?
Solved

Unable to ping 2003SBS but can still access it ok

Posted on 2009-04-27
36
Medium Priority
?
229 Views
Last Modified: 2012-05-06
We have a 2003sbs that is unable to be pinged from any other server except itself.
All clients can access the server via IP or name resolution, but nobody can ping the server via IP or name.
Event Viewer seems ok, there are no additional firewall programs, or ISA.

Has anybody any ideas what i can check next?
0
Comment
Question by:total123
  • 19
  • 13
  • 2
  • +1
36 Comments
 
LVL 71

Expert Comment

by:Chris Dent
ID: 24242133

If you run the command below does it give you a lovely blank screen at the command prompt (replace sbsserver with the server name or IP)?

telnet sbsserver 389

Or does it give you a time-out message?

If it's a blank screen then connectivity is fine and I would have to suspect that something is blocking ICMP traffic (used by Ping). That could be either on the clients or on the server, the Windows Firewall is the obvious first candidate for the client-side.

Chris
0
 

Author Comment

by:total123
ID: 24242309
from the server i get a white box appearing with 0: telnet 192.168.1.x 389 within the cmd box?

0
 

Author Comment

by:total123
ID: 24242344
i have just been looking through the event viewer logs again, and some days ago stumbled upon the event id- 4521 in DNS, saying that the "DNS server encountered 32 errors whilst attempting to load the zone from Active Directory"
There appear to be numerous events with the sam eerror. Not sure how i missed that the first time around.
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
LVL 26

Expert Comment

by:jar3817
ID: 24242370
"there are no additional firewall programs"

What about the built-in firewall in server 2003, is that enabled? If so, you can add an exception for ICMP traffic (pings)
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 24242374

The errors won't be relevant to Ping. Especially not if "nslookup servername" gives you the IP, and pinging by IP also fails.

Could you run the command from the command prompt on one of the network clients that's failing to ping?

Chris
0
 

Author Comment

by:total123
ID: 24242415
on client pc, times out with the error "could not open connection to the host on port 389. COnnection failed"
0
 

Author Comment

by:total123
ID: 24242507
the server Windows Firewall is disabled, as is my client that i am testing it with.
0
 
LVL 26

Expert Comment

by:jar3817
ID: 24242549
Do you have a speed or duplex mismatch perhaps between the switch and the server?
0
 

Author Comment

by:total123
ID: 24242572
we have 2 servers that connect to a Gigabit switch that piggy backs on to a 24 port 3com switch
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 24242606

Speed / Duplex mis-match would push the connection down to the lowest common denominator, but it shouldn't stop ICMP.

I still think something is blocking the traffic, especially if the "telnet" command I gave you works (which tests a connection using TCP).

It's not likely, but what about AV software? It would be the first time I've seen it block Ping, but it's not beyond the realms of possibility.

Chris
0
 

Author Comment

by:total123
ID: 24242649
i have disabled (for testing) the AV- Symantec Antivirus for Business.
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 24242668

I'd go further and suggest you uninstall it entirely for testing. AV rarely completely disables all its components, especially not those that plug into the network.

I take it using Telnet worked and you got a connection to the server?

Chris
0
 

Author Comment

by:total123
ID: 24242704
from client Telnet timed out, from server it did not time out, but oddly did not produce teh usual screen, Just sat there
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 24242733

Sitting there is exactly what I expect it to do :)

When you said this:

> All clients can access the server via IP or name resolution

What can they access?

Chris
0
 

Author Comment

by:total123
ID: 24242796
they can access emails, data, browse the shared folders, basically the system/network seems to be working without any probs, bit slow perhaps but nothing out of the ordinary.
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 24242886

Then it has to be something on the network level actively blocking access rather than anything else.

Has it ever allowed you to ping?

Chris
0
 

Author Comment

by:total123
ID: 24242928
I assume so, know that is a bit vague, but we have only just taking this customer on as a client.

I have run Wireshark on my clinet pc and on the server, so will go through that tonight, and report back
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 24242948

Okay, cool. It is a bit odd, I'll certainly give you that :) But if everything else works then it has to be a block rather than a malfunction.

