Unable to ping non domain systems!!!

[Smooth23]

Hi all,

I've just started investigating this issue and thought I’d drop a quick post to see if any one else has experienced this or can advise!

I have 1 AD domain spread across 3 sites, DC in each as GC’s, AD integrated DNS with secondary zone file on each branch office DC.

DNS configured as below:

ADC1 SITE1 (fsmo holder)
ADC2 SITE1
ADC3 SITE2
ADC4 SITE3

ADC1 IP 192.168.0.1
DNS1 192.168.0.2
DNS2 192.168.0.1

ADC2 IP 192.168.0.2
DNS1 192.168.0.1
DNS2 192.168.0.2

ADC3 IP 192.168.1.1
DNS1 192.168.1.1
DNS2 192.168.0.2

ADC4 IP 192.168.2.1
DNS1 192.168.2.1
DNS2 192.168.0.2

I can ping the IP and Name of any server or workstation that is joined to the domain in each site however I cannot ping non domain systems. DDNS has been changed to NON-Secure and secure but still the same.

Any ideas?

(I’m firewall now)

 

[kmkeshav]

Are you using DHCP services to provide IP addressing information to the computers?

 

[Smooth23]

I'm not, it's all static.

Will be rolling out soon though ;o>

 

[skialta]

You will have to add a DNS record for each of you systems that is not a domain member.

 

[seeseegee]

can you ping clients/servers from the non-domain client you statically set an address for?

if you can, then do you have any firewall services running on the non-domain client that would block icmp?

if you can't, confirm all your settings, ip/subnet/gateway information

if you're dealing with windows xp sp2, sounds as if there is a domain rule regulating the windows firewall, which do not apply to non-domain machines.

 

[kmkeshav]

You need to do the following:

1. Configure a DHCP server with appropriate scope(s).
2. Configure your DNS server to allow both secure and non-secure dynamic updates (generally not recommended!!!).
3. Add appropriate "Primary DNS suffix" to all the computers that does not belong to the domain.
4. Configure your computers to obtain IP addressing information automatically.

Hope this will be useful.

-Keshav

 

[Smooth23]

Sorry for the long delay responding to this post, been very busy these past few days.

I don’t currently have DHCP rolled out, all workstations and servers have static IP’s.

I have tried adding an A host record and a PTR record but still this didn’t help.

I did notice that I only had 1 reverse lookup zone, so I have created an additional 2 for the two other branch office subnets and now they are populated the PTR records from the local systems. I thought this would have helped but no. I actually noticed this problem when I ran nslookup.

I can ping servers and workstations that are not members of the domain but only from the local subnet. All firewalls are disabled via group policy and i can confirm that all IP settings and options are correct.

KmKeshav – thanks but I’m in no position to start rolling out DHCP just yet (as much as I’d love to), and the IP address I need to ping from the a branch sites is actually the VOIP gateway device, there are some Domain DNS stuff which I’ve played with on there but I’m still unable to ping the IP address from either of the Branch sites.

I’m convinced it’s the firewall!!!

Thanks for all the feedback so far, much appreciated.

 

[djtech2k]

Are all of your non-domian systems dynamically registering in your DNS? I would make sure that the register DNS box is checked on those machiens as well as testing by going to a non-domain machine and running "ipconfig /registerdns". I would then try to ping the name/IP from a domain machine.

 

[pgaliardo]

I can' tell if you have tried to ping by IP address yet. If you have tried pinging by IP Address and still can't ping the machine, then you probably are not dealing with a DNS issue. Is it possible that this VOIP gateway device is not allowing pings or has some other built in firewall settings?

 

[djtech2k]

Very true, make sure ICMP traffic allowed from devices refusing a ping as well.

 

[ncotton]

If you have the Windows Firewall switched on, and you haven;t set a filter to allow ICMP packets, then pings will fail.

Hope this Helps.

Neil J Cotton
njc Information Systems
Systems Consultant

 

[Smooth23]

hey all,

well after all, the VOIP gateway box was rejecting ECHO-Requests, so i changed this and all is now working.

Thank you all for your well informed responses.