Thursday, September 2, 2021

ISP or Microsoft Teams Issue? | RST Packet Seen but from different TTL Value | TLSV Handshake Failure?

Hi All,

Ran into an issue where we desk phones connecting to Microsoft teams failed to authenticate. We did several troubleshooting and comparisons to narrow down the issue. Key point below. 

 -> We see that client is able to complete the TCP handshake  -> Client able to send a "Client Hello" with TLS version 1.2 however no response from server and so it falls to TLSv1 record table.   -> From the Microsoft team document both client and server should agree on TLS1.2 min.   -> We are seeing RST packets from different shops  

From the picture depicted below. (Wireshark Capture on WAN router).

a.   RST was triggered from closer to our CE. about 3 hops away.  b.   RST was triggered from closer to Microsoft TTL value of 101 is Microsoft, TTL 100 is still unknown.  The commonality is that the reset packet comes from the public space. 

PCAP: https://ibb.co/Ms96RNz

  1. Based on these captures, Is this actually an ISP or Microsoft issue?

  2. Does the ISP possibly handles Microsoft traffic differently as compared to other public destinations which can is working / can communicate using the latest TLV1.2/.3

  3. Is this something on Microsoft end not allowing the client hello and not participating in TLS handshake? 

  4. What approach in your opinion is best for this issue? should we go ask our ISP to route to a different path ?

Thank you



No comments:

Post a Comment