Announcement

Collapse
No announcement yet.

Inconsistent ping tests

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Inconsistent ping tests

    Hi everyone,

    I have always been curious as to why this has been the case but when I attempt to ping some of our client devices, they will respond with a request timeout while most others respond normally. Client devices are all configured the same with their local firewall settings being managed by GP. Our LAN is managed by Forefront TMG which I'm guessing would be the culprit? When attempting a reverse ping (non-responding client to server) it works just fine, not the other way around. I ran a live query but that didn't show anything helpful. Ideas?

  • #2
    Re: Inconsistent ping tests

    it's wayyy to hard to try and diagnose that without a full, thorough network map in front of me..
    there could be acls on switch interfaces or router interfaces somewhere..
    could be TMG interferring..
    could be that firewalls are actually active, despite what policy thinks
    could be an ipad, iphone, or other non-usual device
    Please do show your appreciation to those who assist you by leaving Rep Point https://www.petri.com/forums/core/im.../icon_beer.gif

    Comment


    • #3
      Re: Inconsistent ping tests

      Originally posted by tehcamel View Post
      it's wayyy to hard to try and diagnose that without a full, thorough network map in front of me..
      there could be acls on switch interfaces or router interfaces somewhere..
      could be TMG interferring..
      could be that firewalls are actually active, despite what policy thinks
      could be an ipad, iphone, or other non-usual device
      Its a very straightfoward configuration. Forefront TMG acts as a proxy server/gateway/firewall. This is the only firewall we have in place, there are no routers or switches that have been configured with ACLs. The devices I am attempting to ping are Windows XP and 7 Professional PCs so nothing out of the ordinary. Hope this helps

      Comment


      • #4
        Re: Inconsistent ping tests

        It ain't TMG interfering unless it is routing across multiple subnets - only Internet traffic will go through TMG on a single subnet network.

        What are your client OSs? IIRC XP will respond to ping by default with the firewall on, but Windows 7 won't. Not 100% sure on that but I seem to recall a similar issue.
        BSc, MCSA: Server 2008, MCSE, MCSA: Messaging, MCTS
        sigpic
        Cruachan's Blog

        Comment


        • #5
          Re: Inconsistent ping tests

          We're on a single subnet, no traffic is being routed other than internet traffic by our ISP router which we cannot touch. Client OSs consist of Windows XP and 7 Professional with some Win 7 clients running 64-bit OS. As for any consistencies between the client OS's I haven't found any. I've been able to successfully ping Win 7 Pro clients (both x86 and x64) while others just are timing out. They have all been configured the same, are under the same GP settings, some are even the same exact PC model and yet I'm still getting responses from some but not from others.

          The one thing I can think of is we are having FRS issues with our 2 DC's so basically when I create a GPO, I have to manually copy it over to the other DC. Long shot but I doubt that could be the issue.

          After playing around with one of the client PC's experiencing this issue, I found out its definitely Windows Firewall causing the problem. When disabled, the client PC responds just fine. Thing is, everyone is under the same GPO firewall settings so how can this be? What could I be missing?
          Last edited by crowntech; 10th January 2012, 17:48. Reason: update on post

          Comment


          • #6
            Re: Inconsistent ping tests

            Here is what needs to be changed in the Windows 7 Firewall for File & Print Sharing to work.


            Run Firewall.cpl

            Select Advanced Settings
            Select Inbound Rules
            Select “Echo Request – ICMPv4-In”
            Change Scope
            Add ###.###.###.###/##
            Click OK

            Select “NB-Datagram-IN”
            Change Scope
            Add ###.###.###.###/##
            Click OK

            Select “NB-Name-In”
            Change Scope
            Add ###.###.###.###/##
            Click OK

            Select “NB-Session-In”
            Change Scope
            Add ###.###.###.###/##
            Click OK

            Close Firewall

            Comment


            • #7
              Re: Inconsistent ping tests

              Originally posted by akitafan View Post
              Here is what needs to be changed in the Windows 7 Firewall for File & Print Sharing to work.


              Run Firewall.cpl

              Select Advanced Settings
              Select Inbound Rules
              Select “Echo Request – ICMPv4-In”
              Change Scope
              Add ###.###.###.###/##
              Click OK

              Select “NB-Datagram-IN”
              Change Scope
              Add ###.###.###.###/##
              Click OK

              Select “NB-Name-In”
              Change Scope
              Add ###.###.###.###/##
              Click OK

              Select “NB-Session-In”
              Change Scope
              Add ###.###.###.###/##
              Click OK

              Close Firewall
              Once I enabled the echo request - icmpv4-in, the client's are responding. So it looks like some clients are defaulting to the private profile while most others are under the domain profile. Strange thing is that this is also occurring under XP clients as well, which don't have profiles. So for group policy, this would be under the Allow ICMP Exceptions rule?

              Comment

              Working...
              X