Hyper-V Server Can Ping Default Gateway but Virtual Guest Cannot
-
Friday, January 04, 2013 8:58 AM
Surprisingly, none of the related topics were exactly what my situation is, nor did their suggestions translate well to my issue.
I have an HP server with dual NICS running Windows Server 2008 R2 Std and the Hypervisor role. The #1 NIC is assigned to this host, and its IP is 192.168.0.252/24, with a DGW of 192.168.0.1. It can ping any host on the network and with the aid of my remote management software is accessible from the Internet. it runs flawlessly.
The one and only guest is running Windows 2011 SBS with all its assorted roles. Its assigned exclusively to the #2 NIC, and its IP is 192.168.0.7/24 with a DWG of 192.168.0.1. It can ping itself, but nothing else. It doesnt see the router (an ASA) or anything else on the network. No amount of tearing down and rebuilding the network connection has helped. Ive turned off the various offloading functions described in the other articles, and tried assigning other IP addresses in the same subnet, but nothing helps.
All Replies
-
Friday, January 04, 2013 10:45 AM
Hello
first and may be stupid question do you have created any virtual switch ? what kind ?
Regerds
- Edited by Ales75 Friday, January 04, 2013 10:49 AM correction
-
Friday, January 04, 2013 2:00 PM
Hi Ales75,
Isn't a stupid question, but a very good one !
Regards;
Best Regards Don't forget to mark it as answer if it helps
-
Friday, January 04, 2013 2:35 PM
First question, as posed by Ales75, is what sort of virtual switch did you create for the guest? Could you provide some details about what and how you created it?
Secondly, are you sure that the guest firewall is set up to allow ping? By default, it is generally turned off - not sure with SBS. To ensure pings work correctly, you can issue these PowerShell commands.
Set-NetFirewallRule –Name “FPS-ICMP4-ERQ-In” –Enabled True Set-NetFirewallRule –Name “FPS-ICMP6-ERQ-In” –Enabled True Set-NetFirewallRule –Name “FPS-ICMP4-ERQ-Out” –Enabled True Set-NetFirewallRule –Name “FPS-ICMP6-ERQ-Out” –Enabled True
If you want to query the firewall rule, you would use the following:
Get-NetFirewallRule –Name “FPS-ICMP4-ERQ-In” Get-NetFirewallRule –Name “FPS-ICMP6-ERQ-In" Get-NetFirewallRule –Name “FPS-ICMP4-ERQ-Out” Get-NetFirewallRule –Name “FPS-ICMP6-ERQ-Out"
tim
-
Friday, January 04, 2013 3:10 PM
The firewalls on both the guest and the host are turned off at this point.
As for the switch, its an external switch. Ive tried the configuration both with and without sharing management access.
When this whole thing started the guest NIC just wouldnt hold its IP. It was there in the GUI, but not if you did an ipconfig. Dozens of attempts to uninstall cards and recreate switches later, I have a single external vswitch sharing with management that has the IP bound in the guest but still unable to ping anything on the LAN.
Heres an additional post from Spiceworks, where I also posed this question.
YLTO - Eric Price Jan 4, 2013 at 1:16 AM
Ill go ahead and throw out that Ive pretty well done these steps
• Shut down the VM
• removed the virtual NICs using the Hyper-V management console
• started the VM
• cleaned up some old phantom adapters
• shut down the VM
• re-added the virtual NICs in the management console
• Started teh VM and configured its networking.Also, for getting rid of the old adapters
1. Open a command prompt with administrative privlidges (right-click, Run as administrator)
2. In the command prompt enter the following two commands in order:
• SET DEVMGR_SHOW_NONPRESENT_DEVICES=1
• START DEVMGMT.MSC
3. The second command is very important, because if you don't start the Device Manager session from inside the elevated command prompt you just opened, you won't have the proper settings.
4. Once Device Manager is open, go to "View" and select "Show hidden devices"
5. Expand "Network Adapters" and you should see any VM NICs that have been removed (they will be greyed out). Select them, right-click and choose "Uninstall"(both those are from places I found on the web)
This last time (which I just finished) I tried using a new IP (same subnet obviously) and I only added the vmware nic back in after a) reinstalling the integration software and b) removing any registry references to "Local Area Connection" in the HKLM\SYSTEM\ControlSet001\Control\Network section of the registry. I didnt find any articles telling me to do it per se, but Ive had trouble with server remembering my IP, and it seemed reasonable with the name (LAC) that they were left overs.
With that, I find that my IP address now "sticks" to the adapter in a way that it didnt before, and yet I still cant ping anything else on the network (which I can from the host). The error is either Destination host unreachable from the IP of the virtual guest or Request Timed Out. I can ping my own IP (now 192.168.0.251)
When I boot to safe mode with networking the result is the same - can ping self, but not network.
-
Friday, January 04, 2013 3:58 PM
Well
sounds a very strange thing at htis point and after what you already did..
another stupid question, since it sounds me like a network problem, can you provide further details about the nic and the switch..
are your nic driver updated ?
can you check in the nic properties if you have all the proper protocols enabled..
can you check in network advanced properties the binding order of your nics ?
obviously since your nic or your vswitch can't get out the VM its something mispelled in nic or the switch for example.. i guess
may be diggin a little more around will reveal something missed somehwere.
just a try
Regards
------------------------------------------------------- I understand a little computers.
-
Friday, January 04, 2013 4:12 PMModerator
Delete all Virtual Switches that have been created and then create a new External Virtual Switch.
If anything changed with the NIC driver after creating the External Virtual Switch it causes problems.
Also, if you mucked around with things, this will clean up anything that should not have been done.
And, make sour that there is no MAC address limiting happening. As the VM has its own MAC. So there are now two MACs on one port of your physical switch. Many folks have run into an old security practice of limiting post to single MAC addresses to prevent folks from plugging in another hub or placing rogue VMs on a port.
Brian Ehlert
http://ITProctology.blogspot.com
Learn. Apply. Repeat.
Disclaimer: Attempting change is of your own free will. -
Friday, January 04, 2013 4:59 PM
well
i would check on the switch if there's something no correct.. for example something related to mac addresses options.. i dont know your hardware.. and if your switch is able to.. if it is a managed switch, i would check logs on it and ARP TABLES to see what's happening.
Regards
------------------------------------------------------- I understand a little computers.
-
Friday, January 04, 2013 5:02 PM
and..
is dns on sbs 2011 ok ?
have you checked it ?
------------------------------------------------------- I understand a little computers.
-
Saturday, January 05, 2013 3:13 PM Sorry for the delays. Those are a lot of great suggestions. There was no VLANing or MAC filtering going on. Ultimately, (I think) it just ended up being a corruption in the original vswitch / nic configuration that resisted efforts to be cleaned up so I could start again. Fortunately, I had someone point me to this tool
http://archive.msdn.microsoft.com/nvspscrub
Which did a more thorough job of cleaning up the phantoms in the host. Once that was done, I could start from scratch and I got a result that worked, first time out. Maybe I just got lucky. Anyway, Im done with the problem, so I thank you all for chiming in and I wish you the best in the new year.- Marked As Answer by YLTO - Eric P Saturday, January 05, 2013 3:13 PM
-
Monday, January 07, 2013 2:20 AMModerator
Hi,
Thanks for sharing your experience!
You experience and solution can help other community members facing similar problems.
Thanks for your contribution to Windows Server Forum!
Have a nice day!Lawrence
TechNet Community Support
.png)
