Intermittent problem with incorrect Windows Firewall profile being applied

Brandon Poindexter 71 Reputation points
2023-10-30T13:58:23.5666667+00:00

We are experiencing an unusual problem with some of our workstations. We are seeing some workstations apply the Public Windows Firewall profile despite the fact that the network profile is a domain profile. I have attached a screen cap of the results of 'netsh firewall show state' and the results of 'get-netconnectionprofile'. The netsh command shows the firewall profile being "Standard" which is equivalent to Public (I can go into the machine in question and it will tell me, in Windows Firewall, that the Public profile is active). The get-netconnectionprofile command is showing that the network is seen as a domain network.

How do we get the machine to understand it's in a domain network and should use the domain profile?

netsh1

getnet1

Windows for business | Windows Client for IT Pros | Networking | Network connectivity and file sharing
Windows for business | Windows Client for IT Pros | User experience | Other
0 comments No comments
{count} votes

3 answers

Sort by: Most helpful
  1. Anonymous
    2023-10-30T14:05:39.3366667+00:00

    When NLA starts to detect the network location, the machine will contact a domain controller via port 389. If this detection is successful, it will get the domain firewall profile (allowing for correct ports) and we cannot change the network location profile.

    If the domain was not found or process failed, NLA will let you to determine which firewall profile will be used, private or public, likely defaulting to Public

    So I'd check the domain controller and problem client have the static address of DC listed for DNS and no others such as router or public DNS

    --please don't forget to close up the thread here by marking answer if the reply is helpful--


  2. Anonymous
    2023-10-30T14:10:05.5966667+00:00

    Please run;

    Dcdiag /v /c /d /e /s:%computername% >C:\dcdiag.log (run on PDC emulator)
    repadmin /showrepl >C:\repl.txt (run on any domain controller)
    ipconfig /all > C:\%computername%.txt (run on EVERY domain controller)
    ipconfig /all > C:\problemworkstation.txt (run on problem pc)

    Also check the domain controller System and Replication (DFS or FRS) event logs for errors since last boot. Post the Event Source and Event IDs of any found. (no evtx files)

    then put unzipped text files up on OneDrive and share a link.


  3. Anonymous
    2023-10-30T18:47:45.82+00:00

    Understood, for that level of support you can start a case here with product support.

    https://support.serviceshub.microsoft.com/supportforbusiness

    --please don't forget to close up the thread here by marking answer if the reply is helpful--

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.