域控制器上端口1211上的大量事件5152 [英] Large quantity of event 5152 on port 1211 on domain controller
问题描述
我有三个域控制器(两个2008R2和一个2012)。
我看到很多WFP在网络上的工作站上阻止来自SharePoint工作区的数据包。
理想情况下,我想停止发送这些数据包的工作站,因为他们不需要这些"Groove"数据包。函数
我还没有找到如何停止发送数据包的SharePoint Workspace,所以我想停止在我的域控制器安全日志中记录它们,这是其他更重要的事件。
Windows过滤平台已阻止数据包。
应用程序信息:
进程ID:0
申请名称: -
网络信息:
方向:入境
来源地址:10.141.1.36
来源港口:54118
目的地址:255.255.255.255
目的港:1211
协议:17
过滤信息:
过滤器运行时ID:456686
图层名称:传输
图层运行时ID:13
CarolChi
要停止此日志记录,您可以通过
将其禁用审核政策。
auditpol / set / SubCategory:" Filtering Platform Packet Drop" / success:disable / failure:disable
请注意,这将禁用所有阻止流量的记录(不仅仅限定为SharePoint流量)。
以下组策略链接可以帮助您禁用Groove通信:
http://technet.microsoft.com/en-us/library/ee649104(v = office.14).aspx
希望这个帮助,
I have three domain controllers (two 2008R2 and one 2012).
I am seeing a lot of WFP blocked packets from SharePoint workspaces on workstations on the network.
Ideally I would like to stop the workstations sending these packets, since they have not need for these "Groove" functions
I have not found out how to stop the SharePoint Workspace sending the packets, so I would like to stop logging them in my domain controller security log which is for other more important events.
The Windows Filtering Platform has blocked a packet.
Application Information:
Process ID: 0
Application Name: -
Network Information:
Direction: Inbound
Source Address: 10.141.1.36
Source Port: 54118
Destination Address: 255.255.255.255
Destination Port: 1211
Protocol: 17
Filter Information:
Filter Run-Time ID: 456686
Layer Name: Transport
Layer Run-Time ID: 13
CarolChi
To stop this logging, you can disable it via the audit policy.
auditpol /set /SubCategory:"Filtering Platform Packet Drop" /success:disable /failure:disableNote that this will disable logging of all blocked traffic (not just scoped to the SharePoint traffic).
The following Group Policy link may help you disable the Groove communication from happening:
http://technet.microsoft.com/en-us/library/ee649104(v=office.14).aspxHope this helps,
这篇关于域控制器上端口1211上的大量事件5152的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
