Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

windows Server 2022 TLS Handshakes Randomly Fail with Close_Notify

Epicovello75
New here
2 weeks ago
2 weeks ago

windows Server 2022 TLS Handshakes Randomly Fail with Close_Notify

Client has been running Server 2016 behind Miraki for some period now, recently new server was deployed with Windows 2022 Serever.

Server 2016 and Server 2022 are Identical in software running.  They both host a WEB Site for users to log into their ERP system.

Withing the EPR system the servers make a secure call to  avatax.avalara.net  

this is followed by TLS 1.2 Handshake, 

Client Hello Packet  (sent from Client avatax server)

Server Hello in response to start negotiating .   sent from avatax server back to client)

Works 100% of the time when it comes from the server 2016.  Fails 75% of the time when initiated from server 2022.

Picture below PCAP from failures first, followed but a normal TLS handshake.  

Also like to note I have a second windows 2022 Server , same connection but behind a non miraki firewall that make ths TLS handshake 100%

 

 

Bad Connection

Epicovello75_1-1713877837339.png

 

Good Connection below

Epicovello75_2-1713877906132.png

 

 

 

 

 

0 Kudos
Subscribe
5 Replies 5
RaphaelL
Kind of a big deal
Kind of a big deal
2 weeks ago
2 weeks ago

From the "Bad Connection" screenshot , what is the TTL of the "ACK" and the "Close Notify" ? Are they identical ?

0 Kudos
Subscribe
Epicovello75
New here
2 weeks ago
2 weeks ago

ACK Packet TTL 246

Epicovello75_0-1713880355847.png

 

Close_notify also 246

Epicovello75_1-1713880405905.png

 

 

0 Kudos
Subscribe
In response to Epicovello75
RaphaelL
Kind of a big deal
Kind of a big deal
2 weeks ago
2 weeks ago

At first glance , the remote server did sent both these packets ( they were not sent by the MX firewall ).

 

What MX model and what version are you running ?

And you did confirm that if you bypass the MX , you don't have those issues ?

0 Kudos
Subscribe
PhilipDAth
Kind of a big deal
Kind of a big deal
a week ago
a week ago

The Meraki security systems only ever send a TCP RST or drops the packet.  They never inject into a TLS stream.

Have you got any other security software on either machine?

 

Subscribe
Epicovello75
New here
a week ago
a week ago

Thanks all for the responses,  I have had Miraki Support look at the connection and they do not see any issues also with traffic going/coming for these connections.

As Raphaell suggested going to setup a temp GW and bypass just to see if issues persists. 

No other Security Software running at this time either.  

Lastly just going to also spin up new vanilla server 2022 VM guest and run similar testing to see if the issues exists in new enviroment.

 

 

0 Kudos
Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.