[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 3404
  • Last Modified:

Windows 7 cannot ping or connect to Windows 2003 Domain Controller

I have had this problem with every Vista/7 machine I've connected to this network--none can see my primary domain controller running Windows Server 2003 R2 Standard. I have several other Win 2k3 servers (some R2, some not) that are not domain controllers and my Vista/7 machines have no trouble pinging them, accessing file shares, etc. It's only the domain controller I can't connect to.

I've tried researching and troubleshooting this problem multiple times since 2006 with no successful resolution, but I'm hoping this time around may be different. I'm sure upgrading to Server 2008 would solve the problem, but that's not an option at the moment.

Because of this connection issue, I can't join these newer machines to the domain, connect them to the exchange server, certain network printers, etc.

Any creative solutions and configuration suggestions are welcome on both the Client side and the Server side. I really must get this fixed!

Thanks.
0
RandomPsychology
Asked:
RandomPsychology
  • 19
  • 19
  • 13
  • +6
4 Solutions
 
Justin OwensITIL Problem ManagerCommented:
Windows Vista and Windows 7 can join a 2003 domain and have full AD functionality there.  I noticed your question is in the SBS zone as well.  Is your DC an SBS server?  When you say you cannot connect to your DC, what methods have you tried (UNC from command, PING, nslookup, etc.)? Have you ensured that DNS is functionally the same on your XP machines and your Vista/7 machines?  Have you disabled IPv6 on the Vista/7 machines?

Justin
0
 
RandomPsychologyAuthor Commented:
I can ping all of our machines and servers except the DC itself. Since I can't get a connection to it, joining from the cmd prompt doesn't work either. DNS is set up the same across the board. The XP machines are fine, the Vista/7 ones aren't. IPv6 is off and I've tried IPv4 on both a DHCP and Static configuration.

The server doesn't have all of the latest Windows Updates at the moment, but the Win 7 machine does.
0
 
Justin OwensITIL Problem ManagerCommented:
Do you have any NAT rules on your LAN that look for a particular OS before allowing connection to your DC?  Can you ping the DC by IP rather than by name?  If you ping by IP, what is the result?  If you ping by netbios name, what is the result?  What is the result of an nslookup on the DC server name from a Vista/7 machine?
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
RandomPsychologyAuthor Commented:
There are no NAT rules in effect.
I can't ping, even by IP address.
Pinging by any method results in "Request timed out"

nslookup shows this:
Server:  exchange.raleigh.planworx.com
Address:  192.168.0.2

DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
*** Request to exchange.raleigh.planworx.com timed-out
0
 
Justin OwensITIL Problem ManagerCommented:
Do you have any firewall running on your DC?
0
 
RandomPsychologyAuthor Commented:
no firewalls inside the NAT
0
 
scaliouetteCommented:
Sounds like there is a problem with the DNS.  Is WINS installed on your network?  This would also help.   Also I would make sure the Windows Firewall is turned off to see if that makes a difference.
0
 
Justin OwensITIL Problem ManagerCommented:
Sorry, I meant the Windows firewall that comes installed on the machine.  Also, is this a standard Windows 2003 server or an SBS?
0
 
Justin OwensITIL Problem ManagerCommented:
It does seem like a DNS problem, but it is odd that it would only affect Vista and 7 and not XP and the server OSes.
0
 
Rob WilliamsCommented:
If you cannot ping by IP there is something other than or in addition to DNS that is a problem.
It pretty well has to be a physical connection issue such as bad NIC or driver (unlikely in this case), switch, cabling, or I still question the possibility of a firewall or security suite causing issues. This would most likely be on the server but could be an "un-secure" IP or zone in a PC security software.

