• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 470
  • Last Modified:

I got a notification that server at another locaton were offline and ping returns TTL error. What to do?

I was forwarded the notification that my three servers in NY hadn't check is since such and such time.  So I pinged the servers and the ping tries to ping the IP address it should be but it comes back with a different IP address saying "TTL expired in transit."  

I am in Chicago, how can I fix this?  This company hired me as a contractor (I've been there for a few months now) and they have no system admin :( So they are relying on me.  
0
MsAileenS
Asked:
MsAileenS
  • 12
  • 10
1 Solution
 
Don JohnstonInstructorCommented:
Sounds like a routing loop. Do you recognize the IP address that's reporting the TTL expired?

Can you ping any devices at the NY location?
0
 
MsAileenSAuthor Commented:
I do not recognize the ip addresses but I am VPNd in but that shouldn't make a difference I don't think. It looks for the correct ip address but comes back to one I don't recognize.

I can ping a workstation okay bit none of the servers, switches, or routers correctly
0
 
Don JohnstonInstructorCommented:
When you're pinging the servers and it comes back with a TTL expired, where are you pinging from? How are the pings from this device supposed to get to the servers?
0
Worried about phishing attacks?

90% of attacks start with a phish. It’s critical that IT admins and MSSPs have the right security in place to protect their end users from these phishing attacks. Check out our latest feature brief for tips and tricks to keep your employees off a hackers line!

 
MsAileenSAuthor Commented:
Not sure what you mean by "where are you pinging from"  I use the wins hostname as well as the IP address directly.  I just run cmd and ping xxx.  How are they supposed to get to the servers?  Again not sure what you mean exactly.  How is the routing table setup?  I don't know how to check that.  

Pardon my lack of knowledge, I do desktop support for them and have kind of fell into this responsibility.  I have someone going on site to reboot the switches/routers/servers.  I don't know if that will help but I didn't know what else to try.  
0
 
Don JohnstonInstructorCommented:
>Not sure what you mean by "where are you pinging from"

When you type "ping...", where is that device located? Is it on the same network as the servers? In the same building? Same state? Same country?

If you're getting a TTL expired, a router (somewhere) is discarding your ICMP echo request (ping) because the TTL (time to live) of that packet has hit zero. There are two possible reasons for this.

1) The ping started out with a really low TTL (like a 4) and that after the packet went through 4 routers, it was zero and got discarded.
2) The packet got stuck in a loop and instead of being forwarded to the destination, it started going around in circles somewhere. The TTL eventually hits zero and the packet get discarded.

Unless you're manually setting the TTL really low when you send out the ping, it's probably not #1.

Which means there's a router between you and the server that has an incorrect routing table.

If you're not the router person, you need to notify them of this situation.
0
 
MsAileenSAuthor Commented:
When I type ping I am on my computer here at home VPNd in, in chicago.  The devices I am pinging are in New York. And maybe that is not what you mean.  the routers and servers that I am pinging are all in new york on the same subnet and in the very same room.  At that location they only have 2 switches, 1 router, and 3 servers.  

I am not manually setting anything, I just type ping and then the rest.  Would the router at my location in chicago have anything to do with them in NY, it would have to be their router right?  

Unfortunately there is no router person, they recently fired them and never replaced them.  Just me, desktop support.  I would have to call in a contractor.  
0
 
Don JohnstonInstructorCommented:
What is the IP address/mask of the server and what is the IP address/mask of a router that you can successfully ping which is "in the same room".
0
 
MsAileenSAuthor Commented:
The IP of the router is 172.17.1.254 and when I ping that it comes back as 216.149.69.141.  
The IP of the server is 172.17.2.2 and when I ping it it comes back as 216.149.69.141

Wow I didn't initially notice that they are resolving at the same address!  
0
 
Don JohnstonInstructorCommented:
What is the mask of these devices.

And when you say "it comes back as", what do you mean?
0
 
MsAileenSAuthor Commented:
I don't know what the mask is, how can I get that or find out what that is?  

Also, when I say, "come back as" i mean I go to "cmd" and in the box type, "ping 172.17.2.2" and it says back, "Reply from 216.149.69.141: TTL Expired in transit."  And that same message happens with both the router and the servers.  With the same "Reply from" IP address.  

Now you have to be basic with me.  I can understand instructions if you just explain to me how to get the informaiton you are asking for.  Thank you so much for your patience.  
0
 
Don JohnstonInstructorCommented:
When an IP address is assigned to a device, you also have to define the mask. For example my PC has an IP address of 192.168.15.102 and the mask is 255.255.255.0

You said that you could successfully ping a workstation. What is the address/mask of that device.
0
 
MsAileenSAuthor Commented:
How do you get the mask of a device that is remote?  I cant log into it to do an "ipconfig"  I can ping a workstation but just pinging doesn't supply me with the mask information.

For example on my PC I did an ipconfig and my VPN ip address is 172.19.2.51 and my subnet mask is 255..255.255.255
0
 
Don JohnstonInstructorCommented:
What is the IP address of the workstation that you can successfully ping?
0
 
MsAileenSAuthor Commented:
Now I just tried again and it is resolving the same as the others.  

ping 172.17.2.124" and it says back, "Reply from 216.149.69.141: TTL Expired in transit.
0
 
Don JohnstonInstructorCommented:
Then this is a routing problem. Somewhere there are a couple of routers that have erroneous routing tables.  This could be happening within the organization (more likely) or by one of the carriers that are forwarding packets to this destination (less likely).
 
0
 
MsAileenSAuthor Commented:
So it is a routing person within the organization.  Does that necessarily mean it is a problem directly with the equipment at the new york site? It would seem so since I am not having any issues with the devices here in Chicago.  

Since I do not have the expertise and will have to hire someone to fix this then do I have to hire someone in NY that can go and hook directly up to the equipment or can this be done remotely some kind of way?
0
 
MsAileenSAuthor Commented:
I meant problem not person in the first sentence, sorry
0
 
Don JohnstonInstructorCommented:
If you knew the topology and addressing for the organization, you could determine if the 216.149.69.141 router is owned by the organization and where it is located. That would be where you need to start.

But based on the information so far, I would guess that's in NY.

It's possible that it can be done remotely but you would need to be able to access the routers (which is an unknown that this point).

Whether it's done remotely or locally, whoever does it will need detailed documentation as to the layout of the network (topology diagrams, IP addressing scheme, etc.). Otherwise, they'll have to that before they can get started on the troubleshooting which makes the whole job a lot more expensive.
0
 
MsAileenSAuthor Commented:
I have network diagrams, that will help a little.  Is there  a way i could find the topology and addressing for the organization?

Well, thanks.  
0
 
MsAileenSAuthor Commented:
I have never seen this address anywhere on anything in the organization.  Not sure where it is coming from; 216.149.69.141.

0
 
Don JohnstonInstructorCommented:
>Is there  a way i could find the topology and addressing for the organization?

At some point, it should have been documented somewhere.

As for the address. It's owned by XO communications.  If they're the ISP for the organization, then it could be an address assigned to one of your routers. Otherwise, it's an ISP router.


0
 
MsAileenSAuthor Commented:
We do have XO that's right.  So I had one of the engineers go to the facility and he said they have been having windstorms and that half the building doesn't have power.  He took an ext cord and plugged everything in and it came back up.  So I guess the IP address I was seeing was XO and it was telling me that the lines in were still good.  

Thanks for all your help!!!!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 12
  • 10
Tackle projects and never again get stuck behind a technical roadblock.
Join Now