SDA having issues syncing over Meraki VPN with AMP Protection on

I have had this issue at a couple of companies that use Meraki MX devices for their WAN.  When the Meraki AMP protection settings are enabled, the KACE SDA cannot sync with the remote appliances.  The SDA shows Error = 10. Naturally I don't want to start disabling security features just to get this to work.  Has anyone had this issue and been able to get the SDA to sync without disabling protections on the MX security appliance?  

0 Comments   [ + ] Show comments

Answers (3)

Answer Summary:
Posted by: RandomITdude24 1 month ago
2nd Degree Black Belt

Top Answer

I would say take a look at this article that I posted some time ago. Don't know if it might be helpful.

  • That did it. After whitelisting event 128:1 on the Meraki Threat Protection, the SDA and RSA can sync. - JordanNolan 1 month ago
Posted by: Nico_K 2 months ago
Red Belt

as usual: if you block the communication, systems cannot communicate.
You you need to decide: do you want to use the communication or do you want them to not communicate.
Review this article about the needed ports: https://support.quest.com/kb/129799
(most of them are between SDA (or RSA) and the clients, but esp. Port 22 and 8108 are needed between the SDA and the RSA)

  • Nobody should every have to decide to disable an entire component of their security because one device is having an issue. We need the setup to block viruses and malware.

    We SSH between devices over the WAN and connect to various ports all the time. We are trying to find out why the SDA is the only item we have that seems to have an issue. - JordanNolan 2 months ago
    • I agree, that you should not diable "security devices" (which think for the users), but the error 10 is an ssh error code, which shows that there are a few options are not given (port closed as the usual one, but also wrong configured DPI is possible) - Nico_K 2 months ago
Posted by: Channeler 2 months ago
Red Belt

Error 10 means the it is not able to contact the Rsync server.

I think it was "Connection refused" the string associated with it.

You might want to go to Settings > Appliance Logs > Download all logs.
Untar the tarball file, and check the /kbox/remote/  folder, there is a Sync_Error_XX  log file there, where XX is your RSA's ID (look at the URL when you are at the RSA's Detail page from the SDA).
That log is filled by RSync over SSH routine, it might give you more data.

Don't be a Stranger!

Sign up today to participate, stay informed, earn points and establish a reputation for yourself!

Sign up! or login


This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