This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(307.2, 23%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAB%3C/text%3E%3C/svg%3E)
Hello.
I have configure Windows Server 2019 Essentials for VPN connections.
I'm able to connect to the server using the VPN, but I'm unable to make an RDP connection or to access the shared folder, unless I disable the Windows firewall public profile.
I can't point which rule is blocking the access, or which one to enable or create to allow it, or is there a way to get a live monitoring that would tell me whhy the inbound connection has been denied.
Thank you
Well actually not "my" way but the "microsoft windows" way to define firewall rules. You might try some firewall logging in case some custom ports have been set.
--please don't forget to Accept as answer if the reply is helpful--
So below is the log of the firewall. You can see when it's dropped (firewall is on "blocked (default) and allow when firewall is on "allow"
I was connecting to the shared folder
Looks like TCP 445 is still blocked.
--please don't forget to Accept as answer if the reply is helpful--
I just created a rule for 445 as well, but still no success.
New output?
same thing
Yes, still being blocked. Looks like the rules are on Public/Private where an Essentials server will always want to be a root domain controller such that it should be using the Domain network profile. Check the Network Sharing Center for the profile in use.
This is a small server that has only been made for file sharing for two or three users.
They will access to their files through the VPN.
So there is no DC in this configuration.
Regarding the connection, the network is using the private profile, but its seems that it's the public one that is blocking the inbound connection, since when I set the the public profile firewall on "allow", I can access to file sharing and RDP from the VPN connection.
If the Profile is Private then the firewall rules need to also be configured Private The server is not multi-homed right?
Yes I know, I’ve enabled all those tules for private and public.
It’s not multi home.
The fact remains that TCP 445 is being blocked.
I know.
And I don’t know what to do
Please post an unedited ipconfig /all
here it is95473-ipconfig.txt
Might try gpedit.msc then
Computer Configuration\Windows Settings\Security Settings\Network List Manager Policies\"RAS (Dial In) Interface"\Network Location and set it to Private
Yes it worked.
Thank you so much.
Could you explain why I had to do that? Shouldn't it be automatically set on private?
Until you posted the ipconfig /all I didn't know there was RRAS role involved. It is the network location awareness service that determines the network profile. If it is determined public or unknown then it defaults to Public as the safer choice, so we forced it to Private.
Glad to hear it worked for you.
--please don't forget to Accept as answer if the reply is helpful--
File sharing == TCP ports 445,139 and UDP ports 137, 138
RDP == port 3389
--please don't forget to Accept as answer if the reply is helpful--
Yes I know that, and all those native rules are enabled, but it's not working.
The only way to make it work is to set the inbound connections to allow, but I assumed that if I put it on "block (default)", t will block all connections except the ones that the rules allowed.
That isn't quite right
Start > Run and type firewall. ...
Click on the Advanced Settings in the left pane. ...
Click on the Inbound Rules
In left pane, click on New rule.
Under Rule Type select option Port and click next.
Select TCP and or UDP specific local ports options.
Allow the connection
Select the profile in use
Give the rule some meaningful name
--please don't forget to Accept as answer if the reply is helpful--
I tried your way, even though I was skeptical since the Microsoft native rules are exactly the same, but it didn't work either.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(224.00000000000003, 81%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBJ%3C/text%3E%3C/svg%3E)
When Windows Defender Firewall Public Profile is enabled, I cannot create an Inbound Rule following Dave Patrick's guidance.
Hi ,
Try to add the subnet of your VPN clients in Remote IP address section for File and Printer Sharing rules and then see if you can access shared folder. As picture below:
Best Regards,
Candy
--------------------------------------------------------------
If the Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Hello.
I have tried this, and it didn't help.
When Windows Defender Firewall Public Profile is enabled, I cannot create an Inbound Rule following Dave Patrick's and Candy Luo's guidance. The steps work but the RDP connection is always blocked, unless I simple turn off Windows Defender 'entirely' for public networks.
Just checking if there's any progress or updates?
--please don't forget to Accept as answer if the reply is helpful--
I've answered you up there.
Same result as Alain Bensimon above. No resolution more than 2 years later.