No NMAP is telling you what is wrong. (Filtered either equals, Firewall/Router ACL)
Well this means there is an access list ( Filtered) from the B side to the A side. (If the ports was open then it would show open) I would check the Router Configuration on traffic going from B side to A side. Z Edward E. Ziots CISSP, Network +, Security + Network Engineer Lifespan Organization Email:ezi...@lifespan.org Cell:401-639-3505 From: G.Waleed Kavalec [mailto:kava...@gmail.com] Sent: Monday, April 25, 2011 9:22 AM To: NT System Admin Issues Subject: Re: frustrating network issue on two servers OK, success in nmap - still same symptoms in SQL and Browse NMAP -sS -P0 -p 137,138,139,445,1433 192.168.2.132 Starting Nmap 5.51 ( http://nmap.org ) at 2011-04-25 08:16 Central Daylight Time Nmap scan report for 192.168.2.132 Host is up. PORT STATE SERVICE 137/tcp filtered netbios-ns 138/tcp filtered netbios-dgm 139/tcp filtered netbios-ssn 445/tcp filtered microsoft-ds 1433/tcp filtered ms-sql-s Nmap done: 1 IP address (1 host up) scanned in 3.50 seconds Wonderful! NMAP assures me that nothing is wrong. But the patient is still dead. On Sun, Apr 24, 2011 at 4:55 PM, Ziots, Edward <ezi...@lifespan.org> wrote: C:\windows\system32>nmap -sS -P0 -p 137,138,139,445,1433 172.18.2.41 Starting Nmap 5.51 ( http://nmap.org ) at 2011-04-24 17:54 Eastern Daylight Time Nmap scan report for riavayadsp1.lsmaster.lifespan.org (172.18.2.41) Host is up. PORT STATE SERVICE 137/tcp filtered netbios-ns 138/tcp filtered netbios-dgm 139/tcp filtered netbios-ssn 445/tcp filtered microsoft-ds 1433/tcp filtered ms-sql-s Nmap done: 1 IP address (1 host up) scanned in 9.81 seconds Did the same command against one of my systems, with Windows 7 and NMAP 5.5.1 and worked fine. Z Edward E. Ziots CISSP, Network +, Security + Network Engineer Lifespan Organization Email:ezi...@lifespan.org <mailto:email%3aezi...@lifespan.org> Cell:401-639-3505 From: G.Waleed Kavalec [mailto:kava...@gmail.com] Sent: Sunday, April 24, 2011 5:37 PM To: NT System Admin Issues Subject: Re: frustrating network issue on two servers The exact command I used was Nmap -sS -P0 -p 137,138,139,445,1433 192.168.2.132 This gave back the error I posted. On Sun, Apr 24, 2011 at 3:18 PM, Ziots, Edward <ezi...@lifespan.org> wrote: I also scanned systems with Nmap 5.51 and the commands I gave earlier worked fine. Without seeing the response from Nmap I can't tell you if a router acl, or firewall setting, is the culprit. Z Edward E. Ziots CISSP, Network +, Security + Network Engineer Lifespan Organization Email:ezi...@lifespan.org <mailto:email%3aezi...@lifespan.org> Cell:401-639-3505 From: G.Waleed Kavalec [mailto:kava...@gmail.com] Sent: Sunday, April 24, 2011 4:06 PM To: NT System Admin Issues Subject: Re: frustrating network issue on two servers Ipsec policy agent is running, no policies defined. On Sun, Apr 24, 2011 at 2:34 PM, Crawford, Scott <crawfo...@evangel.edu> wrote: ipsec service running? any policies defined? Sent from my Palm Pre on the Now Network from Sprint ________________________________ On Apr 24, 2011 2:02 PM, G.Waleed Kavalec <kava...@gmail.com> wrote: All firewalls off. Once again, browse and SQL work fine from the same subnet/site. And ping from both, both directions. On Sun, Apr 24, 2011 at 1:08 PM, Ben N <bennordlan...@gmail.com> wrote: Any firewalls ? Either windwows or something else in between. Make sure ports are open. Try telnet to port 445 to be sure. On Apr 24, 2011 10:59 AM, "G.Waleed Kavalec" <kava...@gmail.com> wrote: > Nope. R1 or R1.ourdomain.local same symptoms. > > Ping yes - from either subnet. > > Browse no, SQL no - but ONLY fails from subnet B. > > > On Sun, Apr 24, 2011 at 12:50 AM, Crawford, Scott <crawfo...@evangel.edu>wrote: > >> does it matter if you use the fqdn? >> >> >> >> Sent from my Palm Pre on the Now Network from Sprint >> >> ------------------------------ >> On Apr 23, 2011 11:16 PM, G.Waleed Kavalec <kava...@gmail.com> wrote: >> >> Thanks Tom, I'll give that a shot in the morning. >> >> >> On Sat, Apr 23, 2011 at 9:39 PM, Tom Miller <tmil...