Jump to content
Steel PC

Direct Access dropping constantly

Recommended Posts

Hello,

We have been running a Direct Access server for a couple years without problems. We switch to Kaspersky Endpoint Select a few months ago and since then Direct Access users can barely access local ressources. The connexion to the Direct Access is OK and I see the clients but they cannot use rdp (or it connects then stops), printers ("unable to print, an error occured during print")...

EDIT : Clients are on latest Windows 10, Direct Access server on Windows 2016 Server, Kaspersky Endpoint Select 11.0.1.90

I tried to :

  • disable Kaspersky AV
  • disable scan port 443
  • add %SystemRoot%/system32/svchost.exe to trusted application and check do not scan trafic

Any help will be appreciated. I would like to stick with direct access :)

Edited by Steel PC

Share this post


Link to post

If I deactivate KES it still doesn't work. If I uninstall KES and reboot everything works, no more drops ...

Share this post


Link to post

Having just been burned on 1000 machines by this i can also confirm that DirectAccess does not work with the latest versions of KES 10 SP2MR3 10.3.3.275 or KES 11.0.1.90.

Disabling all components make no difference (and makes you think Kaspersky isn't the problem) however as noted above uninstall removes the issue and DirectAccess starts working again.

Re-installing KES 10 SP2MR2 10.3.0.6294 or KES 11.0.0.6499 also does not affect DirectAccess and this is the workaround we're using now,  (NOTE - you cannot upgrade from KES10 SP2MR3 to KES 11.0.0.6499 to fix this, the fault is left in places, only remval and reinstall fixes)

Therefore there is clearly a code change introduced to both KES10 and KES11 in the latest patch.

This can be traced via the Windows Firewall dropping the outbound TCP traffic destined for the IPSec tunnel

image.png.926312bc81ab194c5a34e0deed547220.png

Windows Event Viewer showing the outbound block

image.png.470e8aadbb4ed2b081233d062debde42.png

Search in wfpstate.xml for the corresponding Filter ID

image.png.6ba311e6516b347e801aa090d881ad67.png

 

Additionally it is notable that Web threat is randomly blocking legitimate websites as malicious

image.thumb.png.25d5c76b76be4526752cde18ea48dd8f.png

 

We'll wait for the next MR/SP release before trying DirectAccess again, but as mentioned above this is clealry new code introduced so please raise with developers

(partially this post is for people searching for answers/workaround)

Share this post


Link to post

Thanks for this input ! I decided to move to OpenVPN since Microsoft is moving away from Direct Access. I had to do some .bat script with windows scheduler to get the same behavior (launch and connect automatically, pain in the butt to get the system tray working properly) but it works quite well :)

Share this post


Link to post

Is there a fix for this?  It has just taken out our Finance Department's ability to operate.  

Share this post


Link to post
6 часов назад, smakb сказал:

Is there a fix for this?  It has just taken out our Finance Department's ability to operate.  

Hello!

Please describe your problem exactly.

Thanks!

Share this post


Link to post
Am 29.1.2019 um 11:41 schrieb Ivan.Ponomarev:

Hello!

Please describe your problem exactly.

Thanks!

Hello dear KAx-Guys

The Problem still exist with KES 11.0.1.90 and also with Win10 (1607)!
What are you do, to get the Problem under control with your Software-Product?
When can we expect a Solution?

We think, the Problem was exatcly enough described above!
Its your turn, to Find and FIx the Bug's under the Hood.

Please resolve Asap, otherwise your Product is unusable for our Mobile-Workers.

Thank you very much.

 

Share this post


Link to post

Hello!

We ask eberyone fr the detailed description and versions because the issue may be the same but the circumstances may differ. 

Please provide the full GSI report with eventlogs from the affected machine. 

Thanks!

Share this post


Link to post

Hi all!

Today fix this problem by upgrading KES to version 11.1

After upgrade all working fine!

Share this post


Link to post

Thank you for the update ! It is still difficult to understand that this type of bug is not being taken care of rapidly... 

Share this post


Link to post

×
×
  • Create New...

Important Information

We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.