Re: Microsoft Product Activation server reachability
communication prohibited by filter is just an ICMP response code, sadly Windows does not under it.. Type 3 (Destination unreachable) Code 13 (Communication Administratively Prohibited - generated if a router cannot forward a packet due to administrative filtering;) ICMP echo request for this ip seems to be filtered by Microsoft. TCP connection to port 80 is working fine. tcping wpa.one.microsoft.com Probing 94.245.126.107:80/tcp - Port is open - time=98.491ms Yang On Fri, Jan 11, 2013 at 2:01 AM, Nathan Anderson nath...@fsr.com wrote: So the ICMP message communication prohibited by filter must be a normal response to ICMP ping through that gateway. Unfortunately, it's not completely fixed yet, but I'm guessing by this measure of progress that they must be working on it. I now get HTTP 403 in response to any request I send to it. Tried to reactive this copy of Windows Server once more anyway, and now get Online activation cannot be completed at this time. (Message number: 24579) Before, it simply claimed I must not have working internet connectivity. -- Nathan -Original Message- From: Scott Howard [mailto:sc...@doc.net.au] Sent: Thursday, January 10, 2013 10:55 PM To: Ben Carleton Cc: Nathan Anderson; nanog@nanog.org Subject: Re: Microsoft Product Activation server reachability Working now, tested from 3 hosts on different networks on both 80 and 443 : $ telnet wpa.one.microsoft.com 443 Trying 94.245.126.107... Connected to wpa.one.microsoft.com. Escape character is '^]'. Scott On Fri, Jan 11, 2013 at 12:02 AM, Ben Carleton carle...@vanoc.net wrote: - Original Message - From: Nathan Anderson nath...@fsr.com To: nanog@nanog.org nanog@nanog.org Sent: Thursday, January 10, 2013 11:24:16 PM Subject: Microsoft Product Activation server reachability Anybody else having a problem reaching (what appears to be) the sole Microsoft Product Activation server (wpa.one.microsoft.com)? $ ping wpa.one.microsoft.com PING wpa.one.microsoft.com (94.245.126.107): 56 data bytes 36 bytes from 213.199.189.41: Communication prohibited by filter I get this sourcing from our network, from ATT 3G, and from ye residential DSL connection located in the greater Seattle area. They aren't simply source-filtering. Either that or they are source-filtering for 0.0.0.0/0. This is apparently the only server/IP they have set up to respond to these requests. wpa.one.microsoft.com resolves to that IP via every DNS server I've tried (so no round-robin A records), Microsoft products that need to activate over the internet only try to resolve that FQDN, and I've looked for others without success (wpa.two.microsoft.com isn't valid, for example). -- Nathan Anderson First Step Internet, LLC nath...@fsr.com I am seeing the same from NYC metro. According to MS (http://technet.microsoft.com/en-us/library/bb457159.aspx#ECAA), access to that host on 80 and 443 is all that should be required to activate. (and wpa.one.microsoft.com has no , go figure) [ben@razor ~]$ ping wpa.one.microsoft.com PING wpa.one.microsoft.com (94.245.126.107) 56(84) bytes of data. From 213.199.189.41 icmp_seq=2 Packet filtered ^C --- wpa.one.microsoft.com ping statistics --- 6 packets transmitted, 0 received, +1 errors, 100% packet loss, time 5260ms [ben@razor ~]$ telnet wpa.one.microsoft.com 80 Trying 94.245.126.107... ^C [ben@razor ~]$ telnet wpa.one.microsoft.com 443 Trying 94.245.126.107... ^C -- Ben
RE: Microsoft Product Activation server reachability
TCP 80 is working fine now; wasn't last night, though. In the past, my recollection is that ICMP ping to actual Microsoft IP space (not simply Akamai) would have simply been blackholed/dropped with no response, so seeing packet filtered come back + no response on any TCP ports made it seem like it could be an issue upstream of the actual server itself. But I can now activate/reactivate products today, so all[1] is right with the world. -- Nathan [1] It's Friday and we are only a few days into 2013, so I'm trying to remain upbeat. -Original Message- From: Yang Yu [mailto:yang.yu.l...@gmail.com] Sent: Friday, January 11, 2013 9:13 AM To: nanog@nanog.org Subject: Re: Microsoft Product Activation server reachability communication prohibited by filter is just an ICMP response code, sadly Windows does not under it.. Type 3 (Destination unreachable) Code 13 (Communication Administratively Prohibited - generated if a router cannot forward a packet due to administrative filtering;) ICMP echo request for this ip seems to be filtered by Microsoft. TCP connection to port 80 is working fine. tcping wpa.one.microsoft.com Probing 94.245.126.107:80/tcp - Port is open - time=98.491ms Yang On Fri, Jan 11, 2013 at 2:01 AM, Nathan Anderson nath...@fsr.com wrote: So the ICMP message communication prohibited by filter must be a normal response to ICMP ping through that gateway. Unfortunately, it's not completely fixed yet, but I'm guessing by this measure of progress that they must be working on it. I now get HTTP 403 in response to any request I send to it. Tried to reactive this copy of Windows Server once more anyway, and now get Online activation cannot be completed at this time. (Message number: 24579) Before, it simply claimed I must not have working internet connectivity. -- Nathan -Original Message- From: Scott Howard [mailto:sc...