RE: Microsoft Product Activation server reachability
TCP 80 is working fine now; wasn't last night, though. In the past, my recollection is that ICMP ping to actual Microsoft IP space (not simply Akamai) would have simply been blackholed/dropped with no response, so seeing "packet filtered" come back + no response on any TCP ports made it seem like it could be an issue upstream of the actual server itself. But I can now activate/reactivate products today, so all[1] is right with the world. -- Nathan [1] It's Friday and we are only a few days into 2013, so I'm trying to remain upbeat. -Original Message- From: Yang Yu [mailto:yang.yu.l...@gmail.com] Sent: Friday, January 11, 2013 9:13 AM To: nanog@nanog.org Subject: Re: Microsoft Product Activation server reachability communication prohibited by filter is just an ICMP response code, sadly Windows does not under it.. Type 3 (Destination unreachable) Code 13 (Communication Administratively Prohibited - generated if a router cannot forward a packet due to administrative filtering;) ICMP echo request for this ip seems to be filtered by Microsoft. TCP connection to port 80 is working fine. tcping wpa.one.microsoft.com Probing 94.245.126.107:80/tcp - Port is open - time=98.491ms Yang On Fri, Jan 11, 2013 at 2:01 AM, Nathan Anderson wrote: > > So the ICMP message "communication prohibited by filter" must be a normal > response to ICMP ping through that gateway. > > Unfortunately, it's not completely fixed yet, but I'm guessing by this > measure of progress that they must be working on it. I now get HTTP 403 in > response to any request I send to it. Tried to reactive this copy of Windows > Server once more anyway, and now get "Online activation cannot be completed > at this time." (Message number: 24579) Before, it simply claimed I must not > have working internet connectivity. > > -- Nathan > > -Original Message- > From: Scott Howard [mailto:sc...@doc.net.au] > Sent: Thursday, January 10, 2013 10:55 PM > To: Ben Carleton > Cc: Nathan Anderson; nanog@nanog.org > Subject: Re: Microsoft Product Activation server reachability > > Working now, tested from 3 hosts on different networks on both 80 and 443 : > > $ telnet wpa.one.microsoft.com 443 > Trying 94.245.126.107... > Connected to wpa.one.microsoft.com. > Escape character is '^]'. > > > Scott > > > > On Fri, Jan 11, 2013 at 12:02 AM, Ben Carleton wrote: > > > - Original Message - > > From: "Nathan Anderson" > > To: "nanog@nanog.org" > > Sent: Thursday, January 10, 2013 11:24:16 PM > > Subject: Microsoft Product Activation server reachability > > > > Anybody else having a problem reaching (what appears to be) the sole > > Microsoft Product Activation server (wpa.one.microsoft.com)? > > > > $ ping wpa.one.microsoft.com > > PING wpa.one.microsoft.com (94.245.126.107): 56 data bytes > > 36 bytes from 213.199.189.41: Communication prohibited by filter > > > > I get this sourcing from our network, from AT&T 3G, and from ye > residential > > DSL connection located in the greater Seattle area. They aren't > simply > > source-filtering. Either that or they are source-filtering for > 0.0.0.0/0. > > > > This is apparently the only server/IP they have set up to respond > to these > > requests. wpa.one.microsoft.com resolves to that IP via every DNS > server > > I've tried (so no round-robin A records), Microsoft products that > need to > > activate over the internet only try to resolve that FQDN, and I've > looked > > for others without success (wpa.two.microsoft.com isn't valid, for > example). > > > > -- > > Nathan Anderson > > First Step Internet, LLC > > nath...@fsr.com > > > > > > > I am seeing the same from NYC metro. According to MS > (http://technet.microsoft.com/en-us/library/bb457159.aspx#ECAA), access to > that host on 80 and 443 is all that should be required to activate. (and > wpa.one.microsoft.com has no , go figure) > > [ben@razor ~]$ ping wpa.one.microsoft.com > > PING wpa.one.microsoft.com (94.245.126.107) 56(84) bytes of data. > > From 213.199.189.41 icmp_seq=2 Packet filtered > ^C > --- wpa.one.microsoft.com ping statistics --- > 6 packets transmitted, 0 received, +1 errors, 100% packet loss, time > 5260ms > > [ben@razor ~]$ telnet wpa.one.microsoft.com 80 > Trying 94.245.126.107... > ^C > [ben@razor ~]$ telnet wpa.one.microsoft.com 443 > Trying 94.245.126.107... > ^C > > -- Ben > > > > >
