Can't Ping Windows 2003 server after R2 Upgrade..HELP!

  • Thread starter Thread starter HbooGz
  • Start date Start date
H

HbooGz

Hey All.

the server was oringally a windows 2000 sp4 DC. i upgraded to windows
2003 SP1, which worked fine but once i upgraded to R2, the machine is
not allowing any incoming connections ( icmp) I get tons of error
messages realted to services that normally would require connectivity.

I've tried disabled ICF, enabling it and allowing for ICMP - nothing
i'm disabled any ipsec polices and added the ProhibitIpSec registry key
i've reinstalled the NIC drivers about 4 times.


i can't figure it out, it appears that its letting selective traffic
pass through it but defintely not ICMP.
 
HbooGz said:
Hey All.

the server was oringally a windows 2000 sp4 DC. i upgraded to windows
2003 SP1, which worked fine but once i upgraded to R2, the machine is
not allowing any incoming connections ( icmp) I get tons of error
messages realted to services that normally would require connectivity.

I've tried disabled ICF, enabling it and allowing for ICMP - nothing
i'm disabled any ipsec polices and added the ProhibitIpSec registry key
i've reinstalled the NIC drivers about 4 times.


i can't figure it out, it appears that its letting selective traffic
pass through it but defintely not ICMP.
Click to expand...

See if the windows firewall somehow got turned on.
 
UPDATE* -- i've enabled to the windows firewall just to see what can be
done
with regard to icmp.

i've used the netsh command to add a custom port that DAMEWARE remote
uses.

netsh firewall add portopening TCP 6129 dameware.

once i added that, i was able to dameware into the box ( which i wasn't
able
to do previously)

i then adjust the ICMP setting to allow ALL icmp.

netsh firewall set icmpsetting ALL enable

and allowed incoming

netsh firewall set icmpsetting 8 enable

C:\>netsh firewall show icmpsetting

ICMP configuration for Standard profile:
Mode Type Description
-------------------------------------------------------------------
Enable 2 Allow outbound packet too big
Enable 3 Allow outbound destination unreachable
Enable 4 Allow outbound source quench
Enable 5 Allow redirect
Enable 8 Allow inbound echo request
Enable 9 Allow inbound router request
Enable 11 Allow outbound time exceeded
Enable 12 Allow outbound parameter problem
Enable 13 Allow inbound timestamp request
Enable 17 Allow inbound mask request

ICMP configuration for Local Area Connection 7:
Mode Type Description
-------------------------------------------------------------------
Enable 3 Allow outbound destination unreachable
Enable 4 Allow outbound source quench
Enable 5 Allow redirect
Enable 8 Allow inbound echo request
Enable 9 Allow inbound router request
Enable 11 Allow outbound time exceeded
Enable 12 Allow outbound parameter problem
Enable 13 Allow inbound timestamp request
Enable 17 Allow inbound mask request

then - i disabled netsh opmode and enable's the exceptions on all the
interfaces. I disabled the ICF service in the services console and
restarted
the machine. this is the output of the opmode syntax.

C:\>netsh firewall show opmode

Domain profile configuration:
-------------------------------------------------------------------
Operational mode = Disable
Exception mode = Enable

Standard profile configuration:
-------------------------------------------------------------------
Operational mode = Disable
Exception mode = Enable

Local Area Connection 7 firewall configuration:
-------------------------------------------------------------------
Operational mode = Disable

Local Area Connection 8 firewall configuration:
-------------------------------------------------------------------
Operational mode = Disable

This is my config: Looks like i might want to disable the ICF using the
domain profile in gpo, since it looks enabled ?

C:\>netsh firewall show config

Domain profile configuration:
-------------------------------------------------------------------
Operational mode = Disable
Exception mode = Enable
Multicast/broadcast response mode = Enable
Notification mode = Enable

Service configuration for Domain profile:
Mode Customized Name
-------------------------------------------------------------------
Enable No File and Printer Sharing

Port configuration for Domain profile:
Port Protocol Mode Name
-------------------------------------------------------------------
139 TCP Enable NetBIOS Session Service
445 TCP Enable SMB over TCP
137 UDP Enable NetBIOS Name Service
138 UDP Enable NetBIOS Datagram Service

Standard profile configuration:
-------------------------------------------------------------------
Operational mode = Disable
Exception mode = Enable
Multicast/broadcast response mode = Enable
Notification mode = Enable

Service configuration for Standard profile:
Mode Customized Name
-------------------------------------------------------------------
Enable No File and Printer Sharing

Port configuration for Standard profile:
Port Protocol Mode Name
-------------------------------------------------------------------
6129 TCP Enable dameware
139 TCP Enable NetBIOS Session Service
445 TCP Enable SMB over TCP
137 UDP Enable NetBIOS Name Service
138 UDP Enable NetBIOS Datagram Service

ICMP configuration for Standard profile:
Mode Type Description
-------------------------------------------------------------------
Enable 2 Allow outbound packet too big
Enable 3 Allow outbound destination unreachable
Enable 4 Allow outbound source quench
Enable 5 Allow redirect
Enable 8 Allow inbound echo request
Enable 9 Allow inbound router request
Enable 11 Allow outbound time exceeded
Enable 12 Allow outbound parameter problem
Enable 13 Allow inbound timestamp request
Enable 17 Allow inbound mask request

Log configuration:
-------------------------------------------------------------------
File location = C:\WINNT\pfirewall.log
Max file size = 4096 KB
Dropped packets = Enable
Connections = Disable

Local Area Connection 7 firewall configuration:
-------------------------------------------------------------------
Operational mode = Disable

Port configuration for Local Area Connection 7:
Port Protocol Mode Name
-------------------------------------------------------------------
3389 TCP Enable Remote Desktop

ICMP configuration for Local Area Connection 7:
Mode Type Description
-------------------------------------------------------------------
Enable 3 Allow outbound destination unreachable
Enable 4 Allow outbound source quench
Enable 5 Allow redirect
Enable 8 Allow inbound echo request
Enable 9 Allow inbound router request
Enable 11 Allow outbound time exceeded
Enable 12 Allow outbound parameter problem
Enable 13 Allow inbound timestamp request
Enable 17 Allow inbound mask request

Local Area Connection 8 firewall configuration:
-------------------------------------------------------------------
Operational mode = Disable

This is increasingly looking like a bug in the tcpip stack --

thoughts ?
 
Back
Top