Articles

DHCP/DNS server unable to ping clients

December 2, 2009 at 02:04:27
Specs: Microsoft Windows Server 2003 Enterprise

I've got a domain controller I setup 5 years ago with Microsoft Windows Server 2003 Enterprise with DNS/DHCP and all of a sudden client systems cannot ping each other and I cannot use remote desktop to log into different systems anymore. From here on when I refer to ping I mean by DNS short name, the FQDN, and by IP. Interestingly all of the clients on the network are able to ping and remote desktop into the domain controller, however the domain controller cannot ping the clients from a command prompt. All of the clients have DHCP reservations and all of the clients can connect to the internet just fine. So the question is how do I figure out what is now wrong with the domain controller so that clients can ping and remote desktop to one another again, including allowing the domain controller being able to ping the dhcp clients?

I've already tried these:
ipconfig /flushdns - all systems
ipconfig /registerdns - all systems
arp -d [ip] - deleted all routes to all systems on all systems


Heres the output of route print on the domain controller:
IPv4 Route Table
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x10003 ...00 16 76 40 de f9 ...... Intel(R) PRO/100 VE Network Connection - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.15 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.1.0 255.255.255.0 192.168.1.15 192.168.1.15 20
192.168.1.15 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.255 255.255.255.255 192.168.1.15 192.168.1.15 20
224.0.0.0 240.0.0.0 192.168.1.15 192.168.1.15 20
255.255.255.255 255.255.255.255 192.168.1.15 192.168.1.15 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None

Seems fine to me but I'm no expert here.

Here is a client systems ip settings:
Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom NetXtreme 57xx Gigabit Controller
Physical Address. . . . . . . . . : 00-19-B9-34-E9-C5
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::644c:9e7b:ec13:98d5%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.6(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Wednesday, December 02, 2009 3:37:43 AM
Lease Expires . . . . . . . . . . : Thursday, December 10, 2009 3:37:42 AM
Default Gateway . . . . . . . . . : 192.168.1.15
DHCP Server . . . . . . . . . . . : 192.168.1.15
DHCPv6 IAID . . . . . . . . . . . : 234887609
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-12-7B-0A-27-00-19-B9-34-E9-C5
DNS Servers . . . . . . . . . . . : 192.168.1.15
NetBIOS over Tcpip. . . . . . . . : Enabled

and here is the domain controller's ip settings:
Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/100 VE Network Connection
Physical Address. . . . . . . . . : 00-16-76-40-DE-F9
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.1.15
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1
DNS Servers . . . . . . . . . . . : 192.168.1.15
192.168.1.1

Thoughts?


See More: DHCP/DNS server unable to ping clients

Report •


#1
December 2, 2009 at 06:27:19

Sounds like the result of a firewall gpo that turns off icmp.

easy test - can you tracert from server to workstation or visa versa? Tracert uses icmp also.


Report •

#2
December 2, 2009 at 21:50:11

Nice, that's exactly what it was. Turned out that the clients that are having issues are Windows 7 and Windows Server 2008 which both have some seriously hardened security out of the box. I had to go into the firewall settings on both systems and enable inbound and outbound rules for the "File and Printer Sharing (Echo Request - ICMPv4-In)" and everything started working for ping requests. Remote desktop still doesn't work but I know its just a matter of finding the associated firewall rule and enabling them on both systems.

Thanks!


Report •

Related Solutions


Ask Question