Windows Server Summit 2024
Mar 26 2024 08:00 AM - Mar 28 2024 04:30 PM (PDT)
Microsoft Tech Community
LIVE
SOLVED

Windows Server 2016 is not pingable while it can ping other devices and have DNS problems

Copper Contributor

Hello Community,

I have the following problem: On my VMWare vSphere ESXi 6.7 I have two Windows Server 2016 VMs. One (WDS-01) provides the AD, DNS and DHCP Server, the other one (WDS-02) should provide the WDS and WSUS. While WDS-01 works perfect, I can't ping the WDS-02 from the WDS-01 or the coreswitch of my network. WDS-02 also don't have connection to the internet due to a problem with DNS name resolution.
But i was able to add WDS-02 to my domain and WDS-02 was able to receive an IP-address lease from my DHCP Service running on WDS-01. WDS-02 can ping all other devices in the network but like I allready said, its not pingable itself.

Hope somebody can help me with this problem.

 

Thank you!

 

Jonas

9 Replies
When NLA starts to detect the network location, the machine will contact the domain controller via port 389. If this detection successful, it will get the domain firewall profile (allowing for correct ports and IPv4 ICMP ping) and we cannot change the network location profile.
If the domain was not found or process failed, NLA will let you to determine which firewall profile will be used, private or public.
So I'd check the domain controller and problem client have the static address of DC listed for DNS and no others such as router or public DNS
 

If you needed further help then you can run;

  • Dcdiag /v /c /d /e /s:DCName >c:\dcdiag.log
    (please replace DCName with your domain controller's netbios name)
  • ipconfig /all > C:\dc1.txt
  • ipconfig /all > C:\problemclient.txt
then put files up on OneDrive and share a link.
 
 
 

Hello Dave,

 

I don't have a domain firewall profile configrued yet. So I assume it use a default firewall profile?

On the secondary Windows Server (WS) I use the DHCP from the primary WS. This works good and the DHCP provide the IP of my primary WS which provides a DNS Service which is 172.29.114.52. On a Windows 7 Client this works well, only the WS2016 wont work with this settings :\

Okay, I've found out, that the Windows 7 Client is not able to receive network config from my DHCP, but when configured manualy using the DNS 172.29.114.52, it is able to connect to the internet.


@Jonas Löffel wrote:

Hello Dave,

 

I don't have a domain firewall profile configrued yet. So I assume it use a default firewall profile?

 


It doesn't work quite like that. When NLA starts to detect the network location, the machine will contact the domain controller via port 389. If this detection successful, it will get the domain firewall profile (allowing for correct ports and IPv4 ICMP ping) and we cannot change the network location profile.
If the domain was not found or process failed, NLA will let you to determine which firewall profile will be used, private or public. Beyond this your options are to enable or disable each profile.

 

Or if you just wanted to allow ICMP then you can; Windows Firewall\Inbound Rules then find ICMPv4-In, right-click on it and Enable

 

icmpv4enable.png 

 

 

 

Hello Dave,

here is the link from the requested files: https://1drv.ms/f/s!AoBwQgegx9tg1RTrbkvb5hjlcCLQ

 

As you can see, the DNS test failed for some reasons.

 

Both, the DC as well as the 2nd server have a static IP. Both devices are in the same domain, ABPROJ-HYRULE is the DC, ABPORJ-WDS-WSUS is the server which is not pingable but can ping other devices. It also can not access the Internet.

 

Oh, I was not able to change the language of the 2nd server because I was not able to download the english languagepack. Hopefully its not a big problem.


@Jonas Löffel wrote:

Okay, I've found out, that the Windows 7 Client is not able to receive network config from my DHCP, but when configured manualy using the DNS 172.29.114.52, it is able to connect to the internet.


I'd check the system event log on DHCP server as the server has problems. (ran out of addresses)

 

 

best response confirmed by Jonas Löffel (Copper Contributor)
Solution

On DC1 remove the router address listed for DNS and replace with 172.29.114.52, then do ipconfig /flushdns, ipconfig /registerdns, and reboot.

The ipconfig on "problemclient" is Ok.

 

The two ipconfig files you put up both have the same hostname? Which would be problematic.

 

For some reason root hints are IPv6 only. (would have expected IPv4)

 

roothints.jpg

 

As a work around you can add your ISP or other public DNS as forwarders. (remove router address here as well)

 

Forwarders1.jpg

 

 

 
 
 

Hello Dave,

 

I allready changed the 2nd hostname, but thanks for the hint :)

 

I removed the gateway IP Adress from the DNS config. Now the 2nd have connection to the internet, thank you very much :) I wish you a good day!

Good news, you're welcome. (please don't forget to mark "best response" if my replies were helpful)

 

 

1 best response

Accepted Solutions
best response confirmed by Jonas Löffel (Copper Contributor)
Solution

On DC1 remove the router address listed for DNS and replace with 172.29.114.52, then do ipconfig /flushdns, ipconfig /registerdns, and reboot.

The ipconfig on "problemclient" is Ok.

 

The two ipconfig files you put up both have the same hostname? Which would be problematic.

 

For some reason root hints are IPv6 only. (would have expected IPv4)

 

roothints.jpg

 

As a work around you can add your ISP or other public DNS as forwarders. (remove router address here as well)

 

Forwarders1.jpg

 

 

 
 
 

View solution in original post