Unable to Ping from Server A to a server in a different site, but can ping from server B to a server in a different site!?!
Dear Experts,
The company I work for have recently moved office. During that time we setup a second server in the new building and did a phased move. Once everyone was across we reconfigured the main server from the old office to the new IP range following through documentation from the Microsoft website to move a DC to a different ip range/site.
Everything seems to be working great locally, the main server is now been used as the primary DC on the local domain. The problem we are having is with replication between the site housing the moved DC and the other sites in out infrastructure. After further analysis it appears that the main server can't communicate with the other sites, but can communicate with the outside world).
Some basic ping and tracerts were carried out. the results were as follows:
when performing a tracert to a server at a second site from the main local server following error occurs:
gate-geam-la-ge240.network
The same test performed on the second server in the local site completes successfully, the hops in between timeout so I can see if it passes through 80.195.32.141 or not.
tracert to the www.google.com from the main server in the local site completes successfully also it passes through the 80.195.32.141 server fine.
tracert from the second server to google also complete fine and uses the same route as the main server, including 80.195.32.141.
Pinging from a server on a remote site fails to the main server, but is successful to the second server.
I am at a bit of a lose with this now so any advice and troubleshooting support is greatly appreciated.
Regards
Mark
The company I work for have recently moved office. During that time we setup a second server in the new building and did a phased move. Once everyone was across we reconfigured the main server from the old office to the new IP range following through documentation from the Microsoft website to move a DC to a different ip range/site.
Everything seems to be working great locally, the main server is now been used as the primary DC on the local domain. The problem we are having is with replication between the site housing the moved DC and the other sites in out infrastructure. After further analysis it appears that the main server can't communicate with the other sites, but can communicate with the outside world).
Some basic ping and tracerts were carried out. the results were as follows:
when performing a tracert to a server at a second site from the main local server following error occurs:
gate-geam-la-ge240.network
The same test performed on the second server in the local site completes successfully, the hops in between timeout so I can see if it passes through 80.195.32.141 or not.
tracert to the www.google.com from the main server in the local site completes successfully also it passes through the 80.195.32.141 server fine.
tracert from the second server to google also complete fine and uses the same route as the main server, including 80.195.32.141.
Pinging from a server on a remote site fails to the main server, but is successful to the second server.
I am at a bit of a lose with this now so any advice and troubleshooting support is greatly appreciated.
Regards
Mark
ASKER
Yes, sorry. The VPN tunnels are setup on our Zywall Router/Firewalls.
Mark
Mark
So Tracert shouldn't take you to a public IP at all, it sounds like the traffic is not going down the tunnel. You're certain the tunnel is up and expects to handle traffic for the new range?
Chris
ASKER
Yes the tunnels are active. Clients on the local network have network locations setup to file shares at the remote sites, these are working fine, as does pinging from a client on the local network, and server 2, to ip addresses on the remote site. The problem only appears to be with server1.
Regards
Mark
Regards
Mark
NsLookup server1 resolves correctly?
Cheers,
Chris
Cheers,
Chris
ASKER
yes.
Cheers
Mark
Cheers
Mark
And it's in the same range as stuff that works?
Chris
ASKER
yes that is correct
Mark
Mark
No static routes or anything odd like that?
Are you able to monitor the traffic on the firewall and verify that it is allowed, and passing down the tunnel interface?
Chris
ASKER
Chris,
There are no static routes configured. I also tried enabling some of the logging on the firewall but the options are fairly limited. I cant see and information linked to the traffic going from server 1 (which is the problem server) or server 2 (which works fine).
Mark
There are no static routes configured. I also tried enabling some of the logging on the firewall but the options are fairly limited. I cant see and information linked to the traffic going from server 1 (which is the problem server) or server 2 (which works fine).
Mark
Hmm, well it's passing the traffic to the router / firewall if you're getting this on the server:
gate-geam-la-ge240.network
Which suggests the tunnel is mis-configured, or something there is upset.
I realise that's not very much help, difficult to know what to suggest. Lets see, does the problem follow the source IP address? Or the port?
Chris
ASKER
Chris,
I appreciate the supports as i know it is an issue which could have a multitude of sources. My initial though was a potential DNS error after the server had been moved. I cant see how it could be the Routers as all three are setup exactly the same and the connection is working from server 2, and prior to the move everything worked fine also.
the problem follows the source IP address i think, please could you elaborate on that a little more?
Mark
I appreciate the supports as i know it is an issue which could have a multitude of sources. My initial though was a potential DNS error after the server had been moved. I cant see how it could be the Routers as all three are setup exactly the same and the connection is working from server 2, and prior to the move everything worked fine also.
the problem follows the source IP address i think, please could you elaborate on that a little more?
Mark
It's a difficult one to prove unless you can assign the IP to another machine, or change the IP of the existing server. I only wonder about it to rule out access-lists or oddities with the tunnel addresses on the firewall.
Chris
ASKER
Chris,
The VPN tunnels are setup using the WAN IP addresses of the routers. I don't believe there are any direct access lists configured which involve the server IP address, not sure if that info helps.
Regards
The VPN tunnels are setup using the WAN IP addresses of the routers. I don't believe there are any direct access lists configured which involve the server IP address, not sure if that info helps.
Regards
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
This may sound a little strange, I just disabled/re-enabled the local servers network connection and the remote site is now accessible :S
Many thanks for you help!
Many thanks for you help!
ASKER
For your help and immediate response :)
lol typical :) Ah well, as long as you have it working now :)
Chris
How are you connected to the other sites? VPN tunnel?
Chris