Announcement

Collapse
No announcement yet.

Can't ping while connected to AD

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Can't ping while connected to AD

    Hey All,

    First of all, I'm not sure if this should be in the XP forum or the AD forum...it's kinda cross related.

    I have a Windows XP Pro SP2 system. For a while now the user has been complaining about not being able to remote desktop into his machine and it was crashing on him while using a couple different applications. I tried pinging his machine to be able to attempt to remote desktop into as well and the request always timed out. All his entries in the DHCP pool, DNS table and on the AD server appear to be just fine. The MAC addresses line up, the IP addresses line up, the account is not disabled or anything....etc. After running some extensive hardware diagnostics I suggested a reload of the operating system. (If you knew this user in person you'd understand quite easily that the error could easily be user related....ie he has scripts setup at startup that would make my grandmother cringe)

    So, I reload the operating system cleanly. I loaded all the drivers like normal and added the machine to the domain using the same computer name it had before the reload. Lo and behold, I still can not ping his system name or IP address. I added a 2nd ethernet card thinking it might be something in the DHCP lease that's not working properly. I can't ping that interface either.

    Thinking that his computer profile in the AD might be messed up, I removed the system from the domain and booted the profile from the AD server. Guess what? I can ping his system name and both ethernet interfaces. I added the system back to the domain and rebooted. Now, I can't ping the interfaces again.

    Thinking it might be the fact that I've used the same system name the whole time I removed him from the domain again, removed the profile from AD and renamed the machine to something different. With the system not connected to the domain I can ping the interfaces just fine. I add the new system name to the AD, reboot and once again can't ping the interfaces.

    This is driving me crazy! Anyone have any suggestions or where to look next?

    -Phrancie

  • #2
    Re: Can't ping while connected to AD

    Apparently, I'm not nearly as patient as I'm supposed to be.

    In the time it took me to make my post earlier and do a little more digging around the internet the problem has resolved itself....although I still don't know what the actual problem was.

    The system now has a new name and the old system name profile has been removed from the AD. Maybe the server just needed a minute to re-sync with itself.

    -Phrancie

    Comment


    • #3
      Re: Can't ping while connected to AD

      Windows XP SP2 has the firewall enabled by default.
      This would explain why the host was not pingable.
      [Powershell]
      Start-DayDream
      Set-Location Malibu Beach
      Get-Drink
      Lay-Back
      Start-Sleep
      ....
      Wake-Up!
      Resume-Service
      Write-Warning
      [/Powershell]

      BLOG: Therealshrimp.blogspot.com

      Comment


      • #4
        Re: Can't ping while connected to AD

        Duh?
        What do you mean by that? What do you think that happened to XP's firewall during those almost 30 minutes it took phrancie to update the forum that it was solved?

        Sorin Solomon


        In order to succeed, your desire for success should be greater than your fear of failure.
        -

        Comment


        • #5
          Re: Can't ping while connected to AD

          Originally posted by sorinso View Post
          Duh?
          What do you mean by that? What do you think that happened to XP's firewall during those almost 30 minutes it took phrancie to update the forum that it was solved?
          Nothing, but the xp firewall doesn't reply to ICMP packets by default.
          He did not mention that the computer is pingable at this moment.
          So who is telling that the computer is pingable at this moment?
          I'm just giving a possible cause why the computer wasn't responding to pings.

          Its is not my intention to confront anybody, just looking at the most obvious first.
          [Powershell]
          Start-DayDream
          Set-Location Malibu Beach
          Get-Drink
          Lay-Back
          Start-Sleep
          ....
          Wake-Up!
          Resume-Service
          Write-Warning
          [/Powershell]

          BLOG: Therealshrimp.blogspot.com

          Comment


          • #6
            Re: Can't ping while connected to AD

            You are right, of course. The firewall can be one of the reasons a computer does not respond to ping command.
            Nevertheless, the OP said:
            In the time it took me to make my post earlier and do a little more digging around the internet the problem has resolved itself
            I assume from this that the case is closed.

            Sorin Solomon


            In order to succeed, your desire for success should be greater than your fear of failure.
            -

            Comment


            • #7
              Re: Can't ping while connected to AD

              Thanks for the replies.

              Windows Firewall is one of the first things I disable here on our network for the PCs I install. First of all, back when SP2 came out the firewall was really screwing us up since our network was setup with a 255.255.0.0 schema. When trying to get to servers in a different class B it would complain and timeout. We had to hand out a batch file to people that wanted the firewall enabled just so they could add a route to the other segment of the network and bypass the firewall. Needless to say, the firewall always gets disabled here on the network.

              This problem seems to actually be a problem with the computer profile in the Active Directory although I don't know how or where to find ALL the fields/characteristics for it's profile.

              Here's what's happening. The computer is named "Config1" and is authenticated to the domain. If I change the name to "Config2" and leave it authenticated to the domain, reboot the system and try to ping it, it won't respond. If I change it back to "Config1" while still connected to the domain it also won't respond to ping requests. If I change the name to "Config3" and remove it from the domain and into a workgroup and reboot the system, it will now respond to ping requests. If I add it back to the domain using this new name (never associated with the domain before) and reboot it will now respond to ping requests like any normal PC. But, if I change it back to either "Config1" or "Config2", leave it attached to the domain and reboot it won't respond to ping anymore....and now the name "Config3" is tainted.

