Windows筛选平台在端口389上阻止了数据包 [英] The Windows Filtering Platform blocked a packet on port 389

问题描述

我们有一台Windows Server 2008 R2 DC。 此服务器上的事件查看器安全日志从各种源IP地址生成大量5152个事件，表示Windows过滤平台阻止了数据包到端口389.

此服务器上的Windows防火墙具有启用默认的Active Directory规则允许端口389上的传入连接，并且我没有报告任何与网络用户的Active Directory相关的问题。

任何人都知道我为什么即使端口389允许通过Windows防火墙也会出现这些审核失败？

解决方案

您可以发布其中一个活动。 无论过滤器如何，都可能产生某些审核的错误。 您还可以使用Netsh.exe WFP 捕获启动，重新启动事件，以及Netsh.exe WFP 捕获停止。 查看结果
文件中是否有匹配的事件。 您还可以将过滤器ID与系统上的过滤器ID相关联，以查看它是否是合法的审核/

希望这有帮助，

We have a Windows Server 2008 R2 DC.  The Event Viewer Security log on this server is generating lots of 5152 events ffrom various source IP addresses saying that the Windows Filtering Platform blocked a packet to port 389.

The Windows Firewall on this server has the default Active Directory rules enabled allowing incoming connections on port 389 and I haven't had any issues reported relating to Active Directory from users on the network.

Anybody have an idea why I'm getting these audit failures even with port 389 allowed through the Windows Firewall?

解决方案

Can you post one of the events.  Its likely the bug where certain audits were generated regardless of filters.  You could also use Netsh.exe WFP capture start , repro the event, and Netsh.exe WFP capture stop.  Look in the resultant files for any events matching.  You can also correlate the filter ID to those on the system to see if maybe it is a legitimate audit/

Hope this helps,

这篇关于Windows筛选平台在端口389上阻止了数据包的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！