Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

MIcrosoft Store and "Could not associate packet to any connection"

I seem to be experiencing some problems downloading certain programs from the Microsoft Store. In trying to diagnose the problem, I have (temporarily) created a rule that allows all traffic with no web mailware or content scanning, no IPS, no web policy and no application control. Even with everything turned off, I am still unable to download.

I don't anything in any of the logs other than the Firewall log, where I see a number of connections to destination port 443 being blocked by Rule 0 and the message "Could not associate packet to any connection". These start showing up shortly after I attempt to start the download in Microsoft Store. I looked up the destination addresses and there does seem to be some connection to the downloading problem - the blocked connections are to destinations such as a69-192-108-133.deploy.static.akamaitechnologies.com while others are resolved by ns2-201.azure-dns.net.

I have reviewed many posts regarding the same error message and I believe I understand what the error message is supposed to be doing - i.e. the firewall is receiving packets for a non-existent connection or a connection that has timed-out. I understand further that the time-out setting is by default 3 hours and have confirmed that is the case with my setup (following the instructions here). It therefore seems odd that I would see these error messages shortly after initiating the download, as it seems to be more than a coincidence. I've also noticed somewhat similar posts here, here and here, but with no apparent solution.

If anyone has any thoughts on the issue or possible workarounds, they would be most appreciated. 



This thread was automatically locked due to age.
Parents
  • Most likely this message is not related to any issues. If somebody (client or Server) drops the connection, they properly send multiple "Please kill this session" packets. 

    XG will take the first packet and kill the session, each other packet after this session closing will be logged as "Could not associate packet to any connection".

    So the issue could be caused by multiple instances. Maybe your client has some issues with the download? Hence he drops the download and the server / client sends multiple packets afterwards. 

    Does it work without XG in the stream? 

    __________________________________________________________________________________________________________________

Reply
  • Most likely this message is not related to any issues. If somebody (client or Server) drops the connection, they properly send multiple "Please kill this session" packets. 

    XG will take the first packet and kill the session, each other packet after this session closing will be logged as "Could not associate packet to any connection".

    So the issue could be caused by multiple instances. Maybe your client has some issues with the download? Hence he drops the download and the server / client sends multiple packets afterwards. 

    Does it work without XG in the stream? 

    __________________________________________________________________________________________________________________

Children
  • Silly me. I should have tried that when I was diagnosing things. I hooked up the PC to bypass XG altogether. Everything downloaded just fine without errors. To me, that seems to suggest XG is blocking things, but I'm not quite sure how or why, or if the "Could not associate packet" errors in the log are necessarily symptomatic of the problem. All I know is that they are the only things in the all of the logs that show up when I encounter this issue, so they do seem to be related. It would seem to be rather improbable that these error messages only seem to arise when I initiate a download in the Microsoft Store but of course happy to be corrected if that is a misinterpretation on my part. It would however be nice to figure out the root cause of this issue though.

  • Same here.  It's preventing some Corel software installers from working; the sites they're trying to access are Microsoft-hosted.  If I put in a temporary firewall rule that allows my PC to bypass all filtering, it works fine.  Leave it to the normal rules with HTTP scanning and web filtering involed and I get 'Could not associate packet to any connection' right away and the downloaders fail.

    I believe this is similar to the issues that XG can cause with streaming services like Netflix. It's not possible - nor exactly desirable - to make a full-on filtering exception for every possible site that downloads in this way.  Is there a smarter solution, Sophos gurus?

  • You may be experiencing something slightly different than what I am experiencing. Even when I put in a firewall rule that basically has everything shut off, the downloads still don't work.