Can the SBS ping the Vista machines?
Is RRAS enabled on the server?
Do you ave a VPN of any sort configured on the Vista machines?
could you post a rout print from one of the problematic machines, and perhaps the SBS itself?
0
 
RandomPsychologyAuthor Commented:
There are no firewalls anywhere within the office, so that can't be a problem.
This is a brand-new machine, *all* network connections work fine except to the DC (which as been the case with every other Vista/7 machine I've tried)
The server (which is actually just 2003 R2 Standard, not SBS) cannot ping any Vista/7 machines; however, every once in awhile (and it is very random) I can get the machines to ping eachother by IP or Netbios name. It also seems like if I set the Vista/7 machine to ping the DC constantly, it eventually starts working and will stay "connected" until I stop the ping (i.e. all network connections to the DC work until I stop the forever ping).
No VPNs or anything.

I'm checking on WINS and RRAS and will post back later with the results.

This must be some sort of protocol incompatibility between Vista/7 and 2003 DCs.

Thanks for all the tips so far!
0
 
Naithan ArroyoCommented:
Does your Sever Have Other Ethernet Cards I had this issue Once before i Switched off the faulty nic card and activated another one, my server had 3 Nic cards.
0
 
Rob WilliamsCommented:
Ping/ICMP is a pretty universal protocol. I cannot see any reason to see a difference with Vista. However the windows firewall does handle ICMP requests separately from other protocols.

Is RRAS enabled on the server?
Do you ave a VPN of any sort configured on the Vista machines?
Could you post a route print from one of the problematic machines, and perhaps the SBS itself?
Do you have any speed or duplex settings on the switch, server, or Vista machines set to other than auto?
0
 
Justin OwensITIL Problem ManagerCommented:
TCP/IP is TCP/IP.  Lack of ping ability has nothing to do with the client or server OS.  I can tell you that I have well over 10000 clients running a mixture of XP, Vista, and 7 with no issues like you are describing.    Incompatibility between 2003 DC and Windows Vista/7 is not an issue.

Have you ever been able to isolate it to a particular segment of your network, such as a particular VLAN or switch fabric?  Are ALL Vista/7 clients affected this way or just some?  You say that the clients can ping your non-DC servers.  Is this by IP or by name?  Are the non-DC servers on the same network segment as the DC?

This really seems to be a network issue rather than an OS issue.  If you have verified that the Windows firewall is disabled on your DC and on your clients, that leaves hardware.  Wires, hubs, switches, LANS, VLANS, NAT, etc.

How much troubleshooting have you done in those directions?
0
 
Rob WilliamsCommented:
Vista and Win 7 do have an option that XP and others do not have called "network location type". If you choose Public this will block most access to the PC. Not sure exactly what all it blocks in either direction. In a workgroup it should be set to private (work or home) and after joined to a domain it will automatically be set to Domain. You can check and change by going to Network and sharing centre and clicking customize). I suspect that will only block incomming connections but worth checking. If set to public change to private.
0
 
RandomPsychologyAuthor Commented:
This is definitely not a hardware or firewall problem. I have tested multiple machines from multiple places in the office with the same result. We have about 10 machines on this network at present and probably 30 a year ago. I tested Vista then on an older 2003 server and had this same problem. We replaced the server a year ago or so with 2003 R2. I grabbed a Vista machine, tested it against the DC and encountered the same issue. It *must* have something to do with the way this 2003 DC is configured, because everything else in the network works as it should. I just can't understand why XP machines have no problem connecting while Vista/7 machines do. The Windows 7 machine I'm testing now (and need to put into production soon) is brand new.

There's only one LAN, I have a patch panel and a network switch, both of which are working perfectly. My Ethernet cables are good.

WINS and RRAS are installed on the 2003 server, but RRAS is disabled and unconfigured. WINS seems to be behaving normally as far as I can tell...

There's a Cisco PIX sitting between the network and Internet, but since I'm internal, that shouldn't affect the DC. A couple people connect from the outside, but they all use XP.

I can ping all clients except the DC by both IP and Name. I access fileshares, etc without problem.

All of my "location" settings are correct--set to Private network, various sharing options turned on, firewall off. And remember this is not just one machine--it's any Vista/7 machine I've ever connected to the network. Even my personal laptop running 7 can't see the DC...

