Windows firewall on multiple domain controllers (2016 & 2019) has suddenly stopped blocking RDP access to port 3389.
There was a GPO firewall rule to restrict access to the RDP port based on IP that worked fine. The GPO was initially filtered on AD group membership during testing. The AD group filter was then removed from the policy so it then applied to all DCs in the OU.
Suddenly the IP block just stopped working and connections from any IP could get through to RDP. The policy is getting applied and the restrict IP rule still gets added to the firewall, but now has no effect.
Nothing else was changed and I've scoured every possible setting but there is nothing allowing full access on the RDP port.
As a test I added a block rule for all ports and protocols. This seemed to block everything except the RDP port.
Firewall is turned on and enabled on all profiles (Domain, Private & Public) and set to block if no incoming allow rule exists.
I've tried removing the GPO, reset the firewall to defaults, deleted ALL incoming rules, set the firewall to block ALL connections and still port 3389 is open.
As another test, I changed the RDP listening port to a random port and this was blocked. Set it back to 3389 and RDP connected again.
Has anyone ever seen anything like this?