Can't ping or run tracert to certain domains/ip addresses - Destination Host Unreachable.

I recently noticed that I am unable to ping (or run tracert) to certain domains/ip addys from our server. Most importantly, I can reach the licenseupdate server for trendmicro - which is how I realized we had a problem.

Example:
no problems ping/tracert to the following domains
google.com
espn.com

for the following domains, I am able to resolve the ip address, but the ping comes back and says Destination Host Unreachable.
If I run a tracert, I get the Destination Host Unreachable. as well
licenseupdate.trendmicro.com
vortechhosting.com

We are using a Linksys RV042 Router.
I can ping ANY/ALL sites/addys from the Router with no problems (in the diagnostic section)

Server ipconfig/all
Windows IP Configuration

   Host Name . . . . . . . . . . . . : SERVER
   Primary Dns Suffix  . . . . . . . : iscg.local
   Node Type . . . . . . . . . . . . : Unknown
   IP Routing Enabled. . . . . . . . : Yes
   WINS Proxy Enabled. . . . . . . . : Yes
   DNS Suffix Search List. . . . . . : iscg.local

Ethernet adapter Server Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet
   Physical Address. . . . . . . . . : 00-15-C5-F6-C4-8A
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 192.168.10.10
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.10.1
   DNS Servers . . . . . . . . . . . : 192.168.10.10
   Primary WINS Server . . . . . . . : 192.168.10.10

Route Print from server:
IPv4 Route Table
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x10003 ...00 15 c5 f6 c4 8a ...... Broadcom NetXtreme Gigabit Ethernet
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0     192.168.10.1    192.168.10.10      1
        127.0.0.0        255.0.0.0        127.0.0.1        127.0.0.1      1
     192.168.10.0    255.255.255.0    192.168.10.10    192.168.10.10     20
    192.168.10.10  255.255.255.255        127.0.0.1        127.0.0.1     20
   192.168.10.255  255.255.255.255    192.168.10.10    192.168.10.10     20
        224.0.0.0        240.0.0.0    192.168.10.10    192.168.10.10     20
  255.255.255.255  255.255.255.255    192.168.10.10    192.168.10.10      1
Default Gateway:      192.168.10.1
===========================================================================
Persistent Routes:
  None

rheideAsked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
patrickfromscConnect With a Mentor Commented:
It's obvious that this problem is isolated to your SBS server.  Your next step is to reset the IP stack, which is fairly painless.  From a command prompt, type "netsh int ip reset c:\reset.log" and hit enter.  Here is a MS article on the basic procedure as well:
http://support.microsoft.com/kb/317518

This command will run with no apparent action (though the log file is populated), and only takes a second.  You'll need to reboot the server and retest.  Let us know your results.
0
 
patrickfromscCommented:
Your server its own DNS, which is precisely how you want it setup as an AD controller.  You also want to go into the DNS server properties and configure it to use forwards, and ideally input your ISP's DNS servers in order of lowest latency, according to ping results.  Then stop and start the DNS Server service, and verify that you can once again resolve DNS queries.

I have had routers act strange from time to time and block DNS (port 53) traffic, so cycle power on the router if the above doesn't resolve it.

Regards,
PfSC
0
 
rheideAuthor Commented:
I have confirmed our ISP's DNS servers are set as the forwards and also confirmed the ip address of the server is NOT in there. Although everything was correct, I stopped/restarted DNS - no change.

Next (I just did this since I had to wait until everyone was off) - I restarted the router - still no luck.

Please keep in mind...
This is a Windows Small Business Server 2003
I CAN ping these sites from the router (in the diagnostic section).
I CAN ping these sites from other computers on the network.
From the server, I CAN ping pretty much every site I try except for a few random sites (basically 99.999% of the sites/ips ping just fine)

Any other ideas would be greatly appreciated.

-R
0
Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
rheideAuthor Commented:
I haven't solved the problem but I've got some additional information.

After doing some research, I realized I get the "destination host uncreachable" error when I attempt to connect to ANY ip that starts with 216.x.x.x

Hopefully this will help someone point me in the right direction. Thanks.
0
 
patrickfromscCommented:
Is ISA installed on the SBS?  If it were, but no PCs were using it as their proxy, and the Local Address Table (LAT) was wrong (i.e. 216.x.x.x was configured as local), then it could cause this.  A stretch though.
0
 
rheideAuthor Commented:
Hello. No ISA is not installed.
After reading your last post about the IP stack reset, I read the article you provided by MS. Since I am remoted in, it sounds like it is something I need to do while standing in front of the server. Once I have a chance to do this, I will let you know how it goes. Hopefully in the next 48 hours.
Thanks!!
0
 
rheideAuthor Commented:
Well, I got it figured out. Its embarrasing to admit, but its something I did months ago.
We were having problems with hackers attempting to login to our SBS, so I created multiple IP bans using IP Security. As you can guess, one of the bans was for 216.x.x.x   Ooops.

patrickfromsc - thank you for taking the time to help - after your suggestion, it got me thinking what the reset would do and somehow I remembered what I had done in the past. SO, considering your solution would have fixed it - I am awarding the points to you!!

Thanks again!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.