Options
vCenter appliance cannot be reached on network
Deathmage
Banned Posts: 2,496
Hey guys,
let me bounce something off your guys head: My vCenter appliance recently can't be reached by anything on the network.
The vcenter server @ 192.225.225.9 can ping everything, the gateway, the DNS server, my desktop and everything on the network. it's using two Broadcom NetXtreme Gigabit PCI-e cards; they get a IP perfectly fine and everything.
However my dns server nor my desktop can ping the server however when I do a 'arp -a' in cmd the mac address of the server shows up.... its like ICMP is being blocked but it's not.....
anyone ever have this problem?
Ironically it can see the network since it joined the domain from the DC but nothing can ping the freaking thing...
below is from my PC:
let me bounce something off your guys head: My vCenter appliance recently can't be reached by anything on the network.
The vcenter server @ 192.225.225.9 can ping everything, the gateway, the DNS server, my desktop and everything on the network. it's using two Broadcom NetXtreme Gigabit PCI-e cards; they get a IP perfectly fine and everything.
However my dns server nor my desktop can ping the server however when I do a 'arp -a' in cmd the mac address of the server shows up.... its like ICMP is being blocked but it's not.....
anyone ever have this problem?
Ironically it can see the network since it joined the domain from the DC but nothing can ping the freaking thing...
below is from my PC:
Comments
-
Options
iBrokeIT
Member Posts: 1,318 ■■■■■■■■■□
Let's start with the simple things, do you have Windows Firewall on?2019: GPEN | GCFE | GXPN | GICSP | CySA+
2020: GCIP | GCIA
2021: GRID | GDSA | Pentest+
2022: GMON | GDAT
2023: GREM | GSE | GCFA
WGU BS IT-NA | SANS Grad Cert: PT&EH | SANS Grad Cert: ICS Security | SANS Grad Cert: Cyber Defense Ops | SANS Grad Cert: Incident Response -
OptionsDeathmage
Banned Posts: 2,496
REMOVED UNNECESSARY QUOTED REPLY FROM PREVIOUS POST
/Facepalm!
seriously KISS freaking eludes me.... -
OptionsDeathmage
Banned Posts: 2,496
You are running Server 2012 Non-R2 ?
That has pings blocked, they changed it back with R2...
Running 2008 R2 [technet] Edition -
Options
Asif Dasl
Member Posts: 2,116 ■■■■■■■■□□
I'm wrong, just checked it again... sorry about that. -
OptionsiBrokeIT
Member Posts: 1,318 ■■■■■■■■■□
Definitely worth the time to setup a GPO to disable things like Windows Firewall and UAC that might get in the way while labbing2019: GPEN | GCFE | GXPN | GICSP | CySA+
2020: GCIP | GCIA
2021: GRID | GDSA | Pentest+
2022: GMON | GDAT
2023: GREM | GSE | GCFA
WGU BS IT-NA | SANS Grad Cert: PT&EH | SANS Grad Cert: ICS Security | SANS Grad Cert: Cyber Defense Ops | SANS Grad Cert: Incident Response -
OptionsAsif Dasl
Member Posts: 2,116 ■■■■■■■■□□
I know what it is... when you have a standalone or member server ICMP is turned off by default. But if you promote a server to a domain controller then ICMP is enabled automatically. Seriously thought I was losing my marbles there - I've never had to change the firewall for a DC before, unless you've got an anti-virus installed with 3rd party firewall included.
-
OptionsDeathmage
Banned Posts: 2,496
I know what it is... when you have a standalone or member server ICMP is turned off by default. But if you promote a server to a domain controller then ICMP is enabled automatically. Seriously thought I was losing my marbles there - I've never had to change the firewall for a DC before, unless you've got an anti-virus installed with 3rd party firewall included.
I turned off the windows firewall and then just made a NS record on the DNS server and now I resolve via name instead of IP.
I didn't want to promote the server since it would have vCenter on it and I didn't know if a DC status would affect vCenter. -
OptionsAsif Dasl
Member Posts: 2,116 ■■■■■■■■□□
Yeah you don't want to promote the vCenter server to a DC, otherwise it won't install, I was just explaining the different behavior.
You don't have to turn off the firewall completely, just enable File & Printer Sharing on the domain profile.
