1

I have been trying to troubleshoot this problem since 20 hours ago, and still can't find a solution.

I brought down (orderly shutdown) a Domain Controller yesterday. No problem at all connecting to it (via RDP).

The Domain Controller is a VM running on top of XenServer 6.0.2.

The problem started after I brought the VM back up. I cannot ping from my computer to the Domain Controller, &vv. However, the Domain Controller can ping to (and be pinged from) the PDC, the Default Gateway, and some other servers.

Since the DC is not the PDC, it's not as critical... but I still wonder what went wrong...

I've even added a Firewall rule to allow any traffic from my computer... still no go. I can't ping to it, and it can't ping to me.

Since it can ping to the PDC, the DG, and (some) other servers, it's not a problem of XenServer's virtual NIC (I think).

What else should I be looking at?

Edit:

More information:

  • The problematic DC's address: 10.153.198.59/22
  • Ping to PDC ( 10.153.199.252/22 ) : successful
  • Ping to My PC ( 10.153.199.77/22 ) : FAILED
  • Ping to Default Gateway ( 10.153.197.254 ) : successful
  • Ping to another (non-DC) server ( 10.153.192.40/23 ) : successful

Note that the problematic DC and My PC are on the same subnet. Yet, pinging to a server on a different subnet works.

Pinging my computer results in an output like this:

Pinging pepoluan.my.domain.com [10.153.199.77] with 32 bytes of data:
Reply from 10.153.198.59: Destination host unreachable.
Reply from 10.153.198.59: Destination host unreachable.
Reply from 10.153.198.59: Destination host unreachable.
Reply from 10.153.198.59: Destination host unreachable.

Finally, output of route print:

===========================================================================
Interface List
 13...1e a1 17 a3 d9 74 ......Citrix PV Ethernet Adapter #0
  1...........................Software Loopback Interface 1
 11...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 14...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0   10.153.197.254    10.153.198.59    266
     10.153.196.0    255.255.252.0         On-link     10.153.198.59    266
    10.153.198.59  255.255.255.255         On-link     10.153.198.59    266
   10.153.199.255  255.255.255.255         On-link     10.153.198.59    266
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link     10.153.198.59    266
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link     10.153.198.59    266
===========================================================================
Persistent Routes:
  Network Address          Netmask  Gateway Address  Metric
          0.0.0.0          0.0.0.0   10.153.197.254  Default 
===========================================================================

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
 13    266 fe80::/64                On-link
 13    266 fe80::d993:f856:31c6:4cbe/128
                                    On-link
  1    306 ff00::/8                 On-link
 13    266 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
pepoluan
  • 4,918
  • 3
  • 43
  • 71
  • The default firewall in recent versions of Windows blocks ping, even a "allow everything from IP" might not override other rules blocking a specific protocol. Have you checked other systems can ping the workstation? – Richard Nov 22 '12 at 09:28
  • Also, check the arp table (arp -a). Is the target machine included? – ramruma Nov 22 '12 at 09:42
  • @ramruma strange... `arp -a` does not show the MAC of the target machines... but there are *lots* of MACs from many other computers. I wonder what's going on... – pepoluan Nov 26 '12 at 03:47
  • 1
    First, check routing. Make sure your PC can actually route traffic to the DC. You can confirm this by using something like wireshark. Also try traceroute to ensure the traffic isn't being routed somewhere strange. If traffic isn't making it to the DC then it's likely there's a bad route or access list rule preventing the traffic. (This could be a windows or third party client firewall). I would be most interested to see if the ICMP packets are actually reaching the DC. – blacklight Feb 24 '15 at 23:03
  • Have you tried to do a command prompt with elevated privileges? Open command prompt "Run as Administrator" Now try Ping. It should work. Don't have the answer why it works with elevated privileges but it does. I'm still looking for that answer. –  Feb 24 '15 at 22:55

0 Answers0