Solved

Can't ping or run tracert to certain domains/ip addresses - Destination Host Unreachable.

Posted on 2008-06-11
7
1,031 Views
Last Modified: 2012-05-05
I recently noticed that I am unable to ping (or run tracert) to certain domains/ip addys from our server. Most importantly, I can reach the licenseupdate server for trendmicro - which is how I realized we had a problem.

Example:
no problems ping/tracert to the following domains
google.com
espn.com

for the following domains, I am able to resolve the ip address, but the ping comes back and says Destination Host Unreachable.
If I run a tracert, I get the Destination Host Unreachable. as well
licenseupdate.trendmicro.com
vortechhosting.com

We are using a Linksys RV042 Router.
I can ping ANY/ALL sites/addys from the Router with no problems (in the diagnostic section)

Server ipconfig/all
Windows IP Configuration

   Host Name . . . . . . . . . . . . : SERVER
   Primary Dns Suffix  . . . . . . . : iscg.local
   Node Type . . . . . . . . . . . . : Unknown
   IP Routing Enabled. . . . . . . . : Yes
   WINS Proxy Enabled. . . . . . . . : Yes
   DNS Suffix Search List. . . . . . : iscg.local

Ethernet adapter Server Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet
   Physical Address. . . . . . . . . : 00-15-C5-F6-C4-8A
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 192.168.10.10
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.10.1
   DNS Servers . . . . . . . . . . . : 192.168.10.10
   Primary WINS Server . . . . . . . : 192.168.10.10

Route Print from server:
IPv4 Route Table
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x10003 ...00 15 c5 f6 c4 8a ...... Broadcom NetXtreme Gigabit Ethernet
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0     192.168.10.1    192.168.10.10      1
        127.0.0.0        255.0.0.0        127.0.0.1        127.0.0.1      1
     192.168.10.0    255.255.255.0    192.168.10.10    192.168.10.10     20
    192.168.10.10  255.255.255.255        127.0.0.1        127.0.0.1     20
   192.168.10.255  255.255.255.255    192.168.10.10    192.168.10.10     20
        224.0.0.0        240.0.0.0    192.168.10.10    192.168.10.10     20
  255.255.255.255  255.255.255.255    192.168.10.10    192.168.10.10      1
Default Gateway:      192.168.10.1
===========================================================================
Persistent Routes:
  None

0
Comment
Question by:rheide
  • 4
  • 3
7 Comments
 
LVL 3

Expert Comment

by:patrickfromsc
ID: 21762319
Your server its own DNS, which is precisely how you want it setup as an AD controller.  You also want to go into the DNS server properties and configure it to use forwards, and ideally input your ISP's DNS servers in order of lowest latency, according to ping results.  Then stop and start the DNS Server service, and verify that you can once again resolve DNS queries.

I have had routers act strange from time to time and block DNS (port 53) traffic, so cycle power on the router if the above doesn't resolve it.

Regards,
PfSC
0
 

Author Comment

by:rheide
ID: 21765397
I have confirmed our ISP's DNS servers are set as the forwards and also confirmed the ip address of the server is NOT in there. Although everything was correct, I stopped/restarted DNS - no change.

Next (I just did this since I had to wait until everyone was off) - I restarted the router - still no luck.

Please keep in mind...
This is a Windows Small Business Server 2003
I CAN ping these sites from the router (in the diagnostic section).
I CAN ping these sites from other computers on the network.
From the server, I CAN ping pretty much every site I try except for a few random sites (basically 99.999% of the sites/ips ping just fine)

Any other ideas would be greatly appreciated.

-R
0
 

Author Comment

by:rheide
ID: 21766256
I haven't solved the problem but I've got some additional information.

After doing some research, I realized I get the "destination host uncreachable" error when I attempt to connect to ANY ip that starts with 216.x.x.x

Hopefully this will help someone point me in the right direction. Thanks.
0
Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

 
LVL 3

Accepted Solution

by:
patrickfromsc earned 500 total points
ID: 21766268
It's obvious that this problem is isolated to your SBS server.  Your next step is to reset the IP stack, which is fairly painless.  From a command prompt, type "netsh int ip reset c:\reset.log" and hit enter.  Here is a MS article on the basic procedure as well:
http://support.microsoft.com/kb/317518

This command will run with no apparent action (though the log file is populated), and only takes a second.  You'll need to reboot the server and retest.  Let us know your results.
0
 
LVL 3

Expert Comment

by:patrickfromsc
ID: 21766307
Is ISA installed on the SBS?  If it were, but no PCs were using it as their proxy, and the Local Address Table (LAT) was wrong (i.e. 216.x.x.x was configured as local), then it could cause this.  A stretch though.
0
 

Author Comment

by:rheide
ID: 21766316
Hello. No ISA is not installed.
After reading your last post about the IP stack reset, I read the article you provided by MS. Since I am remoted in, it sounds like it is something I need to do while standing in front of the server. Once I have a chance to do this, I will let you know how it goes. Hopefully in the next 48 hours.
Thanks!!
0
 

Author Comment

by:rheide
ID: 21766388
Well, I got it figured out. Its embarrasing to admit, but its something I did months ago.
We were having problems with hackers attempting to login to our SBS, so I created multiple IP bans using IP Security. As you can guess, one of the bans was for 216.x.x.x   Ooops.

patrickfromsc - thank you for taking the time to help - after your suggestion, it got me thinking what the reset would do and somehow I remembered what I had done in the past. SO, considering your solution would have fixed it - I am awarding the points to you!!

Thanks again!
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

The problem of the system drive in SBS 2003 getting full continues to be an issue, even though SBS 2008 and SBS 2011 are both in the market place.  There are several solutions to this, including adding additional drive space or using third party uti…
The articles for turning off the Client firewall policy on the internet are for SBS 2008 and don't really help for SBS 2011. They actually moved the Client firewall policy. In 2011, the client firewall policy has moved to the SBS computers conta…
Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…
Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now