General discussion

  • Creator
    Topic
  • #2317429

    Selective TCP/IP question

    Locked

    by wburdine ·

    I have two sworkstations on my network that are unable to ping SERVER2, nor can SERVER2 ping those systems. Every system is on the same subnet and all systems can ping each other fine with the exception of these two workstations not able to ping just the SERVER2. The workstations get handed their info via DHCP from another server like all the rest of the workstations and I have plenty of leases available. Any ideas….

All Comments

  • Author
    Replies
    • #3379979

      Reply To: Selective TCP/IP question

      by iupgrade ·

      In reply to Selective TCP/IP question

      Call the workstations that cannot ping SERVER2 WORKSTATION1 AND WORKSTATION2.
      1. Please list the IP address and subnet mask of all 3 stations.
      2. Are you ping’ing from the DOS prompt? If not, then please do your pings from the DOS prompt, rather than some ping utility.
      3. Can WORKSTATION1 ping WORKSTATION2, and vice versa?
      4. What is the resulting message on WORKSTATION1 when WORKSTATION1 tries to ping SERVER2? Do you get a time out, or some other message?
      5. Is the resulting message the same when pinging between WORKSTATION2 and SERVER2?
      6. What about pinging from SERVER2?
      7. After trying to ping from each of the 2 work stations and the server unsuccessfully, what does the ARP cache show for each of the 3 machines? From the DOS prompt, type (without the “>” symbols). This will show a table with the MAC address (physical address) and corresponding IP address for each node that you have tried to contact. Does this table show a MAC address for the IP of the unsuccessful pings? If it does show a MAC address, then can you confirm that it is indeed the MAC address of the station you are trying to ping?
      8. Try doing a traceroute (from the DOS prompt, “tracert “) for each of these problem stations, to be certain that you are not crossing a router for some reason.
      9. Are any of these work stations, or the server running a software firewall that might be disallowing the traffic, based on IP address, or MAC address?
      10. Just to clarify, every station on your network can ping these 3 problem stations, and the 3 stations can ping every other station on the network. The issue is that these 3 only cannot ping each other. Is that correct?
      11. Do the 2 problem workstations have anything in common with each other that makes them also different from other stations on the network? Is their operating system different, or are they together in a certain part of the network, or are both of them wireless, …etc?

    • #3379964

      Reply To: Selective TCP/IP question

      by iupgrade ·

      In reply to Selective TCP/IP question

      Call the workstations that cannot ping SERVER2 WORKSTATION1 AND WORKSTATION2.
      1. Please list the IP address and subnet mask of all 3 stations.
      2. Are you ping’ing from the DOS prompt? If not, then please do your pings from the DOS prompt, rather than some ping utility.
      3. Can WORKSTATION1 ping WORKSTATION2, and vice versa?
      4. What is the resulting message on WORKSTATION1 when WORKSTATION1 tries to ping SERVER2? Do you get a time out, or some other message?
      5. Is the resulting message the same when pinging between WORKSTATION2 and SERVER2?
      6. What about pinging from SERVER2?
      7. After trying to ping from each of the 2 work stations and the server unsuccessfully, what does the ARP cache show for each of the 3 machines? From the DOS prompt, type (without the “>” symbols). This will show a table with the MAC address (physical address) and corresponding IP address for each node that you have tried to contact. Does this table show a MAC address for the IP of the unsuccessful pings? If it does show a MAC address, then can you confirm that it is indeed the MAC address of the station you are trying to ping?
      8. Try doing a traceroute (from the DOS prompt, “tracert “) for each of these problem stations, to be certain that you are not crossing a router for some reason.
      9. Are any of these work stations, or the server running a software firewall that might be disallowing the traffic, based on IP address, or MAC address?
      10. Just to clarify, every station on your network can ping these 3 problem stations, and the 3 stations can ping every other station on the network. The issue is that these 3 only cannot ping each other. Is that correct?
      11. Do the 2 problem workstations have anything in common with each other that makes them also different from other stations on the network? Is their operating system different, or are they together in a certain part of the network, or are both of them wireless, …etc?