This has me stumped!
0
 
Justin OwensITIL Problem ManagerCommented:
When you do an NSLOOKUP from your Vista/7 client to a different server, what results do you get?  Could you post screen shots of an NSLOOKUP against your DC and another against a different server?
0
 
RandomPsychologyAuthor Commented:
One other note...

Earlier today, I did get the new Windows 7 machine joined to the domain--it communicated with the DC for about 10 minutes. I've also seen this happen with test Vista boxes last year, but could never get them to stay in communication with the DC.

I also have no trouble doing domain logons after the systems are freshly booted--although there is a secondary domain controller running 2003 std that is our main file server and I've never had any issue getting connected to that.

So I guess we can maybe agree that the problem lies with the primary DC config??
0
 
Justin OwensITIL Problem ManagerCommented:
What is the OS of the DC holding the PDC FSMO Role?
0
 
RandomPsychologyAuthor Commented:
The OS of DC holding PDC FSMO is Windows 2003 R2 Standard.


NSLOOKUP to EXCHANGE (the problematic server):
DNS request timed out.
    timeout was 2 seconds.
Server:  UnKnown
Address:  192.168.0.2

DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
*** Request to UnKnown timed-out

NSLOOKUP to SERVER3 (secondary DC, connects fine), nslookup fails due to primary DC issue
DNS request timed out.
    timeout was 2 seconds.
Server:  UnKnown
Address:  192.168.0.2

DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
*** Request to UnKnown timed-out
0
 
Justin OwensITIL Problem ManagerCommented:
Is your DNS AD integrated?
0
 
RandomPsychologyAuthor Commented:
DNS is integrated with AD, yes.
0
 
Justin OwensITIL Problem ManagerCommented:
Honestly, it looks like DNS is not functioning correctly.  Can you check your logs on your PDC emulator DC and let me know if there are any errors in the DNS or AD replication?

0
 
RandomPsychologyAuthor Commented:
The only error I can find regarding the DNS is on the PDC.

Event 4004: The DNS server was unable to complete directory service enumeration of zone raleigh.planworx.com. This DNS server is configured to use information obtained from Active Directory for this zone and is unable to load the zone without it. Check that the Active Directory is functioning properly and repeat enumeration of the zone. The extended error debug information (which may be empty) is "".

This error last occurred multiple times on 12/1/09 and before that several times on 9/6/09. Hasn't come up since.
0
 
Justin OwensITIL Problem ManagerCommented:
Are each of your Domain controllers set to look at themselves as the primary DNS server?  You have made sure that your DNS servers to NOT look to any external DNS servers (like an ISP) for secondary or tertiary DNS, correct?  If there are secondary NICs in the server unused, make sure they are disabled.  Also, make sure your Time service is configured correctly and not giving you any errors.
0
 
RandomPsychologyAuthor Commented:
Yep, all of those are properly configured. Secondary DC has two NICs, both active and Primary DC has one. Pointing to internal DNS only. Time service not showing any errors and is turned on.
0
 
Rob WilliamsCommented:
DrUltima, not suggesting there are not issues that point to DNS problems, but it has to be more basic if the Vista machines cannot ping the DC by IP.

as asked before:
Do you ave a VPN of any sort configured on the Vista machines?
Could you post a route print from one of the problematic machines, and perhaps the SBS itself?
Do you have any speed or duplex settings on the switch, server, or Vista machines set to other than auto?
0
 
RandomPsychologyAuthor Commented:
I do not have *any* VPNs configured on any machine in the office.
The server and the machines are on the same LAN so there is exactly one-hop from the machines to the server. Tracert = useless.
Speed and duplex settings are all set to auto.

I have 10+ XP machines that are and have been connecting fine for years. I could go buy a new XP machine today and it would work fine. This *must* be a configuration issue either on the Vista/7 clients or on the server itself. It is definitely not a physical network issue. I ruled that out ages ago.
0
 
Rob WilliamsCommented:
I have never heard of a configuration on a working network other than a firewall that would block pings addressed to the IP. Also as DrUltima stated I have never had any issues with Vista or Win7 pinging a 2003 or 2008 server, by IP. There can be DNS or group policy issues that prevent joining the domain, but not basic IP Pings.

