cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

Cannot reach/ping second 2019 server via Site-to-Site VPN, all other computers can be reached

MarcusEHammer
Copper Contributor

‎Nov 09 2020 10:25 AM

‎Nov 09 2020 10:25 AM

Cannot reach/ping second 2019 server via Site-to-Site VPN, all other computers can be reached

Hi!

 

I REALLY need help on this issue!

 

Main office has:

192.168.1.0/24

Branch office:

192.168.2.0/24

i.e. two different subnets.

 

DHCP is configured in the routers on each side; main/branch (i.e. no DHCP configured in the server).

 

Main office has two Windows Server 2019:

1. Main server with AD, DNS, DC

2. Application server that is joined to domain

 

and there are also clients in the main office:

3. Normal domain connected clients (Win10 and Win8)

 

I can ping forth and back between all computers but when I try to ping from Branch to Main office towards the "2. Application Server" I don't get through.

 

I have no probem to ping from Branch to "1. Main server" or towards normal clients in the "main network".

 

If I ping "2. Application server" from any local computer on the Main office side, the server responds.

 

Basic fault tracing tells me it's a server configuration thing versus the Branch network, something in the "2. Application server" stops the calls, right?

 

I have checked the server's firewall (incoming ping) and also temporarely  turned off the firewall, but no success. So firewall seems to be out of the question.

 

I also added the branch's subnet in "1. Main server" under AD Services and Sites, no success.

 

I really can't understand this magic going on in the second server, why doesn't it respond to calls from the Branch side?

 

Please help!

 

br

/Marcus

 

 

 

 

3,516 Views
0 Likes
3 Replies
Reply
3 Replies
TamasKosarszki

‎Nov 09 2020 12:15 PM - edited ‎Nov 09 2020 12:20 PM

‎Nov 09 2020 12:15 PM - edited ‎Nov 09 2020 12:20 PM

Re: Cannot reach/ping second 2019 server via Site-to-Site VPN, all other computers can be reached

Hello,

 

it is really interesting. 

- What was the error message during the ping from Branch office?

- What is the result, when you start a ping from App server to Branch office?

- I think App server has static IP.. Is the gateway surely right in the App server NIC? 

-Did you add static route rule to windows route table before? (maybe server has wrong gateway to branch subnet)

- You mentioned already tried without firewall. Did you disabled all three firewall profile? 

 

0 Likes
Reply
MarcusEHammer

‎Nov 09 2020 02:17 PM - edited ‎Nov 09 2020 02:26 PM

‎Nov 09 2020 02:17 PM - edited ‎Nov 09 2020 02:26 PM

Re: Cannot reach/ping second 2019 server via Site-to-Site VPN, all other computers can be reached

@TamasKosarszki 

What was the error message during the ping from Branch office?

"Request timed out."

 

What is the result, when you start a ping from App server to Branc office?

Hmm, I might have missed that test case ... actually I get "Request timed out" from App server towards Branch computer.

Main server and Win10 client is ok towards Branch computer.

 

Did you add static route rule to windows route table before (maybe it try to send respond on wrong gateway)? 

I do have basic skills in network, but when it comes to "static route rule", I'm kind of lost.

I really don't get why the Main server and clients works but this single server don't.

One finding here (thanks to you) is that the App server seems to be dead in both directions:

- From Branch to App Server

- From App Server to Branch

"Static Route rule" can you guide me on where to add that?

I really don't get why this server should be different from the other WS2019 (Main) server?

 

You mentioned already tried without firewall. Did you disabled all three firewall profile? 

Yes. Tried it ones more now. Doesn't help.

 

I really appreciate your feedback and help! By asking questions and challange we/I might find the issue. Right now I have Googled all Internet and have no more ideas. Very frustrating, I need to get it fixed.

 

Summary:

- Site-to-Site IPSEC VPN with two subnets.

- Branch computer is not domain connected, it can still ping other computers in Main office.

- Branch computer can ping both Main server and Win 10 client...

- ...but not the App server.

- App server can not ping Branch computer.

- App server can be pinged locally within Main office, no issues as long as the VPN tunnel isn't involved.

 

Big thanks for all help I can get!

 

EDIT:

From Branch computer I can ping Main office router (LAN IP).

From App server I cannot ping router (LAN IP) on Branch side!

From other computer within Main office, I can ping Branch router (LAN IP).

 

br

/MH

0 Likes
Reply
best response confirmed by MarcusEHammer (Copper Contributor)
MarcusEHammer

‎Dec 17 2020 06:15 AM

‎Dec 17 2020 06:15 AM

Solution

Re: Cannot reach/ping second 2019 server via Site-to-Site VPN, all other computers can be reached

@MarcusEHammer 

 

It turned out that it was a firmware error!

TP Link sent me a new beta firmware that fixed the issue.

br

/MH

0 Likes
Reply
1 best response

Accepted Solutions
best response confirmed by MarcusEHammer (Copper Contributor)
MarcusEHammer

‎Dec 17 2020 06:15 AM

‎Dec 17 2020 06:15 AM

Solution

Re: Cannot reach/ping second 2019 server via Site-to-Site VPN, all other computers can be reached

@MarcusEHammer 

 

It turned out that it was a firmware error!

TP Link sent me a new beta firmware that fixed the issue.

br

/MH

View solution in original post

0 Likes
Reply