Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

user cannot access parent IP address range

Posted on 2012-09-18
15
Medium Priority
?
283 Views
Last Modified: 2012-09-24
Hi all,

I have two different domains and they are setup as a bi-directional trust. We have an MPLS line between our two different domains.

All my users can access the other domain with no issues and its resources except for one workstation.
When this user tries to access lets say 10.1.1.100 it works some times but mostly it doesnt. It comes up with an error that saying that it is unable to connect.

Anyone have any ideas?
0
Comment
Question by:sbodnar
  • 6
  • 5
  • 2
  • +2
15 Comments
 
LVL 22

Expert Comment

by:Matt V
ID: 38411322
We would need to see a diagram of the network, or at least a quick explanation of how it is setup.  You do not say what IP you are coming from or how it is subnetted or anything else.

You also seem to be confusing IPs and Domains, as there is no such thing as a parent IP address range.
0
 
LVL 78

Accepted Solution

by:
Rob Williams earned 668 total points
ID: 38411325
Have you tried     tracert 10.1.1.100     to see where in the path it might be failing?
0
 
LVL 3

Assisted Solution

by:Nathan Kaufman
Nathan Kaufman earned 668 total points
ID: 38411849
pathping is also another useful tool in tracing out the network path.  There could be a number of reasons why this issue is happening.  I would first try disabling the firewall/antivirus on the workstation having trouble.  See if that helps.  The other issue could be VLAN, wrong DNS information, no computer account on Domain (or corrupt one), or something else.  But I would first start with turning off firewall/antivirus on workstation.
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:sbodnar
ID: 38413353
mattvmotas,

I can see the parent domain but can access the IP range that the parent company uses. My verbage is correct. They use a different IP class then I do. That is why I stated parent IP address range.

Robwill,
Thank you and I will try the traceroute today and hopefully that gives me much insight. Thank you for the excellent suggestion!

Nate_IT,
I have turned off the firewall and antivirus and it did help for a little but then the issue came back even though the firewall stayed off... weird huh?
The issue is only with thie workstation. No one else on the network has the issue. So its definitely secluded to a setting or something on this workstation that is blocking access to taht network.
0
 

Author Comment

by:sbodnar
ID: 38413856
Okay,

I ran the pathping and tracert and both just came back with *            * as the route details. So it does not want to see the 10.1.1. * network.

The setup is my network 192.168.*.* to ----> MPLS router 192.168.*.* the to ------>other MPLS router on their side 10.1.*.* ------> to there network 10.1.*.*

As I said, its only happening on this machine. All other works fine.

I disabled the following:
Firewall
Antivirus

and I checked to see if it worked under another profile and it still fails.

Thoughts?
0
 
LVL 78

Expert Comment

by:Rob Williams
ID: 38413887
Did tracert not even come back with the default gateway as the first hop?  It is possible the gateway does not accept ICMP requests.  Do you get similar results from a working machine?  If it woks on another machine and not the problematic one the route is not configured on the PC, or it does not have the correct default gateway address.
0
 

Author Comment

by:sbodnar
ID: 38414147
It came back with nothing just *               *                       *

when I do the same tracert on my local pc it comes back with the correct information.

suggestions on what to do?
0
 
LVL 78

Expert Comment

by:Rob Williams
ID: 38414206
The PC cannot have the correct route to the remote network.  The route can be added to the PC, but more often it is added to the default  gateway device.  Then when a PC  tries to contact an IP that is not part of the local subnet it sends the packet to the default gateway, which has the appropriate route, and forwards it to the next hop.

Have you compared the results of route print on a working machine and the problematic machine?
0
 

Author Comment

by:sbodnar
ID: 38414221
how do i do that? what is the best way?
0
 
LVL 78

Expert Comment

by:Rob Williams
ID: 38414264
If you like you can post here and we can have a look.  The information is all internal addressing so there is no security concern.  With that information we might be better able to help.

You can export the results from a command line using something like:
route  print  >>C:\Temp\routes.txt
Then copy the file and post here as an attachment.   The ">>" (arrows) will add the contents of each output to the same file.

You might also want to include from both machines:
ipconfig /all  >>C:\Temp\routes.txt
In this out put you may want to remove your internal domain name.  It will show as YourDomain.local, just change to something like   ******.local  so we know it is present.
0
 
LVL 39

Expert Comment

by:ChiefIT
ID: 38416495
I don't think you accounted for the extra overhead of a tunneled connection which includes encryption and routing protocols.. This makes an MTU size larger than the default 1500 byte size. If you look at your router logs you should see Maximum segment size exceded, meaning that the packets are too large through the connection.

Without ICMP, the packets can't be resized. ICMP is used to adjust the packet size and fragment packets.

What I would do is an MTU ping. If the MTU ping can't get to the other site at lower MTU sizes, then I would make sure you have fixed routes for the site to site connection.

But I think this is an MTU problem.
http://help.expedient.com/broadband/mtu_ping_test.shtml

It is also important to tell us how you are using the ping tool. There is a difference between pinging by Fully Qualified domain name, IP, or hostname. They are different because of the way they resolve to a routeable protocol.
0
 

Author Comment

by:sbodnar
ID: 38417571
ChiefIT,

I would agree with you if all users were having this issue. It would then be escalated to investigating the router to router connection. However, this is just secluded to a single laptop that is having the issue.
0
 
LVL 78

Expert Comment

by:Rob Williams
ID: 38417833
As mentioned, could you post the route print and ipconfig results from 2 machines?
0
 
LVL 39

Assisted Solution

by:ChiefIT
ChiefIT earned 664 total points
ID: 38423961
Let's weed out name resolution.

While troubleshooting, are you using the IP addresses, FQDN, or hostname?
0
 

Author Comment

by:sbodnar
ID: 38428394
Hey guys,

thank you everyone for your suggested excellent potential solutiions.

I ended up rebuilding the routing table on the PC and everything seems to be working fine for about a week now.

Points will be awarded for all suggestions that lead me to this resolution.

Thank you again everyone
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article is a collection of issues that people face from time to time and possible solutions to those issues. I hope you enjoy reading it.
IF you are either unfamiliar with rootkits, or want to know more about them, read on ....
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …

577 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question