Sorry, very interesting question but I have no further ideas, at this time.
0
 
Justin OwensITIL Problem ManagerCommented:
I agree that it is more basic than just DNS.  Ping should work, regardless, by IP.  Can your Vista/7 clients ping the secondary DC with two NICs, or no DCs at all?
0
 
RandomPsychologyAuthor Commented:
Vista/7 machines can ping the backup DC without a problem. I also have two other servers running Win 2k3 R2 (one for a sqlserver and one as a "warm" backup machine) that I have no trouble accessing.

The PDC is an HP ProLiant server with a single NIC. I've checked basic config settings there and didn't see anything amiss. 802.1x authentication was turned on, so i tried disabling that, but it didn't change anything.

The pings have to be getting from the Vista/7 boxes to the PDC, but for some reason the server "chooses" not to respond, thus we end up without a connection. (This is my hypothesis)
0
 
Rob WilliamsCommented:
When first researching this question I stumbled on an earlier post by giltjr where he had seen a situation where the windows firewall was disabled, but ICMP requests were denied. Disabling the "Windows Firewall/Internet Connection Sharing (ICS) service resolved. Make sure it is disabled since you are not using the firewall.
0
 
Rob WilliamsCommented:
Never mind if that were a problem the XP machines would be blocked as well.
0
 
Justin OwensITIL Problem ManagerCommented:
What other roles does your primary DC host (outside of AD controller and DNS)?

Justin
0
 
LarcenIIICommented:
I think you should address RobWill's point about Network Location type. It sounds like you choose Public as the network type, instead of Private.

You should choose PRIVATE HOME OR BUSINESS.

Forgive me if you've checked, but I could not find where you responded.
0
 
Justin OwensITIL Problem ManagerCommented:
Jason, look at post 26194236.  I think he already checked that.

Justin
0
 
RandomPsychologyAuthor Commented:
@larcenlll: This problem is way more complicated than that. And yes, I did previously answer this. My network is set to Business (private) just to clarify.

@drultima: I have these roles installed on the PDC:
-File Server
-Print Server
-Application Server
-Domain Controller (Active Directory)
-DNS Server
-DHCP Server
-WINS Server

It also has Exchange 2003 installed and runs all the mail functions. It's primary purposes are PDC and Mail. Those other roles are just installed for a couple specific apps. We have another server that is the primary file server.
0
 
Rob WilliamsCommented:
Still perplexed by this. Vista has IPv6 installed by default and 2003 does not. I know you mentioned IPv6 is disabled on Vista, but if it somehow was trying to send and or receive ping using IPv6 it could cause the problem. Since it is off, check the binding order by opening the network connections window and on the menu bar go to advanced | advanced settings | adapters and bindings | verify IPv4 has the higher priority. It should by default, and it is not likely the problem since Vista can ping other servers, but one more thing to verify.

Also verify IPv6 is not enabled on the server in case they are trying to unsuccessfully negotiate using it.
0
 
LarcenIIICommented:
I agree with RobWill, in short Solve your ping problem, and the rest should follow.

Logic dictates that if you can't ping your server from ANY win7/vista boxes, but you CAN from and XP box, then is MUST be a protocol issue, and since it's unlikely that every Vista, Win7 box is configured wrong, then it must be the configuration on the server.

If you cannot ping, then you are at least not getting ICMP through, which means it's either blocked or a protocol issue.

All your exchange mail server settings and Domain Controller related information is largely irrelevant. They aren't communicating. Follow SOP, check the IP settings, check any firewall rules or any security applications, and then check the media.

I'm assuming these Vista and Win7 boxes can ping the XP machines right? Did you check that they can connect to other things? I suggested a simple solution, because sometimes we unnecessarily escalate issues and start over troubleshooting because we missed something too obvious.

It happens to all of us, just recheck the basic stuff a third time if you have to. It sounds like you just need to step away from the problem and reapproach it fresh.