              Changing the name to something different than it's ever been before while removing it from the domain at the same time, then rebooting and adding it back to the domain as the new name is the only way to get it to create a new, untainted AD profile that responds to ping requests.

              -Phrancie

              Comment


              • #8
                Re: Can't ping while connected to AD

                This may sound overly simple, but have you checked to make sure that the appropriate DNS A and PTR records exists after you rename the computer? How long are you waiting before you ping? Try flushing the DNS cache on the computer doing the pinging and also flush the DNS cache on your DNS server(s).

                Comment


                • #9
                  Re: Can't ping while connected to AD

                  Just to add to joeqwerty's answer, that you should try pinging by the IP address. Although you are not saying it clearly, it looks like you are pinging by the name of the machine. Doing this after you just changed the name, it can get you an error, as if something is wrong with the machine. Nothing is wrong with it, you just have to wait for the changed you did to propagate to all systems (like the DNS, as joeqwerty suggested).

                  Sorin Solomon


                  In order to succeed, your desire for success should be greater than your fear of failure.
                  -

                  Comment


                  • #10
                    Re: Can't ping while connected to AD

                    Yeah, I've had 3 command windows open the whole time pinging both network interfaces by IP and computer name. Nothing responds to ping unless the system has been removed from the domain or been given a different name and added back to the domain. As for how long I've waited before pinging, I've had continuous ping loops going for hours on end while making changes.

                    -Phrancie

                    Comment


                    • #11
                      Re: Can't ping while connected to AD

                      Behind all this must be a verry logical explination.
                      Active Directory does not block ICMP packets on your network.
                      You can control the firewall settings through gpo, but it than it is the local firewall who uses settings defined by that GPO. Active Directory itself will not block icmp packets to a client for some reasson.

                      So obvious the problem must be caused by:

                      1)DNS problem: host name or a record not correct
                      2)(On troubled host) Verify that the ip address your are pinging to is correct
                      3)(On troubled host) Can you ping the local loop address?
                      4)(On troubled host) Can you ping your assigned addresses?
                      5)Is this computer reachable in the same Vlan?
                      [Powershell]
                      Start-DayDream
                      Set-Location Malibu Beach
                      Get-Drink
                      Lay-Back
                      Start-Sleep
                      ....
                      Wake-Up!
                      Resume-Service
                      Write-Warning
                      [/Powershell]

                      BLOG: Therealshrimp.blogspot.com

                      Comment


                      • #12
                        Re: Can't ping while connected to AD

                        Killerbe, thanks for the response.

                        Originally posted by Killerbe View Post
                        Behind all this must be a verry logical explination.
                        Active Directory does not block ICMP packets on your network.
                        You can control the firewall settings through gpo, but it than it is the local firewall who uses settings defined by that GPO. Active Directory itself will not block icmp packets to a client for some reasson.

                        So obvious the problem must be caused by:

                        1)DNS problem: host name or a record not correct
                        When the system is not connected to the domain, it responds to ping just fine. The majority of it's problems are when it's connected to the domain.
                        2)(On troubled host) Verify that the ip address your are pinging to is correct
                        Verified....the IP addresses for both interfaces are what I'm trying to ping
                        3)(On troubled host) Can you ping the local loop address?
                        Yes, pinging from the troubled machine back to itself works just fine whether I'm on the domain or not.
                        4)(On troubled host) Can you ping your assigned addresses?
                        I'm assuming you mean can I ping itself (10.11.21.127) not the loopback (127.0.0.1). Yes, I can ping everything locally.
                        5)Is this computer reachable in the same Vlan?Not sure how to do this part
                        This is a fresh install of Windows XP Pro - straight out of the box with SP2 installed and the firewall disabled. This machine is no different than the other 200 working machines on the network as far as configuration. The AD is fairly new and we haven't even bothered touching any of the GPO default settings (as far as I know). When this system is not attached to the domain, it would appear to be a trouble-free computer working as blissfully as Microsoft would want it to.

                        -Phrancie

                        Comment


                        • #13
                          Re: Can't ping while connected to AD

                          Oh, I forgot to add the reason why all these diagnostics started in the first place. It's not just because the machine won't respond to ping requests, it's because it basically becomes invisible on the network. I can't get a traceroute to the machine, I can't Remote Desktop into it, I can't see it under Network Neighborhood....nothing. But, the system works going out onto the network just fine.

                          This is driving me up a wall.

                          -Phrancie

                          Comment


                          • #14
                            Re: Can't ping while connected to AD

                            It really sounds like a name-resolving issue. The question is why is this happening.
                            Are you working with WINS in your network, or only DNS?
                            How is your computer gets its IP address? DHCP? Manually? What does it have as DNS servers?
                            Where is your DNS server? The DC?

                            Sorin Solomon


                            In order to succeed, your desire for success should be greater than your fear of failure.
                            -

                            Comment


                            • #15
                              Re: Can't ping while connected to AD

                              Yes we have WINS & DNS
                              DHCP
                              We have 2 DNS servers, primary is the AD and the 2nd is a linux based solution.

                              Again, the weird thing is that this is the only computer on the network with this issue.

                              -Phrancie

                              Comment

                              Working...
                              X