Tom;
Two things. First, if your network team is specifically blocking all ICMP traffic its just not going to get there regardless if its on VLAN or straight LAN traffic. You might suggest that they allow ECHO ICMP instead of just blocking all ICMP. Second, to really test where the blockage is at try using TRACERT. That should at least show you how far the traffic is getting before being blocked. The error message does appear (without more information) that this is indeed a bit aggressive in the management department. You may also want to test your LDAP traffic for passthru as well as the clients will eventually find the 'right' DC via LDAP as well if they can't find ICMP traffic, as I understand the packet logs. I may be wrong so feel free to correct me if I am misinterpreting something. ;)
The contents contain privileged and/or confidential information intended for the named recipient of this email. ETSI (Employee Technology Solutions, Inc.) does not warrant that the contents of any electronically transmitted information will remain confidential. If the reader of this email is not the intended recipient you are hereby notified that any use, reproduction, disclosure or distribution of the information contained in the email in error, please reply to us immediately and delete the document.
Viruses, Malware, Phishing and other known and unknown electronic threats: It is the recipient/client's duties to perform virus scans and otherwise test the information provided before loading onto any computer system. No warranty is made that this material is free from computer virus or any other defect.
Any loss/damage incurred by using this material is not the sender's responsibility. Liability will be limited to resupplying the material.
| Tom Kern <[EMAIL PROTECTED]>
Sent by: [EMAIL PROTECTED] 12/30/2005 08:25 AM
|
|
What affect would blocking icmp packets on all vlans have on win2k/xp client logons in a win2k forest?
any?
I know clients ping dc's to see which responds first and later ping dc's to determine round trip time for GPO processing, but would blocking icmp's have any adverse affects on clients?
I only ask because my corp blocks icmp's on all our vlans and i get a lot of event id 1000 from Usernev with error code of 59 which when i looked up, refers to network connectivity issues. i think this event id is related to the fact we block icmp packets and i was wondering if thats something i should worry about in a win2k network.
Thanks
| Message scanned by TrendMicro |
Message scanned by TrendMicro |