Re: Microsoft Product Activation server reachability
communication prohibited by filter is just an ICMP response code, sadly Windows does not under it.. Type 3 (Destination unreachable) Code 13 (Communication Administratively Prohibited - generated if a router cannot forward a packet due to administrative filtering;) ICMP echo request for this ip seems to be filtered by Microsoft. TCP connection to port 80 is working fine. tcping wpa.one.microsoft.com Probing 94.245.126.107:80/tcp - Port is open - time=98.491ms Yang On Fri, Jan 11, 2013 at 2:01 AM, Nathan Anderson wrote: > > So the ICMP message "communication prohibited by filter" must be a normal > response to ICMP ping through that gateway. > > Unfortunately, it's not completely fixed yet, but I'm guessing by this > measure of progress that they must be working on it. I now get HTTP 403 in > response to any request I send to it. Tried to reactive this copy of Windows > Server once more anyway, and now get "Online activation cannot be completed > at this time." (Message number: 24579) Before, it simply claimed I must not > have working internet connectivity. > > -- Nathan > > -Original Message- > From: Scott Howard [mailto:sc...@doc.net.au] > Sent: Thursday, January 10, 2013 10:55 PM > To: Ben Carleton > Cc: Nathan Anderson; nanog@nanog.org > Subject: Re: Microsoft Product Activation server reachability > > Working now, tested from 3 hosts on different networks on both 80 and 443 : > > $ telnet wpa.one.microsoft.com 443 > Trying 94.245.126.107... > Connected to wpa.one.microsoft.com. > Escape character is '^]'. > > > Scott > > > > On Fri, Jan 11, 2013 at 12:02 AM, Ben Carleton wrote: > > > - Original Message - > > From: "Nathan Anderson" > > To: "nanog@nanog.org" > > Sent: Thursday, January 10, 2013 11:24:16 PM > > Subject: Microsoft Product Activation server reachability > > > > Anybody else having a problem reaching (what appears to be) the sole > > Microsoft Product Activation server (wpa.one.microsoft.com)? > > > > $ ping wpa.one.microsoft.com > > PING wpa.one.microsoft.com (94.245.126.107): 56 data bytes > > 36 bytes from 213.199.189.41: Communication prohibited by filter > > > > I get this sourcing from our network, from AT&T 3G, and from ye > residential > > DSL connection located in the greater Seattle area. They aren't > simply > > source-filtering. Either that or they are source-filtering for > 0.0.0.0/0. > > > > This is apparently the only server/IP they have set up to respond > to these > > requests. wpa.one.microsoft.com resolves to that IP via every DNS > server > > I've tried (so no round-robin A records), Microsoft products that > need to > > activate over the internet only try to resolve that FQDN, and I've > looked > > for others without success (wpa.two.microsoft.com isn't valid, for > example). > > > > -- > > Nathan Anderson > > First Step Internet, LLC > > nath...@fsr.com > > > > > > > I am seeing the same from NYC metro. According to MS > (http://technet.microsoft.com/en-us/library/bb457159.aspx#ECAA), access to > that host on 80 and 443 is all that should be required to activate. (and > wpa.one.microsoft.com has no , go figure) > > [ben@razor ~]$ ping wpa.one.microsoft.com > > PING wpa.one.microsoft.com (94.245.126.107) 56(84) bytes of data. > > From 213.199.189.41 icmp_seq=2 Packet filtered > ^C > --- wpa.one.microsoft.com ping statistics --- > 6 packets transmitted, 0 received, +1 errors, 100% packet loss, time > 5260ms > > [ben@razor ~]$ telnet wpa.one.microsoft.com 80 > Trying 94.245.126.107... > ^C > [ben@razor ~]$ telnet wpa.one.microsoft.com 443 > Trying 94.245.126.107... > ^C > > -- Ben > > > > >
RE: Microsoft Product Activation server reachability
So the ICMP message "communication prohibited by filter" must be a normal response to ICMP ping through that gateway. Unfortunately, it's not completely fixed yet, but I'm guessing by this measure of progress that they must be working on it. I now get HTTP 403 in response to any request I send to it. Tried to reactive this copy of Windows Server once more anyway, and now get "Online activation cannot be completed at this time." (Message number: 24579) Before, it simply claimed I must not have working internet connectivity. -- Nathan -Original Message- From: Scott Howard [mailto:sc...