Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: GPO blocking application traffic w/Firewall service stopped

04 Feb 2013   #1
Seventh

Windows 7, Ubuntu
 
 
GPO blocking application traffic w/Firewall service stopped

Hi folks. I wasn't sure which forum this belonged in, so apologies if this is the wrong place.

I'm working with a hardened Win7 x32 machine right now that's part of a domain that has a very strict (military) GPO set assigned to it. I have an application that sends unicast traffic on one machine, and an application that receives it on the other.

Before applying the GPO set, everything works as it should. The receiving application gets the traffic and all is well. As soon as I join the receiving machine to the domain and get the policies, the traffic stops working. Here's where it gets weird.

I am logged in as domain admin on both machines, and I CAN get unicast traffic out of the receiving machine to other hosts. I have the windows firewall service stopped on the receiving machine, and if I run a netstat I can see the ports open. Additionally, if I wireshark the NIC, I see the traffic from my originating box getting ot the receiving machine - it just doesn't make it to the application.

Short version:

- Computer sends traffic to My_Receiving_Machine
- Ports are open on My_Receiving_Machine, verified in netstat
- I see the traffic I'm sending to it on the NIC in Wireshark on My_Receiving_Machine
- Windows firewall service is stopped on My_Receiving_Machine
- Traffic does not get to application, regardless of port

I'm not the most familiar with GPO so I'm just going through them all right now hoping to stumble across it, but I'm hoping someone can save me a LOT of time and perhaps offer some guidance. The traffic I'm sending is UDP unicast, but it's the same for multicast - I see the traffic on the NIC, but it doesn't make it to the application. I am running the application itself under an administrative account as well.

Any suggestions would be very much appreciated. Thanks!


My System SpecsSystem Spec
.

04 Feb 2013   #2
fireberd

Windows 7/10 64 bit
 
 

I'm a retired Fed Gov LAN/WAN Network Manager. The department support/help desk for the application would be the best place to start. I know the agency I worked for routinely customized software for our agency's use and thus the department responsible for the software were the only ones that knew how it worked.
My System SpecsSystem Spec
04 Feb 2013   #3
Seventh

Windows 7, Ubuntu
 
 

Thanks. I'm working with an Air Force SDC image - I assume you're probably familiar with them then. I have tried calling the support help desk, and (no offense meant to any servicemen) I get connected with low level 2LTs whose roles are more along the lines of creating domain accounts and changing passwords, not high(ish) level GPO adjustment.

As it turns out, it's not that my WF service is stopped. It actually SAYS it's stopped in the services panel (logged in as the domain admin) but the service IS still running. This has lead me to a whole new level of what_the_hell_am_I_doing, haha.

Right now all I'm trying to do is allow a single application (we'll call it debug.exe) on a single port (udp 18999) through the FW. I've added the rules on the client, but looking at the firewall log it's still dropping the incoming packets.

In my GPO I have both "Allow local port exceptions" and "Allow local program exceptions" enabled. I've updated the client with the GPO, but it's still ignoring the local rule.

In Windows Firewall config on the client, I see a section under "Rule Merging", and there it says "Apply local firewall rules: No". I'm trying now to figure out how to change that at the GPO level, but not having much luck. Googling around, I found this:

Step 5: Adding the Setting that Prevents Local Administrators from Applying Conflicting Rules

Which says to use "Group Policy Management Editor", but when I look at my GPOs for my domain and edit one, I get Group Policy Object Editor, not Management. I can't figure out how to get to the "Management Editor" to try and make the change to allow local firewall rules. So if anyone knows where I go to adjust the GPO to set Apply Local Firewall Rules to Yes, that would be fantastic.
My System SpecsSystem Spec
.


05 Feb 2013   #4
fireberd

Windows 7/10 64 bit
 
 

I know nothing about the software you are using. I worked for SSA and we had our own internal network. The LAN's used Token Ring instead of Ethernet and Novell Netware file servers. Token ring (IBM) and what it does is totally different from the protocol you are using.

I was the Regional Network and hardware help desk manager in Kansas City, Mo. I had the entire mid west (everything west of the Mississippi to the Rocky Mountains). There are three levels of help desk support. Level 1, which you ran into, basically takes problem calls, gets the users information, and asks some basic questions such as "is your PC plugged in" or "is it powered up and on line", etc. Level 2 does more in depth troubleshooting and testing and can fix most problems, that do not require an on-site hardware tech. Finally there is the 3rd level which is the system analysts, programmers, etc.
My System SpecsSystem Spec
Reply

 GPO blocking application traffic w/Firewall service stopped




Thread Tools





Similar help and support threads
Thread Forum
Windows firewall blocking .exe file even after firewall is disabled
Hey everyone, This is my first post, and first time I've not been able to solve my problem by searching previous posts...so hopefully someone can help me out. I'm trying to install a downloaded .exe file, and Windows firewall is blocking it regardless of whether the firewall is active or not; the...
System Security
Blocking p2p traffic on network
Hi Everyone and thank you for taking a look. I work on a road project in a rural area here in SL and we have very limited internet connectivity in my office of just 120gb package per month. but here other employees are using this to download torrents and they have already eaten up 70gb on...
Network & Sharing
Win7 Firewall Service not starting, blocking ALL incoming connections
Hi guys this issue is doing my head in. This happened to me before a few weeks ago, I reinstalled and after about a week the problem is back. The Issue: After a restart of the computer the firewall will NOT turn on, in the control panel it tells me to reset to default settings (1 Button) upon...
Network & Sharing
Is Win7 blocking UDP traffic on 127.0.0.1?
Hi, We are building an 2 application that connect to 127.0.0.1:30303. They are used to send data from app A to app B, acting as a local p2p connection. On windows XP, everything runs as it should. On windows 7 it doesn't work anymore. We've tried turning off the firewalls, opening ports...
Network & Sharing
Blocking outbound traffic (data out)
My ISP charges for outbound traffic, even though they dont pay for it. According to them it is to stop people sharing files and stuff illegally. In my case, it's accounting for 10% of my allowance, and I've tried everything I can to stop it. Somehow, people are getting into my network and...
System Security

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 21:36.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App