Teams and other connectivity issues on Windows Monitoring Points
search cancel

Teams and other connectivity issues on Windows Monitoring Points

book

Article ID: 377171

calendar_today

Updated On:

Products

AppNeta

Issue/Introduction

Observing very different behaviour from two Monitoring Points (MPs).  

Single-ended paths to Teams are working on MacOS MPs, but not Windows MPs even though Teams is pingable from all of them. The same issue is seen on paths to ServiceNow.

For example, two MPs are in the same rack and connected to the same network, yet they exhibit this issue (MacOS can reach Teams and other services, Windows cannot)

Doing testing to some secondary validation paths to like 1.1.1.1 or 8.8.8.8, as an alternative to testing just against Teams,  the first MP shows a successful connection while the second is showing connection lost.  Both are running the same Appneta software release.

Environment

Appneta Monitoring Points

Cause

In this particular instance, the issue was traced to an outside (CyberSecurity software) source affecting the network behaviour of the Windows systems 

Resolution

While you may find that while Ping is successful, the Delivery Path shows failure. Note that the Ping tests are from a Windows command prompt, whereas the AppNeta N10 path packets are from the application level.   The Windows firewall may see the path packets as an application, and because it isn't aware of that application, it blocks the traffic. It's common to see ping work and the path fail when the Windows firewall (workstation) blocks the traffic in these circumstances.  

Even though in this instance, the issue was traced to CyberSecurity software, this isn't uncommon in some POCs that require Windows Installations, and due to a Windows Firewall/Windows Defender or whatever workstation security tool that may be in use. 
 
The difference in behaviour may be due to not running the same endpoint security on the Windows Server environment as seen from the first MP, so causing different outcomes.  Check also if the MPs have different network connections, one on WIFI for example, while the other being connected via Ethernet, so again this may be treated differently.
 
Rather than disable any endpoint security to validate the connectivity, however we would recommend going one step further and ensuring that the appropriate AppNeta application Whitelisting to allow single-ended traffic is correctly enabled on the system.
Powered by Wolken Software