MS Directaccess 2016 - VMWare NLB Multicast Cluster - Potential Replay Attack RRS feed

  • Question

  • Current Setup

    2 x MS Directaccess 2016 VMWare VM's running on CISCO UCS Blade infrastructure, operating in HA mode NLB Cluster utilising multicast

    Current VSwitch set to

    Promiscuous mode: Reject

    Mac Address Changes: Accept

    Forged Transmits: Accept

    Notify Switches: Yes


    I am looking to transition a bunch of users from 2012 > 2016, we have the same setup in our 2012 environment above, albeit it's on HP hardware utilizing DL380 G8's and is working fine for many years.

    I've built out new 2016 servers on new hardware utilizing Cisco UCS blade infrastructure, and whilst DA is working fine and traffic is routing in/out properly i am seeing Network security messages stating a network security component is under a replay attack intermittently which results in dropped connections.

    Please do not suggest moving to always on vpn that's not the answer i'm looking for.

    I've tried everything to troubleshoot, but i just cannot seem to figure out what's causing it, we don't have these issues on the old HP servers.

    Anyone come across this and have any suggestions please?

    We are also utilizing Cisco AMP endpoints for AV protection
    <svg class="SnapLinksHighlighter" xmlns=""><rect height="0" width="0"></rect> </svg>
    • Edited by gsm_2013 Tuesday, August 13, 2019 8:30 PM addition of cisco amp
    Tuesday, August 13, 2019 8:14 PM