with security risks and in that case the recommended action is to be connected to a VPN (Client or Site-to-Site) to use 3389 or use a different solution as 3389(RDP) is pretty vulnerable.

 

View solution in original post

2 Replies 2
SoCalRacer
Kind of a big deal

Doc showing Remote Assistance uses port 3389

https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-xp/bb456978(v=technet.10)

 

Assuming this is correct, even with all the correct setup to allow 3389 and or forward ports, you may still run into issues with Intrustion Prevention. Check the security event log 

https://documentation.meraki.com/MX/Monitoring_and_Reporting/Security_Center

 

If you see Microsoft Windows Terminal server RDP over non-standard port attempt

then Intrustion Prevention is causing the issue and you will need to adjust . I believe balanced ruleset is the option, but you may have to move mode to detection also. YMMV

 

These options may come with security risks and in that case the recommended action is to be connected to a VPN (Client or Site-to-Site) to use 3389 or use a different solution as 3389(RDP) is pretty vulnerable.

 

Satheesh91
Conversationalist

Thanks for your reply.

We fixed the issue by whitelisting tis snort rule over rdp over non standard ports.

WRA uses dynamic ports 49000 to 49999. IDs kept onblocking the packets.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels