We've got a new application developed that needs to connect to an SQL server. The program works fine on Apple devices downloaded from the App store, and the emulator works well on some machines, but I'm tasked with getting the Windows App to work, and as soon as it is on the domain, it crashes the moment a login is attempted. Here are the relevant event logs, I think.
Application Log
Faulting application name: WcBc.UWP.exe, version: 1.0.0.0, time stamp: 0x5e1b7efb
Faulting module name: ntdll.dll, version: 10.0.18362.418, time stamp: 0x99ca0526
Exception code: 0xc0000005
Fault offset: 0x000000000001792d
Faulting process id: 0x5e2c
Faulting application start time: 0x01d5cd738a0fa05b
Faulting application path: C:\Program Files\WindowsApps\WcBc_6.0.3.0_x64__x092f3jx59vf4\WcBc.UWP.exe
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report Id: fc0e2bd5-9704-4ad2-b601-b61c8bfd53a7
Faulting package full name: WcBc_6.0.3.0_x64__x092f3jx59vf4
Faulting package-relative application ID: App
Security Log
The Windows Filtering Platform has blocked a packet.
Application Information:
Process ID: 24108
Application Name: \device\harddiskvolume3\program files\windowsapps\wcbc_6.0.3.0_x64__x092f3jx59vf4\wcbc.uwp.exe
Network Information:
Direction: Outbound
Source Address: 10.80.243.64
Source Port: 58988
Destination Address: 10.101.10.18
Destination Port: 4118
Protocol: 6
Filter Information:
Filter Run-Time ID: 71531
Layer Name: Connect
Layer Run-Time ID: 48
I have examined the Filter Run-time ID, and determined that the rule that was blocking the traffic from Windows Firewall was the "Default Outbound Rule" which seems ridiculous because the Firewall is completely disabled for Domain profiles by group policy, because we have third-party endpoint protection (which is not yet installed on this device I'm testing.) I went ahead and looked at the default rule for outbound traffic, and it is set to allow everything.
I have been able to get the app to connect successfully, but that was only after completely disabling the Base Filtering Engine service, which is not an acceptable solution. I'm incredibly confused though, why is the firewall blocking this traffic when it's both disabled, and instructed to allow the traffic through anyways if it weren't disabled?
Edit: Here's what I believe to be the relevant information from the wfpdiag.xml file
-<item>
<filterKey>{c13b7c37-0ea6-4664-b6f0-7305091c23a3}</filterKey>
-<displayData>
<name>Block Outbound Default Rule</name>
<description>Block Outbound Default Rule</description>
</displayData>
<flags/>
<providerKey>{4b153735-1049-4480-aab4-d1b9bdc03710}</providerKey>
-<providerData>
<data>4301000000000000</data>
<asString>C.......</asString>
</providerData>
<layerKey>FWPM_LAYER_ALE_AUTH_CONNECT_V4</layerKey>
<subLayerKey>{b3cdd441-af90-41ba-a745-7c6008ff2300}</subLayerKey>
-<weight>
<type>FWP_EMPTY</type>
</weight>
-<filterCondition numItems="1">
-<item>
<fieldKey>FWPM_CONDITION_ALE_PACKAGE_ID</fieldKey>
<matchType>FWP_MATCH_NOT_EQUAL</matchType>
-<conditionValue>
<type>FWP_SID</type>
<sid>S-1-0-0</sid>
</conditionValue>
</item>
</filterCondition>
-<action>
<type>FWP_ACTION_BLOCK</type>
<filterType/>
</action>
<rawContext>0</rawContext>
<reserved/>
<filterId>67910</filterId>
-<effectiveWeight>
<type>FWP_UINT64</type>
<uint64>549755813888</uint64>
</effectiveWeight>
</item>
User contributions licensed under CC BY-SA 3.0