@hnncsb.org> wrote: >> >>> Check the IP properties of the servers in question. I had an issue >>> with week where one of my 2008 R2 servers couldn't ping, get to anything. I >>> went into the properties of IPv4, everthing looked good, then checked the >>> box to "verify" upon exit. Then all was well. Weird. May not apply, just >>> a suggestion. >>> >>> You can always uninstall/reinstall the file server role (can't remember >>> the exact name of the role off-hand). >>> >>> >>> "G.Waleed Kavalec" 04/23/11 8:43 PM >>> >>> Two sites, R and B. Same domain, different subnets. >>> >>> All R servers can see all B servers >>> All B servers can see all R servers - EXCEPT TWO >>> >>> R1 and R2 see all B servers, browse folders etc. >>> >>> B servers can PING R1 and R2 just fine; R1 and R2 can PING B >>> servers just fine. >>> >>> But B cannot browse R1 or R2 folders for nothing. >>> >>> Diagnose gives "file and print sharing resource R1 is online but isn't >>> responding to connection attempts" >>> >>> >>> Other R servers can browse R1 and R2 no problem. >>> Other R servers can connect to R1 and R2 sql instances just fine. >>> >>> B servers can can browse other R servers no problem. >>> B servers can can connect to other R servers sql instances just fine. >>> >>> >>> Firewalls OFF, route statements confirmed (see: ping) >>> >>> All machines 2008 R2 up-to-date on patches. >>> >>> I **think** I have verified all necessary services are up. >>> >>> >>> Arrrrggh ! >>> >>> -- >>> >>> __________________ >>> Gregory Waleed Kavalec >>> --------------------------------------------- >>> *G.O.P. stands for "George Orwell Prediction" >>> * >>> >>> >>> >>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >>> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >>> >>> --- >>> To manage subscriptions click here: >>> http://lyris.sunbelt-software.com/read/my_forums/ >>> or send an email to listmana...@lyris.sunbeltsoftware.com >>> with the body: unsubscribe ntsysadmin >>> >>> Confidentiality Notice: This e-mail message, including attachments, is for >>> the sole use of the intended recipient(s) and may contain confidential and >>> privileged information. Any unauthorized review, use, disclosure, or >>> distribution is prohibited. If you are not the intended recipient, please >>> contact the sender by reply e-mail and destroy all copies of the original >>> message. >>> >>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >>> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >>> >>> --- >>> To manage subscriptions click here: >>> http://lyris.sunbelt-software.com/read/my_forums/ >>> or send an email to listmana...@lyris.sunbeltsoftware.com >>> with the body: unsubscribe ntsysadmin >>> >> >> >> >> -- >> >> __________________ >> Gregory Waleed Kavalec >> --------------------------------------------- >> *G.O.P. stands for "George Orwell Prediction" >> * >> >> >> >> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >> >> --- >> To manage subscriptions click here: >> http://lyris.sunbelt-software.com/read/my_forums/ >> or send an email to listmana...@lyris.sunbeltsoftware.com >> with the body: unsubscribe ntsysadmin >> >> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >> >> --- >> To manage subscriptions click here: >> http://lyris.sunbelt-software.com/read/my_forums/ >> or send an email to listmana...@lyris.sunbeltsoftware.com >> with the body: unsubscribe ntsysadmin >> > > > > -- > > __________________ > Gregory Waleed Kavalec > --------------------------------------------- > *G.O.P. stands for "George Orwell Prediction" > * > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin -- __________________ Gregory Waleed Kavalec --------------------------------------------- G.O.P. stands for "George Orwell Prediction" ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin -- __________________ Gregory Waleed Kavalec --------------------------------------------- G.O.P. stands for "George Orwell Prediction" ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin -- __________________ Gregory Waleed Kavalec --------------------------------------------- G.O.P. stands for "George Orwell Prediction" ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin -- __________________ Gregory Waleed Kavalec --------------------------------------------- G.O.P. stands for "George Orwell Prediction" ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