@doc.net.au] Sent: Thursday, January 10, 2013 10:55 PM To: Ben Carleton Cc: Nathan Anderson; nanog@nanog.org Subject: Re: Microsoft Product Activation server reachability Working now, tested from 3 hosts on different networks on both 80 and 443 : $ telnet wpa.one.microsoft.com 443 Trying 94.245.126.107... Connected to wpa.one.microsoft.com. Escape character is '^]'. Scott On Fri, Jan 11, 2013 at 12:02 AM, Ben Carleton wrote: - Original Message - > From: "Nathan Anderson" > To: "nanog@nanog.org" > Sent: Thursday, January 10, 2013 11:24:16 PM > Subject: Microsoft Product Activation server reachability > > Anybody else having a problem reaching (what appears to be) the sole > Microsoft Product Activation server (wpa.one.microsoft.com)? > > $ ping wpa.one.microsoft.com > PING wpa.one.microsoft.com (94.245.126.107): 56 data bytes > 36 bytes from 213.199.189.41: Communication prohibited by filter > > I get this sourcing from our network, from AT&T 3G, and from ye residential > DSL connection located in the greater Seattle area. They aren't simply > source-filtering. Either that or they are source-filtering for 0.0.0.0/0. > > This is apparently the only server/IP they have set up to respond to these > requests. wpa.one.microsoft.com resolves to that IP via every DNS server > I've tried (so no round-robin A records), Microsoft products that need to > activate over the internet only try to resolve that FQDN, and I've looked > for others without success (wpa.two.microsoft.com isn't valid, for example). > > -- > Nathan Anderson > First Step Internet, LLC > nath...@fsr.com > > I am seeing the same from NYC metro. According to MS (http://technet.microsoft.com/en-us/library/bb457159.aspx#ECAA), access to that host on 80 and 443 is all that should be required to activate. (and wpa.one.microsoft.com has no , go figure) [ben@razor ~]$ ping wpa.one.microsoft.com PING wpa.one.microsoft.com (94.245.126.107) 56(84) bytes of data. From 213.199.189.41 icmp_seq=2 Packet filtered ^C --- wpa.one.microsoft.com ping statistics --- 6 packets transmitted, 0 received, +1 errors, 100% packet loss, time 5260ms [ben@razor ~]$ telnet wpa.one.microsoft.com 80 Trying 94.245.126.107... ^C [ben@razor ~]$ telnet wpa.one.microsoft.com 443 Trying 94.245.126.107... ^C -- Ben
Re: Microsoft Product Activation server reachability
Working now, tested from 3 hosts on different networks on both 80 and 443 : $ telnet wpa.one.microsoft.com 443 Trying 94.245.126.107... Connected to wpa.one.microsoft.com. Escape character is '^]'. Scott On Fri, Jan 11, 2013 at 12:02 AM, Ben Carleton wrote: > - Original Message - > > From: "Nathan Anderson" > > To: "nanog@nanog.org" > > Sent: Thursday, January 10, 2013 11:24:16 PM > > Subject: Microsoft Product Activation server reachability > > > > Anybody else having a problem reaching (what appears to be) the sole > > Microsoft Product Activation server (wpa.one.microsoft.com)? > > > > $ ping wpa.one.microsoft.com > > PING wpa.one.microsoft.com (94.245.126.107): 56 data bytes > > 36 bytes from 213.199.189.41: Communication prohibited by filter > > > > I get this sourcing from our network, from AT&T 3G, and from ye > residential > > DSL connection located in the greater Seattle area. They aren't simply > > source-filtering. Either that or they are source-filtering for 0.0.0.0/0 > . > > > > This is apparently the only server/IP they have set up to respond to > these > > requests. wpa.one.microsoft.com resolves to that IP via every DNS server > > I've tried (so no round-robin A records), Microsoft products that need to > > activate over the internet only try to resolve that FQDN, and I've looked > > for others without success (wpa.two.microsoft.com isn't valid, for > example). > > > > -- > > Nathan Anderson > > First Step Internet, LLC > > nath...@fsr.com > > > > > > I am seeing the same from NYC metro. According to MS ( > http://technet.microsoft.com/en-us/library/bb457159.aspx#ECAA), access to > that host on 80 and 443 is all that should be required to activate. (and > wpa.one.microsoft.com has no , go figure) > > [ben@razor ~]$ ping wpa.one.microsoft.com > PING wpa.one.microsoft.com (94.245.126.107) 56(84) bytes of data. > From 213.199.189.41 icmp_seq=2 Packet filtered > ^C > --- wpa.one.microsoft.com ping statistics --- > 6 packets transmitted, 0 received, +1 errors, 100% packet loss, time 5260ms > > [ben@razor ~]$ telnet wpa.one.microsoft.com 80 > Trying 94.245.126.107... > ^C > [ben@razor ~]$ telnet wpa.one.microsoft.com 443 > Trying 94.245.126.107... > ^C > > -- Ben > >
