A small number of our users (20 of 500+) have to use an old remote access site for a partner, they log in using IE and then click a link to their remote session. The link uses an RDP ActiveX control that starts the Windows RDP session, the connection starts then reports a failure:
Because of a protocol error at the client (0x1104) this session will be disconnected
If we suspend LMI AV the session gets created successfully and connects OK. I've tried disabling different components in the AV policy (Firewall / Traffic Scan etc) and setting anti-malware to lowest option but it still blocks the RDP control from connecting.
Is there any way to check the logs on one of the effected devices to see exactly which component of LMI AV is stopping the traffic? If so, where exactly are the logs, I found a few different logs but can't see anything useful
I disabled Silent Mode and checked the console immediately after the session fails but theres nothing displayed in there as being blocked. The partner currently has no newer connection options either so we're stuck with IE and the Active X control for the time being and the only workaround is to disable / suspend LMI AV which then leaves them open to other issues