none
No IP gateway access after installation

    Question

  • Very simple. Existing network, 3 routers, many servers (Win 2008). Install a fresh WinSrv 2012 Standard on a HP DL140. Set as fixed IP. Identify the LAN as private. The server refuses to connect to the internet, although DNS works, NSLOOKUP works, all local addresses work EXCEPT the router addresses, all other machines use the routers without problems. When pinging, reply is "Destination host unreachable". Firewall disabled, etc. etc. I'm at a loss.

    Saturday, November 24, 2012 1:19 PM

Answers

  • Resolved. The switch was actively blocking IGMP traffic (Tim, ironically, it was a Cisco Catalyst ;-)

    • Marked as answer by WatashiFR Wednesday, November 28, 2012 3:38 PM
    Wednesday, November 28, 2012 3:38 PM

All replies

  • To exclude problems with the hardware I've repeated the installation on a different machine (also a HP DL140). The same problem occurs. Here are my assumptions:

    • the hardware is not at fault (problem can be reproduced on a different machine)
    • the network is functioning (I can reach other machines from the server and other machines can reach it)
    • the routers are functioning (other machines use them)(I'm using them right now to type this message)
    • the routing table shows nothing out of the ordinary
    • DHCP or fixed IP are not making a difference
    • any requests that are made from the server DO NOT leave the server itself (arp does not show the gateway address)
    • ping shows "destination host unreachable", instead of "request timed out"
    • Firewall enabled or disabled does not make a difference
    • Firewall logging reveals a fascinating entry: "2012-11-26 07:14:36 ALLOW ICMP 192.168.0.250 224.0.0.1 - - 0 - - - - 9 0 - RECEIVE" (250 is the address of one of the routers). So my router sends a multicast which seems to arrive on the server?
    • I am now frustrated beyond belief

    Monday, November 26, 2012 3:39 PM
  • Could you post an ipconfig /all of the problem server?

    tim

    Tuesday, November 27, 2012 7:11 PM
  • IP config:

    Windows IP Configuration

       Host Name . . . . . . . . . . . . : LYNC
       Primary Dns Suffix  . . . . . . . : xxxxxxxx.xxx
       Node Type . . . . . . . . . . . . : Hybrid
       IP Routing Enabled. . . . . . . . : No
       WINS Proxy Enabled. . . . . . . . : No
       DNS Suffix Search List. . . . . . : xxxxxxxx.xxx

    Ethernet adapter Ethernet:

       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Embedded Broadcom NetXtreme 5721 PCI-E Gigabit NIC
       Physical Address. . . . . . . . . : 00-1B-78-D2-8B-FA
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes
       IPv4 Address. . . . . . . . . . . : 192.168.0.58(Preferred)
       Subnet Mask . . . . . . . . . . . : 255.255.255.0
       Default Gateway . . . . . . . . . : 192.168.0.250
       DNS Servers . . . . . . . . . . . : 192.168.0.59
       NetBIOS over Tcpip. . . . . . . . : Enabled

    Tunnel adapter isatap.{519469A0-C6E2-4295-9169-378A0367529A}:

       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes
       Link-local IPv6 Address . . . . . : fe80::5efe:192.168.0.58%13(Preferred)
       Default Gateway . . . . . . . . . :
       DNS Servers . . . . . . . . . . . : 192.168.0.59
       NetBIOS over Tcpip. . . . . . . . : Disabled

    Ping result (www.microsoft.com):

    Pinging lb1.www.ms.akadns.net [65.55.57.27] with 32 bytes of data:
    Reply from 192.168.0.58: Destination host unreachable.
    Reply from 192.168.0.58: Destination host unreachable.
    Request timed out.
    Reply from 192.168.0.58: Destination host unreachable.

    Ping statistics for 65.55.57.27:
        Packets: Sent = 4, Received = 3, Lost = 1 (25% loss),

    ARP cache after ping:


    Interface: 192.168.0.58 --- 0xe
      Internet Address      Physical Address      Type
      192.168.0.53          00-30-48-70-59-26     dynamic
      192.168.0.59          00-30-48-5b-6a-5c     dynamic
      192.168.0.99          00-1f-16-fc-ad-34     dynamic
      192.168.0.255         ff-ff-ff-ff-ff-ff     static
      224.0.0.22            01-00-5e-00-00-16     static
      224.0.0.252           01-00-5e-00-00-fc     static
      239.255.255.250       01-00-5e-7f-ff-fa     static

    Firewall log entries concerning ping and dns lookup (.59 is the dns server):

    2012-11-26 19:52:20 ALLOW UDP 192.168.0.58 192.168.0.59 62144 53 0 - - - - - - - SEND
    2012-11-26 19:53:46 ALLOW UDP 192.168.0.58 192.168.0.59 62145 53 0 - - - - - - - SEND
    2012-11-26 19:53:46 ALLOW UDP 192.168.0.58 192.168.0.59 62146 53 0 - - - - - - - SEND
    2012-11-26 19:53:46 ALLOW UDP 192.168.0.58 192.168.0.59 62147 53 0 - - - - - - - SEND
    2012-11-26 19:53:48 ALLOW UDP 192.168.0.58 192.168.0.59 51194 53 0 - - - - - - - SEND
    2012-11-26 19:54:02 ALLOW UDP 192.168.0.58 192.168.0.59 55395 53 0 - - - - - - - SEND
    2012-11-26 19:54:02 ALLOW ICMP 192.168.0.58 65.55.57.27 - - 0 - - - - 8 0 - SEND
    2012-11-26 19:54:04 ALLOW ICMP 192.168.0.58 65.55.57.27 - - 0 - - - - 8 0 - SEND
    2012-11-26 19:54:07 ALLOW ICMP 192.168.0.58 65.55.57.27 - - 0 - - - - 8 0 - SEND
    2012-11-26 19:54:12 ALLOW ICMP 192.168.0.58 65.55.57.27 - - 0 - - - - 8 0 - SEND
    2012-11-26 19:55:10 ALLOW UDP 192.168.0.58 192.168.0.59 64511 53 0 - - - - - - - SEND

    Wednesday, November 28, 2012 1:50 PM
  • Resolved. The switch was actively blocking IGMP traffic (Tim, ironically, it was a Cisco Catalyst ;-)

    • Marked as answer by WatashiFR Wednesday, November 28, 2012 3:38 PM
    Wednesday, November 28, 2012 3:38 PM