SharePoint - Filtering Platform Connection Audit Failure

Asked By PGallez

27-Jan-10 12:55 PM

I am getting Event ID 5157 security log audit failures related to the
SharePoint mssearch service that I cannot resolve--all of the basic stuff
looks right to me. This a single-server implementation of WSS 3.0 SP1 on
Windows Server 2008 R2 (SP, IIS, SQL Server, and search all running on the
same machine). Can anyone suggest an effective way to troubleshoot this?

SharePoint Setup Discussions

SQL Server
(1)

Windows Server 2008 R2
(1)

SharePoint
(1)

IIS
(1)

Enforcement
(1)

Firewall
(1)

Harish
(1)

Serif
(1)

haris replied to PGallez

27-Jan-10 04:06 PM

------=_NextPart_0001_62D1EDCA
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

Administrative tools -> Sharepoint Central admin -> Operations -> services
on server -> Windows sharepoint services search -> update the password.

Harish K
------=_NextPart_0001_62D1EDCA
Content-Type: text/x-rtf
Content-Transfer-Encoding: 7bit

{\rtf1\ansi\ansicpg1252\deff0\deflang1033{\fonttbl{\f0\fnil\fprq2\fcharset0 MS Sans Serif;}}
\viewkind4\uc1\pard\f0\fs20 Administrative tools -> Sharepoint Central admin -> Operations -> services on server -> Windows sharepoint services search -> update the password.
\par
\par Harish K
\par }
------=_NextPart_0001_62D1EDCA--

sunil replied to haris

27-Jan-10 06:27 PM

------=_NextPart_0001_63530A77
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

It is important to go through the details of the event log message to
identify which connection is blocked and why:

========================================================
The Windows Filtering Platform has blocked a connection.

Application Information:
Process ID:  PID

Application Name: process_name

Network Information:
Direction:  outbound or inbound
Source Address:  source_ip

Source Port:
Destination Address: des_ip

Destination Port:  ??
Protocol:  ??
========================================================

Application Layer Enforcement (ALE) Stateful Filtering
http://msdn2.microsoft.com/en-us/library/bb613463(VS.85).aspx


To disable the auditing run following commands:
auditpol /set /subcategory:"Filtering Platform Packet Drop"
/success:disable
auditpol /set /subcategory:"Filtering Platform Packet Drop" /failure:disable
auditpol /set /subcategory:"Filtering Platform Connection" /success:disable
auditpol /set /subcategory:"Filtering Platform Connection" /failure:disable

Windows Firewall feature in Windows Server 2008
http://technet2.microsoft.com/windowsserver2008/en/library/c042b3c5-dee1-4a3
1-ac35-e90e846290441033.mspx

Sunil [MSFT]
------=_NextPart_0001_63530A77
Content-Type: text/x-rtf
Content-Transfer-Encoding: 7bit

{\rtf1\ansi\ansicpg1252\deff0\deflang1033{\fonttbl{\f0\fnil\fprq2\fcharset0 MS Sans Serif;}}
\viewkind4\uc1\pard\f0\fs20 It is important to go through the details of the event log message to identify which connection is blocked and why:
\par
\par ========================================================
\par The Windows Filtering Platform has blocked a connection.
\par
\par Application Information:
\par  Process ID:  \b PID\b0
\par
\par  Application Name: \b process_name\b0
\par
\par Network Information:
\par  Direction:  \b outbound or inbound\b0
\par  Source Address:  \b source_ip\b0
\par
\par  Source Port:
\par  Destination Address: \b des_ip\b0
\par
\par  Destination Port:  \b ??\b0
\par  Protocol:  \b ??\b0
\par ========================================================
\par
\par \b Application Layer Enforcement (ALE) Stateful Filtering\b0
\par http://msdn2.microsoft.com/en-us/library/bb613463(VS.85).aspx
\par
\par
\par \b To disable the auditing run following commands:\b0
\par auditpol /set /subcategory:"Filtering Platform Packet Drop" /success:disable
\par auditpol /set /subcategory:"Filtering Platform Packet Drop" /failure:disable
\par auditpol /set /subcategory:"Filtering Platform Connection" /success:disable
\par auditpol /set /subcategory:"Filtering Platform Connection" /failure:disable
\par \b
\par Windows Firewall feature in Windows Server 2008\b0
\par http://technet2.microsoft.com/windowsserver2008/en/library/c042b3c5-dee1-4a31-ac35-e90e846290441033.mspx
\par
\par Sunil [MSFT]
\par
\par }
------=_NextPart_0001_63530A77--

PGallez replied to haris

27-Jan-10 07:29 PM

Thanks, did that, also verified that the credentials were valid by logging in
to the server with the domain accounts being used for search and content
access. Didn't help. Also reviewed the SQL Server configuration for the two
accounts and it looks right too.

PGallez replied to sunil

27-Jan-10 07:34 PM

Thanks Sunil. See details below re error.

I did not do anything with the Windows Firewall feature in Server 2008 during
SP installation, as it is disabled on this server (probably due to Group
Policy). I assumed that if it was disabled, it would not be blocking anything,
so I was OK (at least as far as this audit failure goes.)

Previous Discussion: MOSS2007 config step 6 access denied

SQL Server 2000 location question SharePoint

SQL Server 2000 location question SharePoint I have 2 servers: one with Windows Server 2003 R2 that I will install MOSS 2007 on, and the other is my DC, which runs SBS 2003 Premium (which includes Windows Server 2003, SQL Server 2000, Exchange 2003, WSS 2.0 (upgraded to WSS 3.0 SP1), and ISA 2004

Permission to run stsadm SharePoint

Permission to run stsadm SharePoint Hi, Server 1 - I have Moss 2007 installed on 1 server running Windows server 2003. Server 2 - On another machine, I installed Moss 2007 and SQL Server 2005 on Windows Server 2008. I need to restore the content db from server 1 to server 2

= ?Utf-8?Q?WSS_2.0_SP2_Database_Upgrade_ = E2 = 80 = 93_S? = = ?Utf-8?Q?QL_Server_2000_to_2005? = SharePoint

0_SP2_Database_Upgrade_ = E2 = 80 = 93_S? = = ?Utf-8?Q?QL_Server_2000_to_2005? = SharePoint Hello, I need to move a SQL Server 2000 database to a different SQL Server 2005 server. The SQL Server 2000 database is being used by a Windows SharePoint Services (WSS) 2.0 site with Service Pack 2 installed. However, I am not

WSS 3.0 on Windows Server 2003 Web Edition SharePoint

WSS 3.0 on Windows Server 2003 Web Edition SharePoint Hello, When I try to install Windows Share Point Services 3.0 on our dedicated Hosting Server (Windows Server 2003 Web Edition!) I can't select the second install option including the internal Windows Database!! Isn't it possible to install WSS 3.0 on a Windows Server 2003 Web Edition???? When I install the SQL Express Edition first I have a

Remote SQL 2005 Server for databases SharePoint

Remote SQL 2005 Server for databases SharePoint Do I need to install SQL Server 2005 Client Tools to the SharePoint 2003 Server in order to backup SharePoint databases using GUI? Sharepoint databases are on a remote SQL 2005 Server and I get below error when I run backup: Connecting to SQL Server MYSQLSERVER . . . Connection to SQL Server MYSQLSERVER FAILED Failed ConnectToServer [Microsoft][ODBC SQL Server Driver