Re: Microsoft Product Activation server reachability
- Original Message - > From: "Nathan Anderson" > To: "nanog@nanog.org" > Sent: Thursday, January 10, 2013 11:24:16 PM > Subject: Microsoft Product Activation server reachability > > Anybody else having a problem reaching (what appears to be) the sole > Microsoft Product Activation server (wpa.one.microsoft.com)? > > $ ping wpa.one.microsoft.com > PING wpa.one.microsoft.com (94.245.126.107): 56 data bytes > 36 bytes from 213.199.189.41: Communication prohibited by filter > > I get this sourcing from our network, from AT&T 3G, and from ye residential > DSL connection located in the greater Seattle area. They aren't simply > source-filtering. Either that or they are source-filtering for 0.0.0.0/0. > > This is apparently the only server/IP they have set up to respond to these > requests. wpa.one.microsoft.com resolves to that IP via every DNS server > I've tried (so no round-robin A records), Microsoft products that need to > activate over the internet only try to resolve that FQDN, and I've looked > for others without success (wpa.two.microsoft.com isn't valid, for example). > > -- > Nathan Anderson > First Step Internet, LLC > nath...@fsr.com > > I am seeing the same from NYC metro. According to MS (http://technet.microsoft.com/en-us/library/bb457159.aspx#ECAA), access to that host on 80 and 443 is all that should be required to activate. (and wpa.one.microsoft.com has no , go figure) [ben@razor ~]$ ping wpa.one.microsoft.com PING wpa.one.microsoft.com (94.245.126.107) 56(84) bytes of data. >From 213.199.189.41 icmp_seq=2 Packet filtered ^C --- wpa.one.microsoft.com ping statistics --- 6 packets transmitted, 0 received, +1 errors, 100% packet loss, time 5260ms [ben@razor ~]$ telnet wpa.one.microsoft.com 80 Trying 94.245.126.107... ^C [ben@razor ~]$ telnet wpa.one.microsoft.com 443 Trying 94.245.126.107... ^C -- Ben
Re: Microsoft Product Activation server reachability
I have just tested from Singapore [root@trinity ~]# ping wpa.one.microsoft.com PING wpa.one.microsoft.com (94.245.126.107) 56(84) bytes of data. From 213.199.189.37 icmp_seq=1 Packet filtered From 213.199.189.37 icmp_seq=6 Packet filtered [root@trinity ~]# telnet wpa.one.microsoft.com 443 Trying 94.245.126.107... [root@trinity ~]# telnet wpa.one.microsoft.com 80 Trying 94.245.126.107... On 1/11/2013 12:24 PM, Nathan Anderson wrote: Anybody else having a problem reaching (what appears to be) the sole Microsoft Product Activation server (wpa.one.microsoft.com)? $ ping wpa.one.microsoft.com PING wpa.one.microsoft.com (94.245.126.107): 56 data bytes 36 bytes from 213.199.189.41: Communication prohibited by filter I get this sourcing from our network, from AT&T 3G, and from ye residential DSL connection located in the greater Seattle area. They aren't simply source-filtering. Either that or they are source-filtering for 0.0.0.0/0. This is apparently the only server/IP they have set up to respond to these requests. wpa.one.microsoft.com resolves to that IP via every DNS server I've tried (so no round-robin A records), Microsoft products that need to activate over the internet only try to resolve that FQDN, and I've looked for others without success (wpa.two.microsoft.com isn't valid, for example).
Microsoft Product Activation server reachability
Anybody else having a problem reaching (what appears to be) the sole Microsoft Product Activation server (wpa.one.microsoft.com)? $ ping wpa.one.microsoft.com PING wpa.one.microsoft.com (94.245.126.107): 56 data bytes 36 bytes from 213.199.189.41: Communication prohibited by filter I get this sourcing from our network, from AT&T 3G, and from ye residential DSL connection located in the greater Seattle area. They aren't simply source-filtering. Either that or they are source-filtering for 0.0.0.0/0. This is apparently the only server/IP they have set up to respond to these requests. wpa.one.microsoft.com resolves to that IP via every DNS server I've tried (so no round-robin A records), Microsoft products that need to activate over the internet only try to resolve that FQDN, and I've looked for others without success (wpa.two.microsoft.com isn't valid, for example). -- Nathan Anderson First Step Internet, LLC nath...@fsr.com
