We setup 4 new DC's in our AD domain after we updated our schema to 2008 R2. The 4 new DC's are standard builds with all the latest updates applied and no changes to the default firewall settings or Group Policies. In our security logs we are getting thousands of 5152 audit failures.
The Windows Filtering Platform has blocked a packet.
Process ID: 0
Application Name: -
Source Address: xx.xx.xx.xx
Source Port: 7474
Destination Address: xx.xx.xx.xx
Destination Port: 32775
Filter Run-Time ID: 68188
Layer Name: Transport
Layer Run-Time ID: 13
They are announcement broadcasts that are being dropped.
According to this article I should be able to disable these so my event logs stop filling up.
However, the logs start filling up again after a few hours or right away after a reboot. Looking for any suggestions out there. This article seems to be similar to what I have but it does not list R2 as one of the systems it is supposed to fix.
Looking for someone who may have some experience with this.Wednesday, April 07, 2010 9:52 PM
Try creating an Advanced Audit Policy in your Domain Controllers OU
For more information:
Planning and Deploying Advanced Security Policies: http://technet.microsoft.com/en-us/library/ee513968(WS.10).aspx
Advanced Filtering Platform Packet Drop: http://technet.microsoft.com/en-us/library/dd941625(WS.10).aspx
Once you've created one that turns off Auditing of Advanced Filtering Platform Packet Drop, run "gpupdate /force". The messages should go away.
Likewise, you can create an Advanced Audit Policy in any OU in your Active Directory.
Friday, June 25, 2010 12:01 AM
- Proposed as answer by CameronMu Friday, June 25, 2010 12:10 AM
Protocol 17 means UDP trraffic. Looking at the port, looks like this is some kind of non-standard traffic.
Check netstat -ano on the client and the DC. See what process is bound at the mahcine & sending the packet (source port) and DC (destination port). You can use task manager to know the process id.
Yes, lets try http://support.microsoft.com/kb/969257
Hope this helps.
Regards, Amit Saxena. Keep Walking!Sunday, June 27, 2010 11:56 PM