Disable all the IPv6 junk and when you ping 192.168.1.1 - what ever it's IP address is - What does it say? Remember, we can't see it, you need to spell the results out exactly, "It don't work" isn't specific enough. Sometimes the little things can make a big difference.

You seem very knowledgeable, We both are, but sometimes perspective makes all the difference.
I don't know if you've tried running a port scanner to see if only ICMP packets are being dropped, or tried running tracert to see if it's being routed to timbucktu first, but I also don't think we need to do any of that.

I'd like you post post a bit more information about your network if you didn't mind, to help me visualize the problem.

Gateway:

Server IP:
Server Subnet:

Client IP:
Client Subnet:

ICS service Status on server:

Ping results from both Client, and Server. Do not use names, just ip addresses.

List any AV software on either, disabled or not.

Sorry, I know this all seems basic, I'm trying to insult anyone intelligence, but this post is getting really long, and I just want some firmer information to work with.
0
 
LarcenIIICommented:
lol NOT TRYING TO INSULT... sorry! :P typo, my bad...
0
 
RandomPsychologyAuthor Commented:
I agree that it has to be a "basic" protocol or communication problem and it seems like it would have to be a problem with that one server since everything else on the network is communicating fine. I read something about the TCP Receive window on Vista/7 being different than Server 2003, but adjusting this didn't seem to do anything either.

Here's the information you requested...

Gateway: 192.168.0.1 (this is a Cisco PIX device--firewall to outside Internet)

Server IP: 192.168.0.2
Server Subnet: 255.255.255.0

Client IP: 192.168.0.103
Client Subnet: 255.255.255.0

ICS service Status on server: I've tried both enabled and disabled. No effect. Currently enabled, but firewall is off.

Ping results from both Client, and Server. Do not use names, just ip addresses.
CLIENT ping to server:
Pinging 192.168.0.2 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 192.168.0.2:
    Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

SERVER ping to client:
Pinging 192.168.0.103 with 32 bytes of data:

Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 192.168.0.103:
    Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

List any AV software on either, disabled or not.
TrendMicro Client/Server Security enabled on both Client and Server. Note, that when I first hooked up the client, it had no AV installed. I installed it after I discovered the communication error, so I *think* that's unrelated.
0
 
Justin OwensITIL Problem ManagerCommented:
Can you install Wireshark on the server and client and capture the network traffic to and from them while you are trying to ping it from the Vista machine?  Same with from the DC?  If you only have it running for the few seconds that the pings are running, it should be small enough to post.  Another alternative is a switch log that show traffic to and from the ports which have the Vista machine and the DC.

Justin
0
 
RandomPsychologyAuthor Commented:
Okay, Wireshark was a great idea! When I ping the Server from the Client, the server picks up nothing. The packets don't ever seem to be reaching the Server. HOWEVER, when I ping the Client from the Server, the Client receives the ICMP packets! Here's the weird thing though, when the ICMP packets come into the Client from the affected Server, it says that the Header Checksum is bad. It says:

Header checksum: 0x0000 [incorrect, should be 0x9238]

So because of that, the client never sends a response. When I try to ping the Server from the Client, I get the same message on the client. So I'm always seeing incorrect header checksum on the client side.

The server apparently never thinks anything is wrong, but it also never receives the client packets in either direction.

What in the world would be causing that??

(I can post output from the Wireshark log, but it seemed long and verbose and the only problem I saw was the header issue. Let me know if you need something more.)

Maybe we're getting somewhere?? :)
0
 
Justin OwensITIL Problem ManagerCommented:
OK... Header checksums are normally corrupted by hardware (but not always).  So....

I know you have already said you don't have NAT, but make sure your PIX isn't filtering anything based on OS.  I don't know how to do that, as I am not a network specialist.  Alternately, try throwing a seperate NIC into a vista machine.  See if that fixes the issue.  Also, try rebuilding your TCP/IP stack on the errant client.  Maybe your image has a fault...

