We setup 4 new DC's in our AD domain after we updated our schema to 2008 R2. The 4 new DC's are standard builds with all the latest updates applied and now changes to the default firewall settings. In our security logs we are getting thousands of 5152 audit failures.
The Windows Filtering Platform has blocked a packet.
Process ID: 0
Application Name: -
Source Address: xx.xx.xx.xx
Source Port: 7474
Destination Address: xx.xx.xx.xx
Destination Port: 32775
Filter Run-Time ID: 68188
Layer Name: Transport
Layer Run-Time ID: 13
They are announcement broadcasts that are being dropped.
According to this article I should be able to disable these so my event logs stop filling up.
However, the logs start filling up again after a few hours or right away after a reboot. Looking for any suggestions out there. This article seems to be similar to what I have but it does not list R2 as one of the systems it is supposed to fix.
Looking for someone who may have some experience with this.