This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Hello everyone,
I was looking for this issue over the web, but didn't find anything due to its specificity:
We got here a "Development Domain" that got its DCs update do Windows Server 2022 Standard and Forest/Domain Level to the latest 2016.
We are starting the deployment of applications in this domain in 2022/2019/2016 Member Servers.
I setup a security baseline where I got a set of well know firewall definitions for these newer servers and everything is working properly in the Development Domain.
On the production domain however (DCs 2012 R2, Domain Level 2012 R2), we got the need of deploy some 2022/2019 servers in advance, to which I just copy the gpo created on previous domain to an isolated OU and apply the polices.
All the security polices and administrative templates work fine besides the Firewall policy, which 2019/2022 servers simply ignore when the GPO source is those older Domain Controllers.
There is no errors in gpupdate /force or gpresult, the baseline policy is being applied.
I bring the extra .admx and .adm files from previous domain to the \proddomain\sysvol\proddomain\PolicyDefintions folder.
I tried to clear the firewall policies in the GPO and insert all of the rules by hand in the 2012 R2 to avoid conflicts between policy names between versions, but new servers simply ignore those settings and stick with the default starting firewall rules of fresh instalation Windows.
Its good to point that the definition that the Firewall must be turned on is ok, and that setting is being applied.
There is no Local Polices being applied in these member servers on prod domain.
Does anyone know if it is a know issue of incompatiblity between 2012 R2 DCs vs 2019/2022 Member Servers?
Thanks in advance.
Some things to check here.
http://woshub.com/group-policy-not-applied-troubleshooting/
--please don't forget to upvote and Accept as answer if the reply is helpful--
Just checking if there's any progress or updates?
--please don't forget to upvote and Accept as answer if the reply is helpful--
Yep, was reading those concepts.
As I mentioned, I got no issues on the delivery of the GPO itself. Just the Firewall Settings.
The GPO is being delivered just fine, gpresult show it as applied sucessfully. And I can see other settings (Security Settings, preferences, registry, adm templates) being applied onto rsop.msc.
Just the firewall settings, specifically the rules, are being ignored. The settings for firewall to be turned on in all profiles are fine as well.
I can't find anything specific on this but I'll bet you're going to need to configure the firewall GPO on a 2016 or newer server. (notice the applies to on this page)
https://learn.microsoft.com/en-us/windows/security/threat-protection/windows-firewall/open-the-group-policy-management-console-to-windows-firewall-with-advanced-security
Just checking if there's any progress or updates?
--please don't forget to upvote and Accept as answer if the reply is helpful--
Ok guys, got it solved.
Thing was, my PDC Emulator was facing DFSR replication issues, so the newer changes I was writing on it wasn't replicating at all for the other DCs, therefore the members weren't updating. It wasn't a matter of firewall rules specific, but the latest changes made on GPO.
I move FSMO to a proper functional DC and demote the faulty DC and got it working.
Glad to hear, please don't forget to close up the thread by 