    • #3379959

      Reply To: Selective TCP/IP question

      by iupgrade ·

      In reply to Selective TCP/IP question

      Call the workstations that cannot ping SERVER2 WORKSTATION1 AND WORKSTATION2.
      1. Please list the IP address and subnet mask of all 3 stations.
      2. Are you ping’ing from the DOS prompt? If not, then please do your pings from the DOS prompt, rather than some ping utility.
      3. Can WORKSTATION1 ping WORKSTATION2, and vice versa?
      4. What is the resulting message on WORKSTATION1 when WORKSTATION1 tries to ping SERVER2? Do you get a time out, or some other message?
      5. Is the resulting message the same when pinging between WORKSTATION2 and SERVER2?
      6. What about pinging from SERVER2?
      7. After trying to ping from each of the 2 work stations and the server unsuccessfully, what does the ARP cache show for each of the 3 machines? From the DOS prompt, type (without the “>” symbols). This will show a table with the MAC address (physical address) and corresponding IP address for each node that you have tried to contact. Does this table show a MAC address for the IP of the unsuccessful pings? If it does show a MAC address, then can you confirm that it is indeed the MAC address of the station you are trying to ping?
      8. Try doing a traceroute (from the DOS prompt, “tracert “) for each of these problem stations, to be certain that you are not crossing a router for some reason.
      9. Are any of these work stations, or the server running a software firewall that might be disallowing the traffic, based on IP address, or MAC address?
      10. Just to clarify, every station on your network can ping these 3 problem stations, and the 3 stations can ping every other station on the network. The issue is that these 3 only cannot ping each other. Is that correct?
      11. Do the 2 problem workstations have anything in common with each other that makes them also different from other stations on the network? Is their operating system different, or are they together in a certain part of the network, or are both of them wireless, …etc?

    • #3379774

      Reply To: Selective TCP/IP question

      by otl ·

      In reply to Selective TCP/IP question

      From the DOS prompt type;
      TRACERT (server IP address) this will tell you which router/server is blocking access or times out to this server.

    • #3378656

      Reply To: Selective TCP/IP question

      by wburdine ·

      In reply to Selective TCP/IP question

      Thanks for your input, but a text book step by step has already been done. For brief writing purposes I gave the pertinent info needed to diagnosis the problem, but just to clarify again….
      1) the workstations can’t ping the server in question…no problem pinging each other though.
      2) everybody is on the SAME SUBNET and the workstations get their ip’s from another server on the SAME subnet through DHCP
      3) tracert won’t be of any value on the same subnet if you can’t ping the machine in the first place.
      4) a result of arp-a only shows communication with the DHCP server and nothing else.
      5) everything is on STP CAT5e
      6) the DHCP server can ping all systems on the subnet no problem. It’s the second server on the subnet that these two identically setup workstatons (incl the hardware, software, and OS) can not reach.

    • #3380681

      Reply To: Selective TCP/IP question

      by deadly ernest ·

      In reply to Selective TCP/IP question

      Have you checked if SERVER2 can be pinged by SERVER1 and the other workstations?

      When ping fails on just one machine my first thought is to see if some sort of firewall or security on the machine being pinged is not accepting or allowing the ping or response, second thought is the for the same sort of protection on the machine doing the pinging.

      In the network layout is there a router between these workstations and SERVER2? If so it may be that the router is set not to allow pings in both directions.

      Because everybody is getting their infor via a DHCP server I suspect you have ICMP activity restricted in part of the network and that security restriction is between your 2 workstations and SERVER2

    • #3380200

      Reply To: Selective TCP/IP question

      by iupgrade ·

      In reply to Selective TCP/IP question

      Is the switch(s) that the traffic passes through capable of shaping network traffic, either by VLANs,or some other way to disallow this traffic (perhaps based on MAC address)? Since you state that this issue occurs on a flat network, and each machine in question is able to ping all other devices except the problem device, and since IP addresses are gotten via DHCP, then it is logical to assume that one of the stations (probably the server, since it is the common denominator) has a software firewall that is blocking traffic based on MAC address, or else some device in between (like the switch) is blocking the traffic.
      Also, I do not believe that you stated what the ping failure message was; whether a “request timed out”, or “destination host unreachable” or some other ICMP message.

      • #3380197

        Reply To: Selective TCP/IP question

        by iupgrade ·

        In reply to Reply To: Selective TCP/IP question

        It may be necessary to take a network sniffer trace to determine where the ping request is failing. Ethereal is a good free-ware sniffer program.

    • #2743490

      Reply To: Selective TCP/IP question

      by wburdine ·

      In reply to Selective TCP/IP question

      Well to answer som of your questions….Server1 can ping everything including Server2, all workstations with the exception of the two problem one can ping every thing but Server2. Server2 does not have an active firewall or TCP/IP filtering turned on. There are NO firewalls between any of these systems, they are all on the same subnet connected to the same switch under the same VLAN. When doing a ping from these workstations both come up with ‘timed out’. I am upping the points on this one now…. thanks for all your inputs thus far…

    • #2743489

      Reply To: Selective TCP/IP question

      by wburdine ·

      In reply to Selective TCP/IP question

      Point value changed by question poster.

Viewing 8 reply threads