I faced this issue a year ago and now just realized that there can be guys out there struggling/looking for the solution. Basically the problem is: We are not able to reach any Terminal/Remote Apps hosted on our Terminal/Remote App Server or any services are explicitly failing to reach via network.
Note: This applies to Problems with Firewall getting disabled by GPOs automatically.
Well, that basically narrows down us to Firewall, but even if we enabled/Disabled firewall with Rules defined, the applications are not getting connected or Remote desktop fails too.
We see that Firewall is getting disabled or enabled as per Domain GPO Policy and for this we were not getting succeeded even if the firewall rules were defined, but able to get through firewall for sometime after the firewall is enabled/disabled manually on the server.
For this kinda problem we are very sure that Firewall is to be blamed here, but we have put our efforts on Firewall and still not getting us through because of GPO policies. The solution is to look at the Firewall policies Profiles that’s defined on the server:
We have to configure Firewall Profiles that will explicitly coordinate with the GPOs. For this you have to configure Windows firewall from SECPOL.MSC or WF.MSC and configure the Windows Profiles as below listed.
For the Organisation, since it would have Domain Network and possibility of Private you can configure these both profiles, and if your Organisation has Public network configured configure the same as well.
You configure Domain, Public and Private Profiles and enable Traffic to flow through Firewall enabled for Inbound and Outbound connections. You do the same for three profiles and say it okay, as per requirements. Now even if the Domain GPO forces this server to get the Firewall disabled, the applications and services can be reached out without any problems.
This applies to Problems where Firewall is getting disabled by GPOs.