Kurt. Turned on logging both allowed and dropped in the 2008r2 server. I don't see any entries for dropped traffic from my workstation, but if I ping from server to workstation, then ping workstation to server, I see the allowed packed. What I do see for dropped packets is a lot of this which is all IPv4 traffic. Date time action protocol src-ip dst-ip src-port dst-port size tcpflags tcpsyn tcpack tcpwin icmptype icmpcode info path 2012-07-03 13:55:50 DROP ICMP 192.168.0.1 192.168.0.9 - - 56 - - - - 5 0 - RECEIVE 192.168.0.1 is our core router. 192.168.0.9 is the server.
Also, just for testing, I uninstalled Symantec AV. Only the AV part, no network threat protection. No change. The hunt continues. -----Original Message----- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Tuesday, July 03, 2012 1:24 PM To: NT System Admin Issues Subject: Re: Ping help On Tue, Jul 3, 2012 at 10:07 AM, Glen Johnson <gjohn...@vhcc.edu> wrote: > Need help please. > We have 3 x 2008r2 domain controllers. > We've been fighting with some unusually slow domain logins and other > flakiness for a while. > For example navigating between OUs in active directory users and computers is > painfully slow. > While testing basic connectivity, I found that a ipv6 ping to one of our > domain controllers fails, but here is the interesting part. > If I ping -6 from domain controller to my workstation, then for a couple > minutes, ping -6 from my workstation to the domain controller works. > After just about 2 minutes, it begins failing again when I ping workstation > to server. Destination host unreachable is the error. > Ping -6 from my workstation to all other servers and domain controllers work > fine. > I checked the windows firewall on the failing computer and it looks identical > to the other 2 domain controllers. > One point that may be relevant. The failing DC has 2 nics. I did try > disabling one of the nics and rebooting. No help. > Turned windows firewall off, no help. > Any suggestions appreciated. While I haven't run into this problem, I'd like to suggest an approach... Do you have access to a span/mirror port on the switch to which the 2008R2 server connects? Can you run a wireshark capture of the traffic between that server and the machine you're using to diagnose this issue? This will be your best bet for capturing the true network traffic. Also, is there anything in any of the logs on either machine? Kurt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
