As with many network-related systems, sometime we are faced with specific network issues causing us to lose connectivity to certain systems. These issues could be caused by an assortment of reasons, beginning with basic TCP/IP configuration errors, network device malfunctions, cabling problems, firewall configurations and other problems. Most of these issues might be easily overruled by performing a simple PING test to the problematic device, and or to specific network devices, such as your router (or better put – Default Gateway).
On the other hand, not receiving a PING REPLY does NOT necessarily mean that there IS a cabling or IP Addressing problem, simply because PING could be blocked either on the receiving end, on the sending side, or on various network devices between those two points. This is mostly done due to security related issues involving PING (or better say – ICMP, the protocol behind PING).
In any case, my point is that having a working PING path is in most cases better for troubleshooting network issues, than NOT having it work.
Now, to the real reason for this article:
In my previous articles (see list below) I have written about how, in Windows Server 2008, Server Core installation does not include the traditional full graphical user interface (GUI). Therefore, once you have configured the server, you can only manage it locally at a command prompt, or remotely using a Terminal Server connection. Read more about Server Core on my "Understanding Windows Server 2008 Server Core" article.
Knowing this, you should also know that in Server Core, the default setting is that the windows Firewall is configured to block certain types of traffic, one of them being ICMP.
One of the major pains of managing such a GUI-stripped installation is the configuration of the any Windows settings, mostly because we, Windows-based and Windows-accustomed administrators, have very little in common with non-GUI-based operating systems.
Therefore, it is quite understandable that one might find it hard to enable or disable ICMP on a Server Core machine, if one does not know the exact command and location of this option. Enters my article.
Like in previous articles in this series, I assume that you have already configured your server core with the bare minimum requirements to operate in a network. These requirements are:
- Configuring an IP address
- Configuring a server name
- Configuring an administrator's password
- Configured the server's firewall
You should, but are not required to, also join the server to your domain.
All of the above can be accomplished by following the "Configuring Windows Server 2008 Server Core Basic Networking Settings" and "Remotely Managing Windows 2008 Server Core Firewall" articles. You might also want to read "Remotely Managing Windows 2008 Server Core Settings through MMC Snap-ins".
Next, in order to properly configure Server Core to allow ICMP replies, follow these steps:
Method #1: Enable ICMP Replies via the local Command Prompt
On your Server Core machine, at a command prompt, type the following:
netsh firewall set icmpsetting 8
This will allow you to ping the Server Core server from a remote machine, and receive a reply.
You can always run the following command in order to disable this option:
netsh firewall set icmpsetting 8 disable
Method #2: Enable ICMP Replies via Windows Firewall Management Snap-in from a remote computer
You will first have to enable the Server Core server to allow remote Windows firewall Management connections. To do so, please follow the steps outlined in my "Remotely Managing Windows 2008 Server Core Firewall" article.
After performing the steps in that article, you will be able to enable or disable any Firewall rule from the remote snap-in.
In order to enable ICMP Echo Replies from the Server Core server, allowing the administrators to test for connectivity issues with the server, go to Inbound Rules. In the results pane scroll down till you find File and Printer Sharing (Echo Request – ICMPv4-In), right-click it and choose Enable.
Pings to the Server Core server should now work.
Method #3: Enable ICMP Replies by using the Windows Remote Shell
- To enable Windows Remote Shell on a server running a Server Core installation, type the following command at a command prompt:
WinRM quickconfig
- Click Y to accept the default settings.Note: The WinRM quickconfig setting enables a server running a Server Core installation to accept Windows Remote Shell connections.
- On the remote computer, at a command prompt, use WinRS.exe to run commands on a server running a Server Core installation. For example, to perform a directory listing of the Windows folder, type:
winrs -r: cmd
Where ServerName is the name of the server running a Server Core installation. - You can now type the same command as listed in step #1:
netsh firewall set icmpsetting 8
Pings to the Server Core server should now work.
Summary
PING is a useful tool for troubleshooting network connectivity issues. Since Windows 2008 Server Core has it disabled by default on its Windows Firewall rules, we need to find a method or enabling it, and this can be done in several ways described in this article.
REFERENCES