Justin
0
 
Rob WilliamsCommented:
Agreed usually hardware issue.
Where the only common denominator is the server perhaps updating the NIC drivers, is in order and firmware if available. Resetting the stack on a DC can be a little harry if you don't have to, I wouldn't. To confirm its' not SBS, if it is I wouldn't do a reset.
0
 
Justin OwensITIL Problem ManagerCommented:
It's not SBS, according to earlier posts... Updating firmware on the NIC on the server is a good idea.  You may also want to update the firmware on your PIX and on your switch.

Justin
0
 
Naithan ArroyoCommented:
Say, If its Faulty Nic Card Replace it.

 As, I Stated in post 26193219. I did run into an issue similar to this.
0
 
RandomPsychologyAuthor Commented:
I'm going to try those things as soon as I can (later tonight after everyone leaves and the server is basically idle). I also found a hotfix on the MS website (kb948496) that describes a similar issue, so that may help. I'll let you all know later on if it's fixed!

This server only has one Nic and it's integrated, so if there's something wrong with the hardware then...that's not good.
0
 
Rob WilliamsCommented:
If necessary, you can always disable it in device manager, or better still in many cases in the BIOS, and then add one. I would think it is more driver or firmware if anything, than a physical problem.
0
 
Cris HannaCommented:
RandomPsychology:
you mentioned CISCO PIX
I have a customer who also had a cisco pix in a network config exactly like yours and Vista Machines and Win7 could not connect/ping/get an IP, etc.
We took out the Cisco PIX and replaced it with a Calyptix Access Enforcer..guess what the problem went away!   I'm not a Cisco guy..and we wanted the UTM advantages of the Access Enforcer anyway, so never tried to figure out what the issue with the PIX was..but that was definitely the issue
0
 
Rob WilliamsCommented:
I can see that especially if older firmware but are all clients and servers plugged into the PIX or a switch? If a switch I wouldn't think the PIX would come into play within the LAN. Definately worth looking at though.
0
 
Cris HannaCommented:
In my customer's situation, single nic in the server, plugged into a HP ProCurve Switch, Cisco PIX LAN port also plugged into the switch.  
replaced the PIX with the Access Enforce, boom...problem gone.
0
 
Rob WilliamsCommented:
Very interesting. Not doubting you, but i wonder why as the switched traffic should have remained between the server and client, but obviously there is something odd going on here too. I have run into some "funky" issues with a few routers and Vista, but most was with outgoing services.
0
 
Cris HannaCommented:
I would agree that one would not have expected such behaviour.  I was fully prepared that putting in the other firewall would have the same behavior, but very happy when it didn't.
To the author, get an inexpensive netgear, Linksys, whatever, configure the same as the pix with WAN and LAN and port forwarding..bet it goes away.   Then contact CISCO support and see if they have a solution.
0
 
RandomPsychologyAuthor Commented:
Interesting theory. As far as I know the PIX shouldn't be affecting internal communications since it simply sits between the LAN and the outside world...not between the LAN and the PDC. The PIX is plugged into an 8-port gigabit switch which along with 3 servers (including the PDC). That switch is plugged into an HP ProCurve 48-port switch that connects the rest of the office. Since I can ping and access two of the three servers from Vista/7, wouldn't that rule out the PIX being the culprit?

If nothing else, this experience is giving me more deep-network knowledge than I ever thought I wanted ;-)
0
 
Cris HannaCommented:
We had additional servers on the network as well and could ping those.   You can even rule this out by simply unplugging the Cisco from the switch.  I'd reboot the SBS after you do that, but you could try it without.   I suspect when the PIX is removed from the network, you'll see the issue gone.   Simple thing to try
0
 
Rob WilliamsCommented:
Any chance Vista is a "red herring" and it might be related to the fact that the Vista and Win7 machines are newer. If newer might a common denominator be Gigabit cards on those units somehow causing conflicts with the server NIC? Very possible some of the XP machines have Gigabit NICs, but more likely 10/100's

Just grasping at straws, but another isolation test might be disconnect the server and 1 problematic PC from the entire network and connect with nothing but a completely different switch and 2 new patch cables.
0
 
LarcenIIICommented:
Another good point RobWill. Check the Link Speed under the Device Manager->Network Adapter Properties.

