communication to non listened port is silently dropped
search cancel

communication to non listened port is silently dropped

book

Article ID: 7121

calendar_today

Updated On:

Products

CA Virtual Privilege Manager CA Privileged Identity Management Endpoint (PIM)

Issue/Introduction

Communication to port that is not listened by any processes is silently dropped on Privileged Identity Manager (PIM) server.

Environment

PIM 12.8 SP1 / Windows 2012 or later

Cause

PIM driver (drveng) uses Windows Filtering Platform (WFP) to intercept network access.
When using WFP, communication to non-listening port is silently dropped by WFP.
On application that communicates to non-listening port and expects the response from it, the application may not work correctly as the response doesn't return due to this behavior.
As this behavior is OS design and cannot be disabled, this is product limitation at this time.

Resolution

A. stop PIM and PIM driver temporary
 
1. stop PIM and PIM driver
 
¥> secons -s
¥> net stop seosdrv
¥> net stop drveng
 
2. communicate to non-listening port by application
 
3. start PIM and PIM driver
 
¥> net start drveng
¥> net start seosdrv
¥> seosd -start
 
B. disable network interception
 
1. stop PIM and PIM driver
 
¥> secons -s
¥> net stop seosdrv
¥> net stop drveng
 
2. add (modify) registry key/value
 
Add "Parameters" key under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\drveng if it doesn't exist
Add "DisableNetworkInterception" as REG_DWORD in Parameters key if it doesn't exist and set 1 to the value
 
3. start PIM and PIM driver
 
¥> net start drveng
¥> net start seosdrv
¥> seosd -start
 

Additional Information

When setting 1 to DisableNetworkInterception, network interception is disabled and network control by HOST/CONNECT/TCP class doesn't work.
Changing application behavior, not to communicate to non-listening port also can be a workaround. In this case, above workaround on PIM is not required.
Powered by Wolken Software