Solved: Clientless RDP problem

allen.stocks · ‎05-16-2012

I have a Cisco ASA 5510 running 8.4.3 code with the latest RDP plugin installed. The RDP links in the clientless portal have been working fine until recently. Now the RDP session will start and show the Windows login screen, but, after logging in, the session crashes and you are immediately redirected back to the ASA's portal home page. RDP works fine when using the Windows client and connected via Anyconnect. This only happens when using IE with ActiveX. Java still works fine. This problem seems to have started after the Microsoft May patches were released, but I am running 8.4.3 so the kill bits issue should not be a problem.

Vishnu Sharma · ‎05-16-2012

Hi Allen,

If I am not wrong, the only application that has been affected because of the Microsoft update is RDP. It is because of the Microsoft Security update KB 2695962. For more information please visit:

http://technet.microsoft.com/en-us/security/advisory/2695962

The resolution to this can be found:

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120314-asaclient.

Though this link provide a workaround but I have not seen that working.

There are two options to make it to work:

1. Either uninstall the specified security update

or

2. Upgrade the code to 8.4(3.8) (Note: this is not available on cisco.com) but you can upgrade the ASA to 8.4(3.9) Interim which is available on cisco.com.

I am not sure if you shared the exact version of the code that you are running on your ASA however if you are running

asa843-k8.bin then also you will have to follow the above mentioned steps.

Please try to launch RDP after trying these two steps and let me know if this helps.

Thanks,

Vishnu Sharma

View solution in original post

Vishnu Sharma · ‎05-16-2012

Hi Allen,

If I am not wrong, the only application that has been affected because of the Microsoft update is RDP. It is because of the Microsoft Security update KB 2695962. For more information please visit:

http://technet.microsoft.com/en-us/security/advisory/2695962

The resolution to this can be found:

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120314-asaclient.

Though this link provide a workaround but I have not seen that working.

There are two options to make it to work:

1. Either uninstall the specified security update

or

2. Upgrade the code to 8.4(3.8) (Note: this is not available on cisco.com) but you can upgrade the ASA to 8.4(3.9) Interim which is available on cisco.com.

I am not sure if you shared the exact version of the code that you are running on your ASA however if you are running

asa843-k8.bin then also you will have to follow the above mentioned steps.

Please try to launch RDP after trying these two steps and let me know if this helps.

Thanks,

Vishnu Sharma

allen.stocks · ‎05-17-2012

Your exactly right! I misread the version chart associated with the KB2695962 fix. I did not realize that the last number of the code version was the interim release. I was using ASA843-k8.bin. I downloaded and applied the ASA843-9-k8.bin file and everything is working fine now. I did notice that even with the ASA843-K8 file the Cisco Port Forwarder ActiveX control version never change from the previous versions. This made me suspect something was wrong. Now I know. Thanks!

Adrian Lawson · ‎05-17-2012

I experienced this problem too running ASA843-K8 and but I didn't have the Windows Update applied. In my scenario I was just in the process of setting up and testing the clientless vpn and intermittently the RDP session would crash and return me to the portal home page. Sometimes it would happen before I got the windows desktop, sometimes you would get the desktop and then when you clicked on the start menu or started IE the session would crash. Other times you'd just get the loading bar across the top of the portal screen and you'd never get the Windows login screen. Installing the recommended code seems to have fixed it. Thank you