Currently using Windows 2012 RDSH to present apps to the users. I had an interesting event yesterday where users reported sluggishness on an app from one of the RDS servers and saw these entries in the audit logs.
The Windows Filtering Platform has blocked a packet.
Process ID: 0
Application Name: -
Source Address: 172.16.255.245
Source Port: 49155
Destination Address: 172.16.10.30
Destination Port: 58564
Filter Run-Time ID: 70905
Layer Name: Datagram Data
Considering that protocol 17 is UDP and their using PCoIP it's pretty safe to say that it may have been windows firewall causing grief for the end users and their experience. I looked at the firewall and the firewall profiles for the domain was off while private and public were on.
has anyone encountered this previously? Windows blocking/dropping UDP packets because of filtering but not all the time just sometimes?
There may be a filter applied that is blocking the traffic.
run: netsh wfp show filters
Open up the file it generated "filters.xml"
Search for that filter run-time ID in xml file to see what is blocking it.