Link to home
Start Free TrialLog in
Avatar of rwheeler23
rwheeler23Flag for United States of America

asked on

MS network has lost half of it computers.

During a recent snowstorm we lost power for a substantial amount of time. So I shut all the servers and workstations off while the UPSs still had power. Now that the power is back on I can no longer RDP to half of the servers and workstations. I have tried pinging by name and IP addresses to no avail. It is quite possible that the computers were not turned back on in the same order they were turned off. I have even tried assigning all computers fixed IP addresses. How do I flush out all the old IP addresses and get everything back to the way it was? I do use a Cisco RV-130 router as a DHCP server and nothing on that box has changed. The odd thing is if I go to any of the computers I cannot RDP to they can successfully access the internet. There is no domain here and DNS comes from the ISP. These are a mix of W10 and W11 workstations.

Avatar of Jason Johanknecht
Jason Johanknecht
Flag of United States of America image

When you say servers, are they workstations or actual server OS?  
You mention fixed address, are they excluded from the DHCP range?
Can you RDP from one into the other while on the physical site?  If not make sure nothing has happened to the network, make sure the network is PRIVATE.
Avatar of CompProbSolv
I would focus on the ping failures as they are much simpler to troubleshoot than RDP failures.
You mention that DNS is done by the ISP.  I wouldn't expect the ISP to know anything about your local device names, so ping tests should be done by IP.

Are you certain that the computers replied to ping requests before the snowstorm?  That can be blocked.  Try the test again with the internal firewall disabled.

What is between the servers?  For example, do they cable to the same switch?  If so, is it a managed or unmanaged switch?

Avatar of rwheeler23

ASKER

I have 4 workstations that run VM Ware Workstation 16 and 17. The two that are W11 workstations I can RDP to. The two that are W10 workstations I cannot. I just noticed when I run Advanced IP scanner the two I cannot RDP to now have new IP addresses. Their old IP addresses have now been taken by other workstations. I tried running ipconfig /flushdns but that did not help. Is this something I have to simply wait for the ISP DNS server to refresh? Is there any way to force a refresh?
I use these computers everyday and they all worked before the storm.
As an example, One of the computers I cannot RDP tp has an IP address of 10.0.111. The other is 10.0.0.114.
I can ping 10.0.0.111 but I cannot ping 10.0.0.114

The network cable from the ISV goes to the Cisco router and then a cable from there goes to a 24 port network hub. All was fine prior to the power outage. All devices are behind UPSs. If I swap cables on the hub the problems moves to that port.
I'm getting confused here!  You indicated that you tried this with static IPs on the computers.  I'd stay with that while troubleshooting so you don't run into issues with IP addresses changing.  Were you pinging to the correct IP addresses?

"ISP DNS server to refresh": as I mentioned, I don't think that your ISP DNS will be able to resolve local names.  You want a local DNS server for that.

I would try to get all of the destination devices (e.g. computers you are trying to RDP to) to have static IPs.  You can either set them individually or put reservations for them in the DHCP server.  You'll avoid some problems and make troubleshooting easier if they always have the same IPs.

Are the failed pings directed to the VM Ware host or to the VMs?
"they all worked before the storm": does "worked" mean that you could RDP to them, ping them, or both?

From your last post, it appears that pinging may not be a good test for whether or not RDP works.  Regardless, I'd attack the ping issue first.
The ISP knows nothing about the local machines on the network since they are NAT'ed and all would show to them is activity on your WAN address. You would need a local DNS to resolve local private IP addresses.
you need to turn on LLDP on the machines to advertise their IP on the local network. I'm also thinking that the machines that you cannot connect to may have changed their network location from private to public.
If you had setup static ip addresses (or reservations on all of the machines then you could then use the hosts file on each machine to translate human readable names to IP addresses.
I just found what was the problem and I do not believe it.
Somehow the check box under System for Allow Remote Desktop had gotten unchecked on the two W10 workstations. Why that would have gotten unchecked simply by turning off the workstation is a mystery.
Glad to hear you found it, but that doesn't explain why pinging didn't work in some cases.

Do consider carefully using either static IPs or reservations as David and I have both suggested.  On the networks that I manage (usually 20 or fewer computers) I tend to have reservations for all of the computers.
No it does not. My plan was to reset all IP address to fixed addresses. When this issue popped up my goal was to get them talking again. Now that I can back to work that is what I will do over the weekend.
microsoft has lately disabled PING reply (ICMP) in the firewall unless you explicitly allow it.
Is there a new setting to override this?
Avatar of skullnobrains
skullnobrains

regarding rdp, my guess would be the setting was changed beforehand but as many things won't take effect before restart. (or maybe only when someone is connected while the setting is changed)
most likely, changing the setting removes autostart from the ts service but does not kill the running service if it is started.

regarding ping, may be interested in adding arping and udping to your toolbox.
arping cannot be blocked but only works from the same network.
udping will work if the port is just unbound but not if it is firewalled without icmp responses enabled.

you may also consider nmap. disable the ping scan and run a port scan or OS fingerprinting. unless the machine is voluntarily stealth, chances are you will at least know the host exists and is up.
I use Advanced IP Scanner to scan all active IP addresses on the network. It always identified them all but for a handful ping would not work. I will get copies of the aforementioned utilities.
you go into the advanced firewall settings and enable it.
#IPv4
netsh advfirewall firewall add rule name="ICMP Allow incoming V4 echo request" protocol="icmpv4:8,any" dir=in action=allow

Open in new window

#IPv6
netsh advfirewall firewall add rule name="ICMP Allow incoming V6 echo request" protocol="icmpv6:8,any" dir=in action=allow

Open in new window

ASKER CERTIFIED SOLUTION
Avatar of skullnobrains
skullnobrains

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial