Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
811
Views
0
Helpful
2
Replies

RemoteApps not working after upgrade from 8.0 to 8.4

neil.dyson
Level 1
Level 1

‎11-02-2011 07:09 PM

Hi

I hope someone can shed a little light on a problem that I can't seem to get to the bottom of.

We have a 5510 ASA that was running 8.0 and were using it for clientless VPN access. Through this, we published bookmarks that linked to an internal Microsoft 2008R2 RemoteApps server, which users logged on to and then launched RemoteApps (basically being RDP sessions to apps on the server).

All worked fine until we upgraded to 8.4 over the weekend and we now can't launch the RemoteApps. We can still login through the ASA, still click a bookmark to take us to the RemoteApps server's webpage, still then authenticate against the domain fine and still see the published apps. The problem now is when we launch the apps we get "this computer can't connect to the remote computer" messages and the app fails to launch. Nothing has changed on the RemoteApp server side, only the upgrade to 8.4.

Has anyone had any experience of this happening, or any clues on what to look for? Have verified that DNS lookups internally work fine form the ASA and have tried changing hostnames, IP addresses etc on the RemoteApps server with little success. I'm wondering if there was a new feature or difference between 8.0 and 8.4 that has stopped something passthing through properly.

Thanks in advance

Neil

Labels:
0 Helpful
2 Replies 2

Maykol Rojas
Cisco Employee
Cisco Employee

‎11-02-2011 11:05 PM

Neil,

Basically the ASA will proxy that connection for you and try to connect to the specific resource, can you put a capture on the interface that faces the server using the ports of the given application?

I would like to see if the ASA is trying at least to contact the server.

Mike

Mike
0 Helpful

neil.dyson
Level 1
Level 1
In response to Maykol Rojas

‎11-03-2011 09:28 PM

Hi Mike

Thanks for the reply.

I've tested two bookmarked links on the ASA and looked at the packet capture as each goes through:

1. bookmark rdp://servername - this connects an rdp session fine, using IE on the client and an ActiveX rdp session. I can see 3389 traffic from the internal ASA interface to the internal server (and 443 from ASA outside to the external client).

2. bookmark https://servername/rdweb - this connects to the servers RemoteApps webpage fine, I login, and then try and launch a RemoteApp, which fails. I see no 3389 traffic at all on either side, only 443 traffic.

So I can get an ActiveX RDP session to happen from my client PC, through the ASA and onto the internal server, but only if I do it directly, not if I hop to the server first and launch the RemoteApp (which is basically an RDP session).

Cheers

Neil

0 Helpful
Customers Also Viewed These Support Documents