General discussion

  • Creator
  • #2291903

    SP2 firewall not able to be controlled on 2000 domain via GPO


    by thewynn75 ·

    Ok, I am at my wits end with this. I have read almost every white paper I can find and it doesn’t seem like I am doing anything wrong, I think I am missing something small. Here is the situation:
    I am on a Windows 2000 server domain and have installed Server 2003 Administration Pack on my Windows XP SP2 PC. I am a domain adminstrator in AD and have set up a test group with a XP SP2 and a 2000 machine.
    I have enabled “Protect all network connections” and “Do not allow exceptions” with the Admin Pack and have confirmed that this has replicated to the DC’s. On the test XP machine I have turned off the firewall because I want AD to control it. I have rebooted the client several times. I am running a constant PING to the PC and it is PINGing, nothing is being blocked, I even RDC into it.
    It almost seems like even though the policies are showing up on the DC they don’t know what to do or how to enforce it. Does anyone know what I need to do to make this GPO work properly?

All Comments

  • Author
    • #3296389


      by thewynn75 ·

      In reply to SP2 firewall not able to be controlled on 2000 domain via GPO

      The problem ended up being a corrupted FRS. Everything is working fine now.

      • #3296341


        by chris ·

        In reply to Resolved

        I’ve been experiencing the same problems, how were you able to determine that FRS was corrupt and how did you resolve it? If I were to look at the settings of a GPO on a 2K server, I can see that the policy exists and is enabled, but no details.

        • #3296262

          I’m I only 1 not install SP2 ???????

          by abme75 ·

          In reply to Resoved….how?

          I wish I could help you Chris but I haven’t even updated yet. I guess I’m just not an early adapter. BTW has anyone else not updated to SP2 yet?

        • #3312497

          FRS corrupt

          by thewynn75 ·

          In reply to Resoved….how?

          The way I found out the FRS was corrupt was when I went into the policy folder (C:\WINNT\SYSVOL\sysvol\your domain\Policies) and counted how many policies were in there. 5 in my case. Then I went into AD to create a new policy and found that the policy was never actually written to the folder, although the policy showed up in the User and Computer snap in. Also File Replication event logs on the domain controller pointed to FRS problems.
          Now the solution I am sort of vague on. I didn’t actually perform the fix, your best bet would be to do a google search on the error in your event logs. That is what the other admin I work with did and found the solution there.

Viewing 0 reply threads