can't ping from one windows server to an other

[Ofir aviel]

hi,

i have 2 windows server 2016 servers

 

both have a static ips

 

server 1 - 192.168.1.2

server 2 - 192.168.1.3

 

i can't ping from one server to an other

if i try to ping from server 1 i get this:

C:\Users\Administrator>ping 192.168.1.3

Pinging 192.168.1.3 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 192.168.1.3:
    Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

and this is from server 2: (its the same, just with a different IP)

C:\Users\Administrator>ping 192.168.1.2

Pinging 192.168.1.2 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 192.168.1.2:
    Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

i have iis running on server 2

and i can access it from server 1

 

any suggestions on how i can fix this?

 

thank you!

[Electronics Wizardy]

what is the firewall set to? I think the public firewall will block pings.

[Ofir aviel]

7 hours ago, Electronics Wizardy said:

what is the firewall set to? I think the public firewall will block pings.

I have disabled both public and private firewalls, and it's still the same.

[Mortenrb]

Even if your firewall is disabled, the Echo Requiest could still be disabled, I believe that with the release of Windows 7/Windows Server 2008 they, as a default, disabled echo on ping requests, so you could try to enable it?

https://www.rootusers.com/how-to-enable-ping-in-windows-server-2019-firewall/

 

Short summary of the information, in case the website goes down:

Open "Windows Defender Firewall with Advanced Security"

Goto "Inbound Rules"

Find "File and Printer Sharing (Echo Request - ICMPv4-In)"

Right click it, and select "Enable Rule"
 

Do the same to ICMPv6-In in case you wish to enable in on IPv6 as well.

[Ofir aviel]

1 hour ago, Mortenrb said:

Even if your firewall is disabled, the Echo Requiest could still be disabled, I believe that with the release of Windows 7/Windows Server 2008 they, as a default, disabled echo on ping requests, so you could try to enable it?

https://www.rootusers.com/how-to-enable-ping-in-windows-server-2019-firewall/

 

Short summary of the information, in case the website goes down:

Open "Windows Defender Firewall with Advanced Security"

Goto "Inbound Rules"

Find "File and Printer Sharing (Echo Request - ICMPv4-In)"

Right click it, and select "Enable Rule"
 

Do the same to ICMPv6-In in case you wish to enable in on IPv6 as well.

i just checked, and its enabled

 

and i still cant get a ping

[Mortenrb]

Hm, weird.

You might have three different ones that needs to be active, one for public, private and domain networks (not sure if that's the case for server editions as well?)

 

Other than that, how is the physical network setup?

Is two servers connected directly to a switch or are they virtual?

 

Also, there might be some outbound rules for the same settings.

[Ofir aviel]

8 hours ago, Mortenrb said:

Hm, weird.

You might have three different ones that needs to be active, one for public, private and domain networks (not sure if that's the case for server editions as well?)

 

Other than that, how is the physical network setup?

Is two servers connected directly to a switch or are they virtual?

 

Also, there might be some outbound rules for the same settings.

It's a virtual network on digitalocean

[Mortenrb]

11 hours ago, Ofir aviel said:

It's a virtual network on digitalocean

Ah, then it makes a tad more sense that a simple fix like this won't work.

 

I'm not quite familiar with DO, but I'll try to come with some possible solutions, based on available information:

 

Maybe checking out this post?

https://www.digitalocean.com/community/questions/i-cannot-seem-to-connect-via-private-ip-address-between-2-droplets

 

Quote

jarland August 29, 2018

Hey friend!

Most often when receiving reports of this, the case is that at least one droplet has had private networking enabled after it’s creation, but it has not been set up yet in the operating system. If that might be the case for you, try these instructions:

https://www.digitalocean.com/docs/networking/private-networking/how-to/enable/#manual

You will also want to make sure that the droplets are both on the same account, as private networking will be limited in communication to droplets on that same account.

Jarland

 

Other than that:

Is the address range of the VPC the same as the server IP-ranges?

And is the firewall setup of the VPC made to allow all local communication?

Quote

snidhidev October 30, 2019

For future readers of this thread:
Also, if a DO Cloud-firewall has been setup for the target droplet, the firewall must be open to ICMP protocol for Ping to work.

 

and remember to reboot after changes on the VPC and/or droplet configuration.

[Ofir aviel]

7 hours ago, Mortenrb said:

Ah, then it makes a tad more sense that a simple fix like this won't work.

 

I'm not quite familiar with DO, but I'll try to come with some possible solutions, based on available information:

 

Maybe checking out this post?

https://www.digitalocean.com/community/questions/i-cannot-seem-to-connect-via-private-ip-address-between-2-droplets

 

 

Other than that:

Is the address range of the VPC the same as the server IP-ranges?

And is the firewall setup of the VPC made to allow all local communication?

 

and remember to reboot after changes on the VPC and/or droplet configuration.

after i enabled both incomming and outgoing ICMP on the firewall just for the VPC the pings started to work!

 

thank you!