• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 295
  • Last Modified:

Unable to Ping from Server A to a server in a different site, but can ping from server B to a server in a different site!?!

Dear Experts,

The company I work for have recently moved office. During that time we setup a second server in the new building and did a phased move. Once everyone was across we reconfigured the main server from the old office to the new IP range following through documentation from the Microsoft website to move a DC to a different ip range/site.

Everything seems to be working great locally, the main server is now been used as the primary DC on the local domain. The problem we are having is with replication between the site housing the moved DC and the other sites in out infrastructure. After further analysis it appears that the main server can't communicate with the other sites, but can communicate with the outside world).

Some basic ping and tracerts were carried out. the results were as follows:

when performing a tracert to a server at a second site from the main local server following error occurs:
gate-geam-la-ge240.network.virginmedia.net [80.195.32.141] - Destination net unreachable.

The same test performed on the second server in the local site completes successfully, the hops in between timeout so I can see if it passes through 80.195.32.141 or not.

tracert to the www.google.com from the main server in the local site completes successfully also it passes through the 80.195.32.141 server fine.

tracert from the second server to google also complete fine and uses the same route as the main server, including 80.195.32.141.

Pinging from a server on a remote site fails to the main server, but is successful to the second server.

I am at a bit of a lose with this now so any advice and troubleshooting support is greatly appreciated.  

Regards
Mark
0
markb89
Asked:
markb89
  • 9
  • 9
1 Solution
 
Chris DentPowerShell DeveloperCommented:
Hi Mark,

How are you connected to the other sites? VPN tunnel?

Chris
0
 
markb89Author Commented:
Yes, sorry. The VPN tunnels are setup on our Zywall Router/Firewalls.

Mark
0
 
Chris DentPowerShell DeveloperCommented:

So Tracert shouldn't take you to a public IP at all, it sounds like the traffic is not going down the tunnel. You're certain the tunnel is up and expects to handle traffic for the new range?

Chris
0
Restore individual SQL databases with ease

Veeam Explorer for Microsoft SQL Server delivers an easy-to-use, wizard-driven interface for restoring your databases from a backup. No expert SQL background required. Web interface provides a complete view of all available SQL databases to simplify the recovery of lost database

 
markb89Author Commented:
Yes the tunnels are active. Clients on the local network have network locations setup to file shares at the remote sites, these are working fine, as does pinging from a client on the local network, and server 2, to ip addresses on the remote site. The problem only appears to be with server1.

Regards
Mark
0
 
Chris DentPowerShell DeveloperCommented:
NsLookup server1 resolves correctly?

Cheers,

Chris
0
 
markb89Author Commented:
yes.

Cheers

Mark
0
 
Chris DentPowerShell DeveloperCommented:

And it's in the same range as stuff that works?

Chris
0
 
markb89Author Commented:
yes that is correct

Mark
0
 
Chris DentPowerShell DeveloperCommented:

No static routes or anything odd like that?

Are you able to monitor the traffic on the firewall and verify that it is allowed, and passing down the tunnel interface?

Chris
0
 
markb89Author Commented:
Chris,

There are no static routes configured. I also tried enabling some of the logging on the firewall but the options are fairly limited. I cant see and information linked to the traffic going from server 1 (which is the problem server) or server 2 (which works fine).

Mark
0
 
Chris DentPowerShell DeveloperCommented:

Hmm, well it's passing the traffic to the router / firewall if you're getting this on the server:

gate-geam-la-ge240.network.virginmedia.net [80.195.32.141] - Destination net unreachable.

Which suggests the tunnel is mis-configured, or something there is upset.

I realise that's not very much help, difficult to know what to suggest. Lets see, does the problem follow the source IP address? Or the port?

Chris
0
 
markb89Author Commented:
Chris,

I appreciate the supports as i know it is an issue which could have a multitude of sources. My initial though was a potential DNS error after the server had been moved. I cant see how it could be the Routers as all three are setup exactly the same and the connection is working from server 2, and prior to the move everything worked fine also.

the problem follows the source IP address i think, please could you elaborate on that a little more?

Mark
0
 
Chris DentPowerShell DeveloperCommented:

It's a difficult one to prove unless you can assign the IP to another machine, or change the IP of the existing server. I only wonder about it to rule out access-lists or oddities with the tunnel addresses on the firewall.

Chris
0
 
markb89Author Commented:
Chris,

The VPN tunnels are setup using the WAN IP addresses of the routers. I don't believe there are any direct  access lists configured which involve the server IP address, not sure if that info helps.

Regards
0
 
Chris DentPowerShell DeveloperCommented:

Okay, makes sense. I thought it sounded a bit basic to have access-lists to be honest. Straws, you see :) To me it feels like a problem with the tunnel, or at either end of the tunnel. I was just hoping to acquire a reasonable way to test that theory :)

Chris
0
 
markb89Author Commented:
This may sound a little strange, I just disabled/re-enabled the local servers network connection and the remote site is now accessible :S

Many thanks for you help!
0
 
markb89Author Commented:
For your help and immediate response :)
0
 
Chris DentPowerShell DeveloperCommented:

lol typical :) Ah well, as long as you have it working now :)

Chris
0

Featured Post

 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

  • 9
  • 9
Tackle projects and never again get stuck behind a technical roadblock.
Join Now