Chris
0
 

Author Comment

by:total123
ID: 24242968
glad i can provide "interesting" problems!

could do with it being sorted soon, as we have a 2008 server that is going in as soon as this problem is solved.

Many thanks for your help so far.
0
 
LVL 39

Expert Comment

by:ChiefIT
ID: 24247596
Multiple nics on either of the computers you are pinging from or to?
0
 

Author Comment

by:total123
ID: 24248757
No, there are no multiple nics.

The wireshark report from both the server and teh client highlighted the fact that ICMP communication was unreachable, type 3 port unreachable.
i can upload the report if it would be useful?
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 24248784

Presumably you saw the outbound ICMP request from the client? Did that turn up at the server?

Chris
0
 

Author Comment

by:total123
ID: 24248874
on the server it acknowledges the fact that the client pc is sending a ping request but there are no replies to the client.

0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 24248930

Okay, interesting, so something on the server is preventing the reply. At least that rules out  the clients from being the problem.

Can the server ping itself? Or does that fail as well?

Chris
0
 

Author Comment

by:total123
ID: 24249014
pings itself via IP or name fine.
All clients are unabel to ping the server eitehr way
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 24249334

Can you check the IP Filtering under TCP/IP Properties, Options, TCP/IP Filtering?

I'd be surprised to see it set, but something must be somewhere.

Chris
0
 

Author Comment

by:total123
ID: 24249679
Everything is disabled under TCP/IP Filtering (no tick)
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 24250170

Hmmm it can't be basic IP configuration if everything else (file shares, DNS, etc, etc) works. Which leaves me convinced it's being blocked somewhere. I'm sure that's quite annoying :)

What else is installed on the DC?

Chris
0
 
LVL 39

Assisted Solution

by:ChiefIT
ChiefIT earned 300 total points
ID: 24252126
Windows firewall has a exception on it to allow ICMP echo requests. I know you travelled down this road. But, I have seen where Windows firewall was turned off, and if you go into services, you can find it running, or it is still running in the background. The firewall is flaky that way.

Go to Windows security>>Windows firewall>>advanced tab>>ICMP traffic>>and check mark Allow ICMP echo requests
0
 

Author Comment

by:total123
ID: 24257913
ChiefIt I will check that when i return to site.
Chris- its SBS so Exchange, Symantec BackupExec, Symantec Endpoint Protection, Symantec SMSME, Terminal Services, nothing else. And yes, it is annoying for no other reason that until its sorted we cant deploy our 2008SBS
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 24258114

Hmm interestingly enough there are a few others with the same problems and Endpoint Protection.

Can you try to disable Network Threat Protection? That's the firewall component of Endpoint Protection it seems.

If it works with that disabled it should just be a case of assigning reasonable policies for that. I can't be more specific I'm afraid, using McAfee here which doesn't have this feature :)

Chris
0
 

Author Comment

by:total123
ID: 24258960
i am going to remove the entire AV install from the server and see what happens, will advise when customer has completed the reboot.
0
 

Author Comment

by:total123
ID: 24259291
i have now removed AV product and disabled, the Symantec MAil Security for Microsoft Exchange, but has made no difference.
0
 
LVL 71

Accepted Solution

by:
Chris Dent earned 1200 total points
ID: 24259415

Has it removed all of it? It installs a network driver component with that lot, I wonder if there's any of it left.

Chris
0
 

Author Comment

by:total123
ID: 24259803
can not find any traces of it within the services.msc, and no background processes connected with Symantec are running.
0
 

Author Closing Comment

by:total123
ID: 31574947
Problem was solved by Microsoft, who identified that Symantec Network driver was still installed under Device Manager, System Devices.
0

Featured Post

A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

BIND is the most widely used Name Server. A Name Server is the one that translates a site name to it's IP address. There is a new bug in BIND (https://kb.isc.org/article/AA-01272), affecting all versions of BIND 9 from BIND 9.1.0 (inclusive) thro…
Resolve DNS query failed errors for Exchange
Is your data getting by on basic protection measures? In today’s climate of debilitating malware and ransomware—like WannaCry—that may not be enough. You need to establish more than basics, like a recovery plan that protects both data and endpoints.…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…

864 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question