Tag: server

Windows Server eventlog ID 5152 Filtering Platform Packet Drop

Post author By Dave
Post date 2019-07-10
No Comments on Windows Server eventlog ID 5152 Filtering Platform Packet Drop

After some online searching around EVENT ID 5152 which had started littering my DC’s eventlogs following some additional audit enabling I discovered how to silence these logs from the SECURITY eventlog, leaving them in place for the FIREWALL log instead:


auditpol /set /subcategory:"Filtering Platform Packet Drop" /success:disable /failure:disable
auditpol /set /subcategory:"Filtering Platform Connection" /success:disable /failure:disable

The 5152 event:

Log Name: Security
Source: Microsoft-Windows-Security-Auditing
Date: XXXX
Event ID: 5152
Task Category: Filtering Platform Packet Drop
Level: Information
Keywords: Audit Failure
User: N/A
Computer: XXXX
Description:
The Windows Filtering Platform has blocked a packet.

Application Information:
Process ID: 0
Application Name: –

Network Information:
Direction: Inbound
Source Address: XXXX
Source Port: 54915
Destination Address: XXXX
Destination Port: 54915
Protocol: 17

Filter Information:
Filter Run-Time ID: 85817
Layer Name: Transport
Layer Run-Time ID: 13
Event Xml:

5152 0 0 12809 0 0x8010000000000000 437620320 Security XXXX
0 – %%14592 XXX 54915 XXXX 54915 17 85817 %%14597 13

Tags 5152, bad packet filtering, event, eventlog, eventviewer, server

Windows

Windows Server 2012 .NET

Dism /online /enable-feature /featurename:NetFX3 /featurename:NetFx3ServerFeatures /Source:X:\sources\sxs
Note: X: is the drive letter of DVD drive on the computer, adjust it accordingly.

Tags .net, 2012, server

Microsoft

Microsoft WSUS Rebuild

To re-install WSUS with a clean database i.e. no previous configuration:

Run Windows Powershell as Administrator and use the following commands:

Uninstall-WindowsFeature -Name UpdateServices,Windows-Internal-Database -Restart

Post restart, delete EVERYTHING in the C:\Windows\WID\ (for Win 2012 r2) folder.

Then run the following command to re-install WSUS:
Install-WindowsFeature UpdateServices -Restart

This only works on PowerShell 3 or higher.

UPDATE
I had to run the postinstallation tasks manually via Powershell using the WID db, if using SQL you need to add in sql_instance=

C:\Program Files\Update Services\Tools\WsusUtil.exe content_dir=”<<dir of update download location>>

creds: https://serverfault.com/questions/449914/how-to-completely-wipe-wsus-and-start-again

Tags rebuild, server, services, update, wid, windows, wsus