[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Ping -A / SolarWinds DNS Audit will not resolve host names through Windows Firewall

Posted on 2008-11-18
11
Medium Priority
?
798 Views
Last Modified: 2013-12-07
I am trying to perform some Network Discovery / DNS Audits on a corporate LAN with about 50 PC Workstation hosts.  The hosts are mostly Windows XP Professional SP2/3 and belong to an Active Directory Domain with a Windows Server 2003 as the main Domain Controller hosting DNS.  

Yesterday when using a couple of the utilities from the Solarwinds Engineers Toolset (DNS Audit and Ping Scan) to try and create a list of HOSTS and their respective IP Addresses, I noticed that about half of the workstations would not come up in the SCAN results.  After a bunch of troubleshooting, I discovered that Windows Firewall was causing this problem.  If I turn Windows Firewall off, I can resolve the DNS hostname of that machine, but if it's on, it will not return the DNS name, and ping -a to the IP address will not work either.  

Can anyone help me figure out what settings I need to configure the windows firewall with so that I don't have to turn it off completely?  I would like to be able to get ping -a to work through the windows firewall.

Thanks in advance,
0
Comment
Question by:dchew
  • 5
  • 5
11 Comments
 
LVL 12

Expert Comment

by:Amit Bhatnagar
ID: 23160760
You need to allow Netbios through the Firewall. NetBIOS uses UDP 137,138 and TCP 139.
0
 

Author Comment

by:dchew
ID: 23161428
the thing is I already have those listed as exceptions.  they are added to the exception list when you add File and Printer Sharing.

0
 
LVL 12

Expert Comment

by:Amit Bhatnagar
ID: 23161555
You are correct...File Sharing can work on SMB 445 or NetBIOS (the ports I mentioned).
Ok..I tried to do the same on my Network and take a trace...my clients immediately sends out a DNS Query for a Reverse Lookup and since it is present, no other traffic is seen except DNS Query and ICMP. If I disable DNS, then all I see is NbtNS (Netbios Name Service) which works on UDP 137 and ICMP which again says, you need these ports. You can try allowing ICMP using this article

http://msdn.microsoft.com/en-us/library/ms912869.aspx
0
NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

 

Author Comment

by:dchew
ID: 23161812
yes i have seen that article and allowed every checkmark for ICMP, still ping -a does not return host names.
0
 
LVL 12

Expert Comment

by:Amit Bhatnagar
ID: 23163665
Trace? Can you take one while doing the same? I know it is kinda time consuming but it would also depend on how critical the problem is to you. :)
0
 

Author Comment

by:dchew
ID: 23181357
i'm not sure i understand that last response.  what exactly are you instructing me to do?  i have no problem trying it, just not sure what you want me to try.  w

what does "can you take one while doing the same?" mean?
0
 
LVL 12

Accepted Solution

by:
Amit Bhatnagar earned 375 total points
ID: 23183428
Oh...I apologize for not providing clear instruction. I wanted to know whether you are familiar with network trace using Wireshark or Network Monitor 3.2. It can capture all the activity that happens on the wire. You can take a trace while doing the Ping -a and it will show exactly what is happening on the wire for a better understanding. Let me know if you need any assistance for running a network trace. We need to do this on the source machine and the target machine simultaneously.

I hope it is clear now..:)
0
 

Author Comment

by:dchew
ID: 23186629
ok, i have a little bit of experience with Wireshark, and actually have it installed on a machine on this network, from a long time ago.   The version we have is :  0.99.3 (SVN Rev 19011).  Will this work for what you want me to do?  

I will need some guidance on how to "analyze the wire"...  does this mean that I need to have wireshark installed on each PC?
0
 
LVL 12

Expert Comment

by:Amit Bhatnagar
ID: 23187176
Great ! Since we already know that Windows Firewall is blocking the connection, we just need to analyze the traffic between one source and destination machine. One solution will work for all. Over this forum, it would be difficult to guide you to read the trace. If possible, take a trace. Save it in .PCAP or .CAP format. Zip it and attach it to this forum. I will read it for you but Yes, remember...We need the trace from both the Source and the Destination machine.

Although, I just realized one more step. You can enable logging for Windows Firewall and the packets which it is dropping. You can always open the Firewall log using simple Notepad and go through it.
0
 
LVL 1

Expert Comment

by:Naruto_
ID: 25248666
Make sure that the computer from where you do the resolving is fully allowed on the network. Meaning unlimited access.
Maybe you could use other software to resolve all hosts in the network.
look@LAN is a great tool to discover a complete infrastructure ... and it's free ... and that's the way i like them :)

0
 

Author Closing Comment

by:dchew
ID: 31517987
thanks!
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There have been a lot of times when we have seen the need to enter a large number of DNS entries in a forward lookup zone. The standard procedure would be to launch the DNS Manager console, create the Zone and start adding new hosts using the New…
Configuring network clients can be a chore, especially if there are a large number of them or a lot of itinerant users.  DHCP dynamically manages this process, much to the relief of users and administrators alike!
Viewers will learn how to properly install and use Secure Shell (SSH) to work on projects or homework remotely. Download Secure Shell: Follow basic installation instructions: Open Secure Shell and use "Quick Connect" to enter credentials includi…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
Suggested Courses
Course of the Month18 days, 18 hours left to enroll

834 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question