ASA 8.4.2 -> 8.4.3 upgrade changed inside int behavior

mduling · ‎01-13-2012

I have a working ASA 5520 remote access VPN running 8.4.2. Pretty generic VPN setup I think. I upgraded it to 8.4.3 and the box could not ping anything on it's inside interface. I couldn't ssh to it, and it couldn't see the RADIUS servers on the inside (and I couldn't ping them from the CLI). I could ping the inside interface from a host when put on the same subnet, which I think is normal. I didn't have too much time to troubleshoot so I just backed it down to 8.4.2 and it worked flawlessly again. I didn't see anything in the release notes about this. 8.4.3 doesn't like something about my config.

BERNHARD FABRICIUS · ‎01-18-2012

Our 8.4.2 -> 8.4.3 horror story is slightly different. The box seemed to work OK, but RDP via WebVPN ceased working - the security warning (ActiveX) about printer and clipboard would be presented, but then we would be bounced back to the portal page immediately. The Java RDP didn't work either.

Reverting to 8.4.2 solved the problem for Windows XP, but not for Windows 7! It is like the 8.4.3 software has "poisoned" Internet Explorer (8 and 9) on the machines unfortunate enough to try while the 8.4.3 image was up. They work with Java, but not ActiveX - and thus there is no full screen and a multitude of other problems associated with Cisco's complete lack of maintenance of the plug-ins.

I am at my wits' end. I had a functioning system, but at 8.4.2 plain vanilla: The 8.4.2(8) build was unstable and I wanted a release that solved a number of known security issues. 8.4.3 has ruined my setup and stops a number of telecommuters and external consultants from working - unless they reinstall their workstations.

razvan1979 · ‎01-18-2012

I have the same problem, after upgrade to 8.4.3 the Java RDP plugin stopped working!!! First the page would just close without any message and after i reset IE9 all i got is a freeze image??? Any Ideeas?

TOM FRANCHINA · ‎01-19-2012

We are also having the same problem with RDP using the newest RDP Plugin and ASA 8.4.3. We are able to login... get the Web Menu and type the ip addresses in the RDP inline. We connect to the remote PC.. get a Windows login screen.. then the desktop opens for about 2 seconds... closes and we are back to the main Web Menu.

We will try 8.4.2

TOM FRANCHINA · ‎01-19-2012

Loading ASA 8.4.2 worked !!!!!!!

lafitnessllc · ‎02-06-2012

i also experienced the same thing. i had to downgrade to 8.4.2. However it still didn't fix my browser issue. it seemed to work fine in firefox, but with IE it still kept crashing. iv'e tried uninstalling java,disabling plugins to no avil. I had one user perform a system restore, that fixed the issue, but im not going to call my clients and tell them all to do a system restore because we cant find the right solution. if anyone has more input on this, please let me know.

BERNHARD FABRICIUS · ‎02-06-2012

It has been confirmed by Cisco TAC and a work-around is available.

The problem is that the (non-working!) RDP OCX deployed by 8.4.3 is incompatible with 8.4.2 - one cannot "downgrade" and make IE8 and IE9 work on Windows 7.

What one needs to do is to delete any and all registry keys called, or containing references to, the string

“b8e73359-3422-4384-8d27-4ea1b4c01232”

This will restore the Windows 7 workstations to a state where the OCX can be reinstalled (with trusted sites in the medium-low security zone) and then the RDP will start working again on the downgraded 8.4.2 ASA.

lafitnessllc · ‎02-06-2012

Thanks for the quick response. That worked!

Paul Hunter · ‎02-16-2012

Does anyone know if Cisco is working on fix for RDP OCX issue in 8.4(3)?

BERNHARD FABRICIUS · ‎02-16-2012

ABSOLUTELY! This is a severity-2 bug (second highest) and scores of contract customers have been hit by it. So I would expect a new build VERY soon.

Franziska Corradi · ‎02-23-2012

I seem to have the same problem...anything new here???

Paul Hunter · ‎02-23-2012

I opened a case and have been testing 8.4(3)-4... but it is having issues. On Windows 7 there is an issue with the CAB and the OCX install resulting in a failure to get the new OCX installed and registered. I have tested the OCX file by manually installing and that resolves the RDP connection issue but that is not a practical solution. Cisco has informed me that 8.4(3)-5 is in the works and expected to resolve both the RDP issue and the ActiveX OCX install problem.

Paul Hunter · ‎03-09-2012

Received and installed 8.4(3)-8 and it resolved the issue with the OCX deployment and the RDP issue.

Franziska Corradi · ‎03-12-2012

It's not an official version yet, is it? Let me know how your every day experinence with this new OS is, if you donts mind ;-)

i went back to 8.4.2-8.

Paul Hunter · ‎03-12-2012

the new release 8.4(3)-8 seems to be working well..