• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 614
  • Last Modified:

Server 2003, ISA, Surf Control & RDP

The network has 7 server 2003 Enterprise boxes on it.  The IP set is 10.0.xx.xx.  Matthew runs ISA and Surf Control.  Last Wednesday, everything worked fine.  This morning, Surf Control is down (down meaning it is not blocking any traffic based on the rules we've written) and we cannot RDP from Matthew to any other server on the network.  The error at RDP attempt is:

Because of a protocol error detected at the client (code 0x1104), this session will be disconnected.

We were on the phone with Surf Control and they say it's an ISA issue.  When we go to Services and turn off the Microsoft Firewall, everything works fine so we feel sure it's an ISA issue as well.  However, so far as the three network admins are concerned, the network has been static.  No IMAC's within the last two weeks.

Network logs are silent.  Googleing the above error message reveals only a FEW similar problems and none relating to my problem.

Anyone have any thoughts on this?

Thanks

Cliff
0
crp0499
Asked:
crp0499
  • 7
  • 5
1 Solution
 
Keith AlabasterEnterprise ArchitectCommented:
Forget the IMAC's; just a backside covering exercise....

Are all these servers on the internal network?
Check your rule for rdp and make sure 'local host' is in the rule set.
Anyone changed the System Policy?

I'm assuming this is ISA2004 or 2006?
Open the GUI.
select monitoring - logging - click on start query
Try and make the rdp connection from Matthew. What do you see in the log?
0
 
crp0499CEOAuthor Commented:
ISA 2004

All on Internal...same IP set.

Local host and internal is in rule.

Will check on system policy.

Can initiate and receive RDP from all other servers.

0
 
Keith AlabasterEnterprise ArchitectCommented:
PS, Any changes in policy? Is the remote desktop option selected on the servers?
run netstat on another server and make sure 3389 is listening.

Can you connect using rdp from one server to another?

The default protocol for rdp is tcp 3389 outbound. Anyone fooled with the protocol?
Is there a new rule above the one you are using that is dealing with the rdp traffic first, a block/deny?
0
Increase Security & Decrease Risk with NSPM Tools

Analyst firm, Enterprise Management Associates (EMA) reveals significant benefits to enterprises when using Network Security Policy Management (NSPM) solutions, while organizations without, experienced issues including non standard security policies and failed cloud migrations

 
Keith AlabasterEnterprise ArchitectCommented:
sorry. overtyped you :)
0
 
Keith AlabasterEnterprise ArchitectCommented:
If we can check the logging then. Will be interested to see if a particular rule reports the block or whether it returns a faild connection
0
 
crp0499CEOAuthor Commented:
can RDP from all other servers to other servers.  Only Matthew giving us grief.  Also, can RDP OUT from Matthew, just not IN to Matthew.

No policy changes.

Will run Netstat and see what's listening.  We haven't changed listening port.
0
 
crp0499CEOAuthor Commented:

PS:  we queried rule and it opened port and then closed it.  No error reported.
0
 
crp0499CEOAuthor Commented:
Sorry...we can't RDP OUT or IN from Matthew.  All other servers can access each other from each other.  Problem is specific to Matthew.
0
 
Keith AlabasterEnterprise ArchitectCommented:
Did you see return traffic though from the server you called the connection to or was it one way only?

If the traffic left then the rule per se is working. If the traffic did not come back in then this is a different area to identify. (still the ISA but a different approach).
0
 
Keith AlabasterEnterprise ArchitectCommented:
Also, if you rdp in from another server to Matthew, do you not see anything in the log then?
0
 
crp0499CEOAuthor Commented:
We went thru ISA one rule at a time and disabled each one.  Rules 14, a rule for our AVg updates, was the problem.
0
 
Keith AlabasterEnterprise ArchitectCommented:
Thanks

Regards
Keith
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Protect Your Employees from Wi-Fi Threats

As Wi-Fi growth and popularity continues to climb, not everyone understands the risks that come with connecting to public Wi-Fi or even offering Wi-Fi to employees, visitors and guests. Download the resource kit to make sure your safe wherever business takes you!

  • 7
  • 5
Tackle projects and never again get stuck behind a technical roadblock.
Join Now