On the machine running wireshark (which should not be either the
client or server with which you're running the tests, and which is
attached to the monitor/span port on the switch):
- Do you see echo requests by the server when you use it to ping
the client?
- Do you see replies from the client when it is pinged by the server?
- Do you see echo requests by the client when you use it to ping
the server?
- Do you see echo replies from the server when it is pinged by the client?
If no to any of the above, you one ore more of the following is true
- You have not turned up monitoring on the switch
- You are not monitoring the correct ports on the switch
- One ore more of the test machines has a firewall that is blocking pings
- If the server and client are on different subnets, one or more
of the following might also be true:
- Routing is screwy between your subnets
- There's a firewall between your subnets
- If the server and client are on different switches, you might
have a problem with your VLANs or switch connectivity
I think that mostly covers it.
Kurt
On Tue, Jul 3, 2012 at 2:04 PM, Glen Johnson <[email protected]> wrote:
> Kurt.
> Turned on logging both allowed and dropped in the 2008r2 server.
> I don't see any entries for dropped traffic from my workstation, but if I
> ping from server to workstation, then ping workstation to server, I see the
> allowed packed.
> What I do see for dropped packets is a lot of this which is all IPv4 traffic.
> Date time action protocol src-ip dst-ip src-port dst-port size tcpflags
> tcpsyn tcpack tcpwin icmptype icmpcode info path
> 2012-07-03 13:55:50 DROP ICMP 192.168.0.1 192.168.0.9 - - 56 - - - - 5 0 -
> RECEIVE
> 192.168.0.1 is our core router.
> 192.168.0.9 is the server.
>
> Also, just for testing, I uninstalled Symantec AV. Only the AV part, no
> network threat protection.
> No change.
>
> The hunt continues.
>
> -----Original Message-----
> From: Kurt Buff [mailto:[email protected]]
> Sent: Tuesday, July 03, 2012 1:24 PM
> To: NT System Admin Issues
> Subject: Re: Ping help
>
> On Tue, Jul 3, 2012 at 10:07 AM, Glen Johnson <[email protected]> wrote:
>> Need help please.
>> We have 3 x 2008r2 domain controllers.
>> We've been fighting with some unusually slow domain logins and other
>> flakiness for a while.
>> For example navigating between OUs in active directory users and computers
>> is painfully slow.
>> While testing basic connectivity, I found that a ipv6 ping to one of our
>> domain controllers fails, but here is the interesting part.
>> If I ping -6 from domain controller to my workstation, then for a couple
>> minutes, ping -6 from my workstation to the domain controller works.
>> After just about 2 minutes, it begins failing again when I ping workstation
>> to server. Destination host unreachable is the error.
>> Ping -6 from my workstation to all other servers and domain controllers work
>> fine.
>> I checked the windows firewall on the failing computer and it looks
>> identical to the other 2 domain controllers.
>> One point that may be relevant. The failing DC has 2 nics. I did try
>> disabling one of the nics and rebooting. No help.
>> Turned windows firewall off, no help.
>> Any suggestions appreciated.
>
> While I haven't run into this problem, I'd like to suggest an approach...
>
> Do you have access to a span/mirror port on the switch to which the
> 2008R2 server connects? Can you run a wireshark capture of the traffic
> between that server and the machine you're using to diagnose this issue?
>
> This will be your best bet for capturing the true network traffic.
>
> Also, is there anything in any of the logs on either machine?
>
> Kurt
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
> <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to [email protected]
> with the body: unsubscribe ntsysadmin
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to [email protected]
> with the body: unsubscribe ntsysadmin
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to [email protected]
with the body: unsubscribe ntsysadmin
