unknown-tcp for Exchange 2016 when decrypted
Showing results for 
Search instead for 
Did you mean: 

unknown-tcp for Exchange 2016 when decrypted

L3 Networker



I'm doing decryption for Exchange 2013 OWA web part and it was doing good - was seeing mostly applications like ms-exchange, activesync, outlook-web which makes sense.

Customer upgraded their infrastructure to Exchange 2016 and after trying to decryot that I'm getting a bunch of unknown-tcp traffic after decryption instead of ms-exchange and/or outlook-web. Even for full length sessions with bunch of traffic. Activesync still seems to be recognized normally. Due to that had to allow unknown-tcp traffic in security policy as well, which is not great, but still better then not decrypting at all.


Decryption itself seems to be working fine, as there are no errors, same key was used on the new servers when migration was done.


Have anyone seen similar results?


Cyber Elite
Cyber Elite


I would guess that the app-ids simply haven't been expanded to fully support Exchange 2016 just yet. I would log a support case so they can verify that there isn't anything else going on and then raise the issue internally so the proper app-ids get expanded in a feature content update. 

Indeed, that's why it is rather strange as I would guess the product is widely used and I would expect it to be recognized properly by this time.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!