Cisco Firepower update takes out Microsoft RDP connection, Giving 0x609 error

A few days ago cisco released a firepower update that has crippled RDP from users on the cisco anyconnect vpn.

This just started happening very recently, but my organization uses RDP to access an application server from outside through VPN.  Just starting recently (first I noticed was late last night) I cannot connect to ANY of my servers via RDP anymore using the standard Microsoft RDP clients that are preinstalled on Windows 10 or the RD Client on Android.  If I open a console to one of the servers running Server 2012, I *can* connect to the application server without a problem (the application server is currently running 2008r2).

the error is:

To fix this error as a work around:

disabled these 4 rules on the Intrusion Policy of the Firepower :

50189 <-> ENABLED <-> CONTENT-REPLACE Microsoft Windows require RDP client channel list prior to encryption (content-replace.rules) * 1:

50188 <-> ENABLED <-> CONTENT-REPLACE Microsoft Windows require RDP client channel list prior to encryption (content-replace.rules) * 1:

50187 <-> ENABLED <-> CONTENT-REPLACE Microsoft Windows require RDP client channel list prior to encryption (content-replace.rules) * 1:

50186 <-> ENABLED <-> CONTENT-REPLACE Microsoft Windows require RDP client channel list prior to encryption (content-replace.rules)

and now it should work again.

Was this article helpful?

Related Articles

Leave A Comment?

You must be logged in to post a comment.