Meraki and PDQ
PDQ Inventory and Deploy clients will not connect to the enterprise server when I update the firmware on my Meraki MX appliance to a version newer than 14.53
More details:
We have our PDQ Enterprise server running on a Hyper-V based Windows 2019 VM. Our entire network is connected with Meraki switches and security appliances using autoVPN technology. I am running 16.15 firmware on all my MX appliances in each physical office with the exception of where the PDQ Enterprise server is.
When I update the MX250 appliance in that site PDQ clients will not connect to the enterprise server when they are on a subnet in a different office. PDQ clients in the same office will connect as expected.
Any other Meraki and PDQ users out there that have seen this issue and have a solution.
Comments
Did you ever find a solution to this? I keep having to roll back my meraki firmware in order to get this to work. Every time (for at least 6 months now and different meraki firmware versions) the MX updates, this breaks.
I have not and this continues to be a problem for me.
Yuck. Thanks. I will let you know if I learn anything. I have had at least two calls with Meraki on this and have not made any progress.
Another symptom seems to be RDP across that Site-to-Site. Eventually it will establish, but the first few times a try any given server, RDP fails. After a few tries, it will work, and then continue to work for that particular server going forward. It's one of the strangest things I've seen.
Updating the firmware on of an MX64W that is a Spoke doesn't seem to be a problem. It's when I update the MX84 that's acting as the HUB when I run into problems.
I have a ticket open with Meraki support open. I fi learn something i will share back as well
So, as of now (fingers crossed), I think I found the culprit. The past few times I've updated the MX Firmware and things broke, I rolled back the next night to get things back to a normal state. I can't really be in a situation where I may not be able to remote in to my servers. This time, I left it to give myself a little more time to play.
This time, with more time, I also found that my ConnectWise ScreenConnect server (remote control for end-user PCs, etc.) was borked as well. Normal HTTPS coms were fine, but the minute I try to establish a connection with a client, things went downhill. On a whim, I checked out the Network-wide>Event Log in the Dashboard. I say on a whim because I've done this looking for traces of the PDQ issue in the past and nothing has been there. I've run network traces, calls with Meraki, etc. and never see anything other that the fact that sh** gets dropped. Anyhow, not the case for this scenario. I had an event tied to my ScreenConnect server as event type "NBAR Blocked" with classification "Statistical Peer-to-Peer" and Layer 7 firewall rule "Deny"
I gave it shot. removed the Peer-to-Peer Layer 7 Firewall (in my case, the rule was Peer-to-Peer>All Peer-to-Peer) rule and BAM, everything is back to normal. ScreenConnect, PDQ, RDP, etc.
I don't know why. This was a rule that was already there, obviously. Somehow, with the newer firmware versions (Anything newer than 14.53. I've tried at least 4 different ones), this rule is classifying some of these things as Peer-to-Peer and blocking.
I will reach out to Meraki and update them on my findings as well. Just thought I would share what I've see in case it can help you as well.
licensing, Thank you for sharing your findings. I can confirm on my network as well that when I removed the Layer 7 P2P blocking PDQ began working as expected.
Great. Glad to hear it worked for you as well.