🟑 Medium   ⏱ 5–30 min  Last verified: 29 May 2026
Affected versions: Windows Server 2022

πŸ“– ~1 min read

Table of contents
  1. Symptom & Impact
  2. Environment & Reproduction
  3. Root Cause Analysis
  4. Quick Triage
  5. Step-by-Step Diagnosis
  6. Solution β€” Primary Fix
  7. Solution β€” Alternative Approaches
  8. Verification & Acceptance Criteria
  9. Rollback Plan
  10. Prevention & Hardening
  11. Related Errors & Cross-Refs
  12. References & Further Reading

Symptom & Impact

Network issues cannot be traced because blocked packets are not logged.

Environment & Reproduction

Windows Server 2022 build 20348 with firewall profile logging defaults unchanged.

Get-NetFirewallProfile | Select Name,LogAllowed,LogBlocked,LogFileName
Get-Item 'C:WindowsSystem32LogFilesFirewallpfirewall.log' -ErrorAction SilentlyContinue

Root Cause Analysis

LogBlocked disabled by baseline template or overwritten by GPO.

Quick Triage

Enable logging on active profile and verify file writes.

Get-NetConnectionProfile
Set-NetFirewallProfile -Profile Domain -LogBlocked True -LogAllowed True -LogFileName 'C:WindowsSystem32LogFilesFirewallpfirewall.log' -LogMaxSizeKilobytes 32767

Step-by-Step Diagnosis

Inspect dropped packet entries and correlate with app failures.

Select-String -Path 'C:WindowsSystem32LogFilesFirewallpfirewall.log' -Pattern 'DROP' | Select -First 20
Get-WinEvent -LogName 'Microsoft-Windows-Windows Firewall With Advanced Security/Firewall' -MaxEvents 60
Illustrative mockup for windows-server-2022 β€” terminal_or_powershell
Firewall logging configuration commands β€” Illustrative mockup β€” Progressive Robot

Solution β€” Primary Fix

Configure persistent logging via local policy or GPO.

Still having issues? Our IT Solutions & Services team can diagnose and resolve this for you. Get in touch for a free consultation.

Set-NetFirewallProfile -Profile Domain,Private,Public -LogBlocked True -LogAllowed False -LogMaxSizeKilobytes 32767
wevtutil sl 'Microsoft-Windows-Windows Firewall With Advanced Security/Firewall' /e:true
Illustrative mockup for windows-server-2022 β€” event_or_log_viewer
Firewall operational log viewer β€” Illustrative mockup β€” Progressive Robot

Solution β€” Alternative Approaches

Forward firewall events to SIEM for centralized analysis.

wecutil qc /q
New-WinEvent -ProviderName Microsoft-Windows-Windows Firewall With Advanced Security

Verification & Acceptance Criteria

Blocked packets should appear in pfirewall.log within test window.

Test-NetConnection  -Port 81
Select-String -Path 'C:WindowsSystem32LogFilesFirewallpfirewall.log' -Pattern 'DROP' | Select -First 5

Rollback Plan

If storage overhead is high, reduce log scope and size.

Set-NetFirewallProfile -Profile Domain -LogAllowed False -LogBlocked True -LogMaxSizeKilobytes 8192

Prevention & Hardening

Standardize firewall logging baseline across OUs.

Get-NetFirewallProfile | Export-Csv C:Tempfirewall-profiles.csv -NoTypeInformation

Related to inability to diagnose WinRM, SQL, and SMB blocked flows.

Related tutorial: View the step-by-step tutorial for Windows Server 2022.

View all Windows Server 2022 tutorials on the Tutorials Hub β†’

Browse all common problems & solutions on the Tutorials Hub.

References & Further Reading

Microsoft Learn firewall logging and event channels on Windows Server 2022.

Need Expert Help?

If you cannot resolve this yourself, our team offers hands-on Server Management, Managed IT Services, and flexible Support Plans. Contact us today β€” we respond within one business day.