Just installed Windows Server 2008R2 SP1 to see if it would fix this problem, but it didn't.
Until an administrator logs onto the domain controller, there are many events that WFP blocked a connection from Server60 to Server60 or Server60 to Server70. Both server60 and server70 are the domain controllers. One the admin logs on, the WFP events stop.
The firewall is off by default GPO. Yes, i know that the WFP kicks in during the boot up sequence until the firewall takes over or in my case does not take over (since Vista), but i clearly should not have to autologon to a domain controller and call autolock or something.
Example event
LEVEL = Information
Source = Microsoft Windows Security Auditing
EventID = 5152 "Filtering Platform Packet Drop"
and its evil twin id = 5157 "Filtering Platform Connection"
"The Windows Filtering platform has blocked a connection."
Direction %%14593
SourceAddress 192.168.10.60
SourcePort 49677
DestAddress 192.168.10.60
DestPort 389
Protocol 6
FilterRTID 65667
LayerName %%14611
LayerRTID 48
RemoteUserID S-1-0-0
RemoteMachineID S-1-0-0
windows-server-2008-r2 WFP BFE WindowsFilteringPlatform BaseFilteringEngine
Best Answer
You disable this using the following commands:
Source: The Windows Filtering Platform has blocked a bind to a local port