Defender FW / IPSec / Authenticated Users won't work

%3CLINGO-SUB%20id%3D%22lingo-sub-1094448%22%20slang%3D%22en-US%22%3EDefender%20FW%20%2F%20IPSec%20%2F%20Authenticated%20Users%20won't%20work%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1094448%22%20slang%3D%22en-US%22%3E%3CP%3EHello%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20have%20a%20problem%20I%20can't%20figure%20out.%3C%2FP%3E%3CP%3EWe%20need%20to%20allow%20access%20to%20some%20ports%20(like%20TCP%2080%2FIIS)%20based%20on%20AD-Users.%3C%2FP%3E%3CP%3ESo%20I%20activated%20IPSec%20through%20the%20Defender%20Firewall%20and%20made%20a%20rule%20%22Allow%20TCP%2080%20for%20User%20domain%5Cuser%22%20(there%20listens%20a%20standard%20blank%20IIS%20on%20port%2080)%20for%20both%2C%20client%20and%20server.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ENow%2C%20on%20the%20Win10%20Client%20I%20open%20a%20cmd%20and%20do%20a%20%22telnet%20%3CSERVER-IP%3E%20%26lt%3B80%26gt%3B%22%20which%20_works_.%3C%2FSERVER-IP%3E%3C%2FP%3E%3CP%3EHowever%2C%20when%20I%20open%20Iexplore%2C%20Firefox%20or%20Chrome%20and%20open%20http%3A%2F%2F%3CSERVERIP%3E%2C%20it%20doesn't.%3C%2FSERVERIP%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAfter%20both%20attempts%2C%20I%20can%20see%202%20connections%20in%20the%20IPSec%2FFirewall%20monitoring%20on%20the%20server.%20On%20is%20from%20the%20working%20telnet%20connection%2C%20the%20other%20is%20from%20the%20not%20working%20browser%20connection.%20They%20differ.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThe%20working%20(telnet)%20one%20has%20as%201st.%20auth%20the%20Computername%2C%20and%20as%202nd%20auth%20the%20domain%5CUser.%20As%20it%20should%20be.%3C%2FP%3E%3CP%3EThe%20not%20working%20one%20has%20Domain%5CComputername%24%20as%20first%20and%20second(!)%20Auth%2C%20instead%20of%20the%20Domain%20User.%3C%2FP%3E%3CP%3EHere's%20a%20picture%20of%20what%20i%20mean%3A%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fimgur.com%2Fa%2Fpdz35yl%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fimgur.com%2Fa%2Fpdz35yl%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWhy%20does%20the%20W10%20client%20use%20%22System%22%20as%20Auth%20for%20user%20and%20computer%20auth%3F%3CBR%20%2F%3EWhat%20am%20I%20doing%20wrong%3F%3C%2FP%3E%3CP%3E%3CBR%20%2F%3EBoth%20machines%20in%20the%20same%20subnet%2C%20both%20are%20VMs%20on%20my%20HW%20machine.%20No%20special%20GPOs%2C%20no%20proxy%2C%20no%20fancy%20stuff.%20Just%202%20out%20of%20the%20box%20Windows%20PCs.%20Server%202016%20and%20Windows%2010%2C%20fully%20patched.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%20and%20best%20regards%3C%2FP%3E%3CP%3EAlex%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1094448%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3ENetworking%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ESecurity%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EWindows%20Server%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
New Contributor

Hello,

 

I have a problem I can't figure out.

We need to allow access to some ports (like TCP 80/IIS) based on AD-Users.

So I activated IPSec through the Defender Firewall and made a rule "Allow TCP 80 for User domain\user" (there listens a standard blank IIS on port 80) for both, client and server. 

 

Now, on the Win10 Client I open a cmd and do a "telnet <server-IP> <80>" which _works_.

However, when I open Iexplore, Firefox or Chrome and open http://<serverIP>, it doesn't.

 

After both attempts, I can see 2 connections in the IPSec/Firewall monitoring on the server. On is from the working telnet connection, the other is from the not working browser connection. They differ.

 

The working (telnet) one has as 1st. auth the Computername, and as 2nd auth the domain\User. As it should be.

The not working one has Domain\Computername$ as first and second(!) Auth, instead of the Domain User.

Here's a picture of what i mean: https://imgur.com/a/pdz35yl

 

Why does the W10 client use "System" as Auth for user and computer auth?
What am I doing wrong?


Both machines in the same subnet, both are VMs on my HW machine. No special GPOs, no proxy, no fancy stuff. Just 2 out of the box Windows PCs. Server 2016 and Windows 10, fully patched.

 

Thanks and best regards

Alex

0 Replies