And yes, the Pix CAN define NAT rules for the subnet.

For diagnostic purposes, you may try a cross-over cable between the server and client and try pinging the server and clients then. That would immediately eliminate any more discussion about the pix.

I would disable the AV and the ICS service on the server.

Ever hear of an Airplane crashing from just one problem? Never, it's always two things that fail to cause it to crash. Well if you have two little problems, you could run in circles forever trying to figure this out tackling them one at a time.

I though about suggesting Wireshark, but I reconsidered it when I stuck to the fact we should focus on getting ping to work, the most basic means of testing the connection.

Thank you for the extended information. What about pinging the gateway or anything else? We are all assuming you can get to the internet from these Vista Boxes, but can you?

I quit using Cicso Pix in favor of a Fortinet, that made my administration life much easier. The Pix was a little over complicated for my needs and the security rating isn't any better than the Fortinet.


0
 
RandomPsychologyAuthor Commented:
Well guys, I've continued to try to isolate the problem using solutions posted here. While I've learned some new information and have better insight into the problem as a whole, I still haven't been able to get it all working yet.

Unfortunately, I work for this company on a consulting and contractual basis, so at this point they've put things on hold. I'm going to award and distribute points to several people who provided good insight into the problem as a whole.

Thanks everyone for staying with this and helping me out!!
0
 
Cris HannaCommented:
Just curious, did you try a different router in place of the Cisco?
0
 
Justin OwensITIL Problem ManagerCommented:
Well, when you can re-examine this issue with your client, be sure you reference this Question in your new one.  It will probably save you time and energy getting to the meat of the issue.  Before you close it, you might want to summarize all the steps you took and what the results were.  In all things, best wishes.

Justin
0
 
RandomPsychologyAuthor Commented:
I removed the Cisco PIX from the equation entirely...just disconnected it from the network. The problem didn't seem to go away. I told my boss to update the firmware on the NIC to the latest version, but didn't have time to do it myself (although I really would've liked to). The driver alone didn't alleviate it.
0
 
Rogerbird1Commented:
I would like to know if the problem was ever resolved.. This is the 2nd time I have see this issue on a forum, and neither 'Fixed" the issue, I am now experiencing the same problem, adding 10 Win 7 desktops to my Winserver 2003 R2 Sp2 domain.  I can ping the DC and DC2 and File Server but not the Email server. I get 1 response then nothing. the Win 7 machines access the internet and the file server but not the mail server or the internal or external Webmail addresses. from inside my network.
I have tried joined and unjoined to my domain, win 7 machines. No windows firewall no AV.  All of my XP machines work fine.

I am running Win7 pro at home and it is connecting to the webmail server over the internet.

Roger
0
 
Justin OwensITIL Problem ManagerCommented:
Roger, it would be better to open a new Question and link to this one so that Experts have the change to address your issue specifically.
0
 
Rogerbird1Commented:
Thanks, Dr, I will.
Roger
0
 
ittechstopCommented:
I have the same exact problem with the same environment.  I disconnected the Cisco PIX 506e and Ping started to reply from the Win2003 SBS SP2 server.  I opened a support case with Cisco tonight.  I will post more when they get back to me if anyone is interested.  They are evaluating this thread, a sample wireshard packet sniff and the "show tech" and "show ver" results from the PIX.  

I can ping another server on the network (Win2003 R2) but not the 2003 SBS server which is the PDC Emulator FSMO Role Holder.  
0
 
LarcenIIICommented:
If it's an option, I would swap out the pix for a fortigate. My experiences with Fortigate have been much better than my experiences with Cisco Pix...

Just a suggestion...
0

Featured Post

Fill in the form and get your FREE NFR key NOW!

Veeam is happy to provide a FREE NFR server license to certified engineers, trainers, and bloggers.  It allows for the non‑production use of Veeam Agent for Microsoft Windows. This license is valid for five workstations and two servers.

  • 19
  • 19
  • 13
  • +6
Tackle projects and never again get stuck behind a technical roadblock.
Join Now