i am unable to make any connections whatsoever to my windows 7 machine from another machine on my network. when i turn the firewall off, i am suddenly able to make these connections. one such connection is Remote Desktop. I've also tried accessing a shared folder and powershell remoting. i've also tried nmaping ports 1-1024 which all came up as closed.
the following is the output of netsh advfirewall firewall show rule name="Remote Desktop (TCP-In)" (second remote desktop rule for public networks not shown)
Rule Name: Remote Desktop (TCP-In)
----------------------------------------------------------------------
Enabled: Yes
Direction: In
Profiles: Domain,Private
Grouping: Remote Desktop
LocalIP: Any
RemoteIP: Any
Protocol: TCP
LocalPort: 3389
RemotePort: Any
Edge traversal: No
Action: Allow
and the following shows up in my %systemroot%\system32\logfiles\firewall\pfirewall.log:
#Fields: date time action protocol src-ip dst-ip src-port dst-port size tcpflags tcpsyn tcpack tcpwin icmptype icmpcode info path
...
2014-11-06 18:12:08 DROP TCP 10.2.10.39 10.2.10.87 58992 3389 52 S 3548206488 0 8192 - - - RECEIVE
2014-11-06 18:12:08 DROP TCP 10.2.10.39 10.2.10.87 58992 3389 52 S 3548206488 0 8192 - - - RECEIVE
2014-11-06 18:12:08 DROP TCP 10.2.10.39 10.2.10.87 58992 3389 52 S 3548206488 0 8192 - - - RECEIVE
netsh advfirewall show currentprofile shows this:
Domain Profile Settings:
----------------------------------------------------------------------
State ON
Firewall Policy BlockInbound,AllowOutbound
LocalFirewallRules N/A (GPO-store only)
LocalConSecRules N/A (GPO-store only)
InboundUserNotification Enable
RemoteManagement Disable
UnicastResponseToMulticast Enable
Logging:
LogAllowedConnections Enable
LogDroppedConnections Enable
FileName %systemroot%\system32\LogFiles\Firewall\pfirewall.log
MaxFileSize 4096
Public Profile Settings:
----------------------------------------------------------------------
State ON
Firewall Policy BlockInbound,AllowOutbound
LocalFirewallRules N/A (GPO-store only)
LocalConSecRules N/A (GPO-store only)
InboundUserNotification Enable
RemoteManagement Disable
UnicastResponseToMulticast Enable
Logging:
LogAllowedConnections Disable
LogDroppedConnections Disable
FileName %systemroot%\system32\LogFiles\Firewall\pfirewall.log
MaxFileSize 4096
Ok.
there seems to have been several other questions similar to this, but none of them answered, and none of them listing the details that i am listing, therefore i've created a new question.
Best Answer
The problem was Oracle VirtualBox's "Ethernet adapter VirtualBox Host-Only Network" network adapter. This network adapter was registered with Windows as being a "public" network, thus activating my public profile for firewall rules. I was able to correct this issue using the method from this article:
http://brianreiter.org/2010/09/18/fix-virtualbox-host-only-network-adapter-creates-a-virtual-public-network-connection-that-causes-windows-to-disable-services/
The idea is to tell Windows that this network adapter is a virtual one, so it can ignore it as far as firewall rules go. a simple registry edit will accomplish this. here is some powershell that will automatically apply this registry change:
I am still at a loss as to why Windows decides to use the Public profile for all traffic, instead of just the traffic coming through this network adapter. I have other machines that do not seem to be affected by this phenomenon. for instance, on one machine i have the following output for
netsh advfirewall firewall show rule name="Remote Desktop (TCP-In)"and the following output for
netsh advfirewall show currentprofileand yet i am able to make remote desktop connections to this computer just fine. in fact if my problem occurred any time that virtualbox adapter was present, than anyone with virtualbox installed wouldn't be able to remote into their computer, so this must be a still undetermined special case.
so the question still remains, how does Windows deal with multiple different profiles for multiple network connections? what variable is different between my original problem machine and my working one? does it pick the least secure profile and apply it to all network traffic as my first machine would imply, or does it apply one profile for each adapter separately, as my second one would imply? i will edit this post if i discover an answer to this question. in the mean time, at least i have a solution to my problem!