As it turns out, these rules are duplicates of the ones above – the only difference that I found was that they apply to different profiles. The rules with “user friendly” names were for the “Public” Firewall Profile, whereas the GUID rules were for “Domain” and “Private” Firewall Profiles. This is the way the Remote Desktop rules are added when you configure Remote Administration with sconfig. This relates to my previous post on “Installation Configuration: Hyper-V Server 2012“.
If you closed the window you can always access it via command line by typing:
Helpful tip for Core mode: If you closed the command prompt and have nothing on the screen, press CTRL + ALT + END
Even after enabling Remote Management, I was not able to connect to my server via RDP. I enabled ping in the sconfig Network Settings to ensure that I could see the server from my desktop, and while ping was successful I still could not open a RDP session to manage my Core installation.
I figured it was the firewall, so I disabled it completely:
netsh advfirewall set currentprofile state off
After turning the firewall off in its current profile I was able to successfully remote in to my Hyper-V Server 2012 R2 installation and finish up my settings.
Since this is a home lab setup, I am fine with the firewall being off. In a domain environment, you might turn the firewall off as well (depending on your security protocols).
At first I did not want to disable the firewall completely so I went down the path of figuring out why I could not RDP to my server. This turned out to be somewhat of a challenge.
I started by checking out the Remote Desktop rules. This command will return the name of the Remote Desktop rule and whether it is enabled:
If we had run this command prior to using sconfig to enable Remote Desktop, we would only see the first three rules. The second three rules are added and enabled when we use sconfig to enable Remote Desktop. The first three rules are not enabled, but the GUID rules are enabled. Why did sconfig create three new rules to enable Remote Desktop?
You can see here that the GUID rule (the first in the image, after I renamed it from the GUID to match the DisplayName) matches the second rule shown: “RemoteDesktop-UserMode-In-TCP” (no spaces), except for the Profile attribute, which for the GUID rule (top) is Domain, Private and for the built-in rule (bottom) is Public.
Remote Desktop rules are all now enabled and I was able to successfully RDP to my server!
These steps would be the same for the full version of Windows Server 2012 R2 Core Edition Standard or Datacenter.
I ended up figuring all of this out after a re-install of Hyper-V Server 2012 R2. What happened was that sconfig added the firewall rules for RDP (the GUID rules), but it added them for the Domain and Private firewall profiles. My server was set on the Public profile. Therefore, the rules that were added via sconfig were not applicable. Why does this happen out of the box? I suppose that is a question for Microsoft.
In the end I simply added the Domain and Private Profiles to the built-in rules, then enabled the group as above. I did NOT enable Remote Desktop with sconfig because I did not want it to add those three “extra” GUID rules. I suppose if you were going to have multiple connections using different firewall profiles then you would want separate rules, but this is for a lab setup and I like to make things less confusing!
In order to add the Domain and Private profiles to the built-in firewall rules, I used the following command. I included the Public profile just to be complete, even though it is already part of that rule: