Announcement

Collapse
No announcement yet.

Win 08 - Can Ping & Resolve DNS Internally / Cannot Ping, But Can Resolve Externally

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Win 08 - Can Ping & Resolve DNS Internally / Cannot Ping, But Can Resolve Externally

    Good Morning All -

    I've got a client's DC running Windows 2008 that I'm trying to troubleshoot a strange issue on.

    Yesterday, we had one of the hard drives go out. We replaced it and the RAID successfully rebuilt itself. I don't know if this caused the issue, but when in the server I found out the following:

    Issue
    The server can successfully resolve DNS and ping all internal hosts. However - it cannot ping external (internet) ones. It does resolve their hostnames, though.

    I've tried/checked the following:

    - Verified IP configuration is correct (running IPv4 - not IPv6)
    - tracert to external ip 8.8.8.8 doesn't resolve anything (on another windows server on same domain, it does)
    - Must RDP to different windows server on network, then rdp to server having issue to connect
    - Tried disabling NIC on server, re-enabling a different physical one, then configuring it's IP info the same
    - Tested again this morning after RAID rebuild was complete - nogo
    - The server is a DC and manages DNS - all entries look good
    - Windows Firewall is Off
    - Compared settings for Windows Routing Role to another similarally configured DC
    - Pointed to other DNS server as primary instead of itself
    - Verified DNS forwarders were correct.

    The server is Windows Server 2008 SP2 x64.

    I took a small capture of traffic using WireShark while trying to ping 8.8.8.8. The capture is attached. The txt file is plain txt and the 2nd file may be downloaded, renamed, and opened in WireShark for easier reading. They are the same capture.

    Any ideas? Thanks!
    Attached Files

  • #2
    Re: Win 08 - Can Ping & Resolve DNS Internally / Cannot Ping, But Can Resolve Externa

    Not to be rude, but who cares if you can't ping any external ip addresses?

    Here are my thoughts:

    1. There's a firewall somewhere blocking outbound ICMP Echo Request packets from the server or blocking the inbound ICMP Echo Reply.

    2. DNS resolution works correctly, so no DNS issue exists.

    3. There isn't a service or program (that I'm aware of) that relies on a successful ping, so the failure of your ping is meaningless.

    4. Stop using ping incorrectly. Ping is a tool to check for basic network connectivity/functionallity ONLY if you know for a fact that both systems involved (the pingee and the pinger) should send and receive ICMP echo request and ICMP echo reply packets with no interference from any other entity (firewalls, ACL's on routers, etc). As it is, you don't know for a fact whether or not you should be getting the ICMP Echo Reply. Have you checked the firewall on your server? On the router? At the ingress/egress of your network? At your ISP?

    5. As it is, all you've proven is that the server can't ping any external ip address, which in and of itself, means nothing and tells you nothing about the state of your server and/or network.

    6. Does the servers inability to get a response from its ping have any bearing whatsoever on any of the services the server is providing?

    I don't mean to be harsh, but I see so many posts of the kind "Oh Noe! I can't ping. The Internetz are down!". When in actuallity, you're using the wrong tool for the wrong problem. As it stands, I fail to see what your actual, real life problem is.

    Comment


    • #3
      Re: Win 08 - Can Ping & Resolve DNS Internally / Cannot Ping, But Can Resolve Externa

      Thanks for your reply - but....

      The reason I said I couldn't ping any IP addresses is because I cannot access anything extenally going in or out. I cannot go to web pages, FTP hosts, nor RDP in or out. Maybe I should have mentioned that, but figured it was assumed.

      Here are replies to each of your statements:

      1. The Windows Firewall is off. There is no other firewall on the server whatsoever.

      2. I agree, but still think it's relevant information considering the issue.

      3. The reason I mentioned ping is from a testing standpoint. I can ping other sites (like a Google DNS server 8.8.8. from other servers on the same domain, but not this one.

      4. Read #3 above

      5. Read #4 above

      6. Read #5 above

      Hopefully by now you can see what it is exactly I'm trying to do... Thanks for the lecture, though...

      Comment


      • #4
        Re: Win 08 - Can Ping & Resolve DNS Internally / Cannot Ping, But Can Resolve Externa

        Originally posted by joeqwerty View Post

        3. There isn't a service or program (that I'm aware of) that relies on a successful ping, so the failure of your ping is meaningless.
        just to be persnickety.. :P
        some routers will use ping for dead-peer-detection or dead-gateway-detection so as to failover..
        Please do show your appreciation to those who assist you by leaving Rep Point https://www.petri.com/forums/core/im.../icon_beer.gif

        Comment


        • #5
          Re: Win 08 - Can Ping & Resolve DNS Internally / Cannot Ping, But Can Resolve Externa

          Can you get to your gateway???

          If you can then you need to check your gateway to see why this server is not allowed out of the network.

          Have you changed the IP address at all???

          Really could be any number of reasons why this is happening. First port of call is to always check the gateway.

          Comment


          • #6
            Re: Win 08 - Can Ping & Resolve DNS Internally / Cannot Ping, But Can Resolve Externa

            I looked at the capture and I have two things for you to check:
            1) Make sure the server is configured with the proper default gateway
            2) It looks like you're using a Watchguard firewall. Check the firewall's "Blocked Sites" to see if it has the server's IP address listed. If so you can remove it and create an exception.

            The reason DNS is working is probably because the server asks the internal DNS server for the record and the other server has no issue getting out.
            Regards,
            Jeremy

            Network Consultant/Engineer
            Baltimore - Washington area and beyond
            www.gma-cpa.com

            Comment


            • #7
              Re: Win 08 - Can Ping & Resolve DNS Internally / Cannot Ping, But Can Resolve Externa

              JeremyW - you are right on the money...



              After recently finding that the gateway could not be pinged, it all started to make sense.



              As it turns out, there was a rule in the firewall (Watchguard) which kept that server from talking. No one know how it got there (hmm), but not that it's gone, it's back up 100%.


              I appreciate everyone's time that helped out - Thanks!

              Comment


              • #8
                Re: Win 08 - Can Ping & Resolve DNS Internally / Cannot Ping, But Can Resolve Externa

                Glad to help.
                Regards,
                Jeremy

                Network Consultant/Engineer
                Baltimore - Washington area and beyond
                www.gma-cpa.com

                Comment

                Working...
                X