Hi,
I have a setup with the following servers running Windows Server 2016
1x RDGW, RDCB, RDWA, RDLicensing.
5x RDSH
Im using UPD on the collection.
I have noticed very long login times, after policys etc are shown on screen it sits at a black screen for between 20sec and sometimes up to 5min.
I have also noticed that the svchost.exe that controls the Windows Firewall is using 25% to 50% when a user logs in and using around 1200Mb memory.
After I found this I checked the Windows Firewall with Advanced Security and found thousands of Cortana, Work or school account, Your account, Contact Support rules.
I found a script in this thread that could delete the rules https://social.technet.microsoft.com/Forums/windows/en-US/9aad7675-d1ba-4900-9d85-0cd117f5514f/new-firewall-rules-created-for-each-user?forum=win10itprosetup
This made the CPU usage and memory usage go down to normal levels, but after every login a user does it builds up the list of rules again. With many users logging in to the system the rules build up very fast and the login times gets high and every server gets slow.
Example on our RDSH01 server that have been running in production since 2017-04-13 the script found and deleted 66153 rules that it found with "$Rules = Get-NetFirewallRule -All | Where-Object {$profiles.sid -notcontains $_.owner -and $_.owner }"
The script also tryed to get rules with this command "$rules2 = Get-NetFirewallRule -All -PolicyStore ConfigurableServiceStore | Where-Object { $profiles.sid -notcontains $_.owner -and $_.owner }" but fails with an "not enough space error"
The script removes the rules from here with the content of $rules "HKLM:\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules"
and $rules2 was meant to clean up at "HKLM:\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable\System"
but doesnt do anything because of the error on the Get-command. If I try to access it with regedit it stops to respond, guessing there are too many items in that container for it to handle.
Anyone know a solution for this problem?
Regards Fredrik