Solved

Can't ping or run tracert to certain domains/ip addresses - Destination Host Unreachable.

Posted on 2008-06-11
7
1,037 Views
Last Modified: 2012-05-05
I recently noticed that I am unable to ping (or run tracert) to certain domains/ip addys from our server. Most importantly, I can reach the licenseupdate server for trendmicro - which is how I realized we had a problem.

Example:
no problems ping/tracert to the following domains
google.com
espn.com

for the following domains, I am able to resolve the ip address, but the ping comes back and says Destination Host Unreachable.
If I run a tracert, I get the Destination Host Unreachable. as well
licenseupdate.trendmicro.com
vortechhosting.com

We are using a Linksys RV042 Router.
I can ping ANY/ALL sites/addys from the Router with no problems (in the diagnostic section)

Server ipconfig/all
Windows IP Configuration

   Host Name . . . . . . . . . . . . : SERVER
   Primary Dns Suffix  . . . . . . . : iscg.local
   Node Type . . . . . . . . . . . . : Unknown
   IP Routing Enabled. . . . . . . . : Yes
   WINS Proxy Enabled. . . . . . . . : Yes
   DNS Suffix Search List. . . . . . : iscg.local

Ethernet adapter Server Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet
   Physical Address. . . . . . . . . : 00-15-C5-F6-C4-8A
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 192.168.10.10
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.10.1
   DNS Servers . . . . . . . . . . . : 192.168.10.10
   Primary WINS Server . . . . . . . : 192.168.10.10

Route Print from server:
IPv4 Route Table
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x10003 ...00 15 c5 f6 c4 8a ...... Broadcom NetXtreme Gigabit Ethernet
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0     192.168.10.1    192.168.10.10      1
        127.0.0.0        255.0.0.0        127.0.0.1        127.0.0.1      1
     192.168.10.0    255.255.255.0    192.168.10.10    192.168.10.10     20
    192.168.10.10  255.255.255.255        127.0.0.1        127.0.0.1     20
   192.168.10.255  255.255.255.255    192.168.10.10    192.168.10.10     20
        224.0.0.0        240.0.0.0    192.168.10.10    192.168.10.10     20
  255.255.255.255  255.255.255.255    192.168.10.10    192.168.10.10      1
Default Gateway:      192.168.10.1
===========================================================================
Persistent Routes:
  None

0
Comment
Question by:rheide
  • 4
  • 3
7 Comments
 
LVL 3

Expert Comment

by:patrickfromsc
ID: 21762319
Your server its own DNS, which is precisely how you want it setup as an AD controller.  You also want to go into the DNS server properties and configure it to use forwards, and ideally input your ISP's DNS servers in order of lowest latency, according to ping results.  Then stop and start the DNS Server service, and verify that you can once again resolve DNS queries.

I have had routers act strange from time to time and block DNS (port 53) traffic, so cycle power on the router if the above doesn't resolve it.

Regards,
PfSC
0
 

Author Comment

by:rheide
ID: 21765397
I have confirmed our ISP's DNS servers are set as the forwards and also confirmed the ip address of the server is NOT in there. Although everything was correct, I stopped/restarted DNS - no change.

Next (I just did this since I had to wait until everyone was off) - I restarted the router - still no luck.

Please keep in mind...
This is a Windows Small Business Server 2003
I CAN ping these sites from the router (in the diagnostic section).
I CAN ping these sites from other computers on the network.
From the server, I CAN ping pretty much every site I try except for a few random sites (basically 99.999% of the sites/ips ping just fine)

Any other ideas would be greatly appreciated.

-R
0
 

Author Comment

by:rheide
ID: 21766256
I haven't solved the problem but I've got some additional information.

After doing some research, I realized I get the "destination host uncreachable" error when I attempt to connect to ANY ip that starts with 216.x.x.x

Hopefully this will help someone point me in the right direction. Thanks.
0
Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

 
LVL 3

Accepted Solution

by:
patrickfromsc earned 500 total points
ID: 21766268
It's obvious that this problem is isolated to your SBS server.  Your next step is to reset the IP stack, which is fairly painless.  From a command prompt, type "netsh int ip reset c:\reset.log" and hit enter.  Here is a MS article on the basic procedure as well:
http://support.microsoft.com/kb/317518

This command will run with no apparent action (though the log file is populated), and only takes a second.  You'll need to reboot the server and retest.  Let us know your results.
0
 
LVL 3

Expert Comment

by:patrickfromsc
ID: 21766307
Is ISA installed on the SBS?  If it were, but no PCs were using it as their proxy, and the Local Address Table (LAT) was wrong (i.e. 216.x.x.x was configured as local), then it could cause this.  A stretch though.
0
 

Author Comment

by:rheide
ID: 21766316
Hello. No ISA is not installed.
After reading your last post about the IP stack reset, I read the article you provided by MS. Since I am remoted in, it sounds like it is something I need to do while standing in front of the server. Once I have a chance to do this, I will let you know how it goes. Hopefully in the next 48 hours.
Thanks!!
0
 

Author Comment

by:rheide
ID: 21766388
Well, I got it figured out. Its embarrasing to admit, but its something I did months ago.
We were having problems with hackers attempting to login to our SBS, so I created multiple IP bans using IP Security. As you can guess, one of the bans was for 216.x.x.x   Ooops.

patrickfromsc - thank you for taking the time to help - after your suggestion, it got me thinking what the reset would do and somehow I remembered what I had done in the past. SO, considering your solution would have fixed it - I am awarding the points to you!!

Thanks again!
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The articles for turning off the Client firewall policy on the internet are for SBS 2008 and don't really help for SBS 2011. They actually moved the Client firewall policy. In 2011, the client firewall policy has moved to the SBS computers conta…
If you are a user of the discontinued Microsoft Office Accounting 2008 (MSOA) and have to move to a new computer running Windows 8, you will be unhappy to discover that it won't install.  In particular, Microsoft SQL Server 2005 Express Edition (SSE…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question