Purpose
You need to determine a cause for connection issues related to the Firewall.
Resolution
We may find this info on a target by logging the dropped packets while replicating the steps in PDQ Deploy or Inventory that we are receiving the error or connection problems.
On a failing target-
1. in the Start search type wf.msc and press enter.
2. The Window below will pop up, click properties while selected on the Windows Defender Firewall tab.
3. Inside the Properties tab, select the logging Customize button.
4. Select to log dropped packets.
5. Press Ok to close the logging settings and again to close the Windows Defender Firewall properties windows.
6. Before we begin to test, log, and research let's be sure your account can read the log file ( you may need to open the log files security tab and add yourself with read permissions.
it is located here C:\Windows\System32\LogFiles\Firewall
and called pfirewall.log
by default.
7. Once you are sure you can open and read this file please replicate the failures you are seeing. You may need to close and reopen the file after each test to see updates.
Note: If you do not see any dropped packets while logging the Domain Firewall let's go back and turn off logging in the Domain Firewall and perform the steps to log the Private and Public firewall, (one at a time).
Comments
0 comments
Article is closed for comments.