@doc.net.au] Sent: Thursday, January 10, 2013 10:55 PM To: Ben Carleton Cc: Nathan Anderson; nanog@nanog.org Subject: Re: Microsoft Product Activation server reachability Working now, tested from 3 hosts on different networks on both 80 and 443 : $ telnet wpa.one.microsoft.com 443 Trying 94.245.126.107... Connected to wpa.one.microsoft.com. Escape character is '^]'. Scott On Fri, Jan 11, 2013 at 12:02 AM, Ben Carleton carle...@vanoc.net wrote: - Original Message - From: Nathan Anderson nath...@fsr.com To: nanog@nanog.org nanog@nanog.org Sent: Thursday, January 10, 2013 11:24:16 PM Subject: Microsoft Product Activation server reachability Anybody else having a problem reaching (what appears to be) the sole Microsoft Product Activation server (wpa.one.microsoft.com)? $ ping wpa.one.microsoft.com PING wpa.one.microsoft.com (94.245.126.107): 56 data bytes 36 bytes from 213.199.189.41: Communication prohibited by filter I get this sourcing from our network, from ATT 3G, and from ye residential DSL connection located in the greater Seattle area. They aren't simply source-filtering. Either that or they are source-filtering for 0.0.0.0/0. This is apparently the only server/IP they have set up to respond to these requests. wpa.one.microsoft.com resolves to that IP via every DNS server I've tried (so no round-robin A records), Microsoft products that need to activate over the internet only try to resolve that FQDN, and I've looked for others without success (wpa.two.microsoft.com isn't valid, for example). -- Nathan Anderson First Step Internet, LLC nath...@fsr.com I am seeing the same from NYC metro. According to MS (http://technet.microsoft.com/en-us/library/bb457159.aspx#ECAA), access to that host on 80 and 443 is all that should be required to activate. (and wpa.one.microsoft.com has no , go figure) [ben@razor ~]$ ping wpa.one.microsoft.com PING wpa.one.microsoft.com (94.245.126.107) 56(84) bytes of data. From 213.199.189.41 icmp_seq=2 Packet filtered ^C --- wpa.one.microsoft.com ping statistics --- 6 packets transmitted, 0 received, +1 errors, 100% packet loss, time 5260ms [ben@razor ~]$ telnet wpa.one.microsoft.com 80 Trying 94.245.126.107... ^C [ben@razor ~]$ telnet wpa.one.microsoft.com 443 Trying 94.245.126.107... ^C -- Ben
Re: Microsoft Product Activation server reachability
I have just tested from Singapore [root@trinity ~]# ping wpa.one.microsoft.com PING wpa.one.microsoft.com (94.245.126.107) 56(84) bytes of data. From 213.199.189.37 icmp_seq=1 Packet filtered From 213.199.189.37 icmp_seq=6 Packet filtered [root@trinity ~]# telnet wpa.one.microsoft.com 443 Trying 94.245.126.107... [root@trinity ~]# telnet wpa.one.microsoft.com 80 Trying 94.245.126.107... On 1/11/2013 12:24 PM, Nathan Anderson wrote: Anybody else having a problem reaching (what appears to be) the sole Microsoft Product Activation server (wpa.one.microsoft.com)? $ ping wpa.one.microsoft.com PING wpa.one.microsoft.com (94.245.126.107): 56 data bytes 36 bytes from 213.199.189.41: Communication prohibited by filter I get this sourcing from our network, from ATT 3G, and from ye residential DSL connection located in the greater Seattle area. They aren't simply source-filtering. Either that or they are source-filtering for 0.0.0.0/0. This is apparently the only server/IP they have set up to respond to these requests. wpa.one.microsoft.com resolves to that IP via every DNS server I've tried (so no round-robin A records), Microsoft products that need to activate over the internet only try to resolve that FQDN, and I've looked for others without success (wpa.two.microsoft.com isn't valid, for example).
Re: Microsoft Product Activation server reachability
- Original Message - From: Nathan Anderson nath...@fsr.com To: nanog@nanog.org nanog@nanog.org Sent: Thursday, January 10, 2013 11:24:16 PM Subject: Microsoft Product Activation server reachability Anybody else having a problem reaching (what appears to be) the sole Microsoft Product Activation server (wpa.one.microsoft.com)? $ ping wpa.one.microsoft.com PING wpa.one.microsoft.com (94.245.126.107): 56 data bytes 36 bytes from 213.199.189.41: Communication prohibited by filter I get this sourcing from our network, from ATT 3G, and from ye residential DSL connection located in the greater Seattle area. They aren't simply source-filtering. Either that or they are source-filtering for 0.0.0.0/0. This is apparently the only server/IP they have set up to respond to these requests. wpa.one.microsoft.com resolves to that IP via every DNS server I've tried (so no round-robin A records), Microsoft products that need to activate over the internet only try to resolve that FQDN, and I've looked for others without success (wpa.two.microsoft.com isn't valid, for example). -- Nathan Anderson First Step Internet, LLC nath...@fsr.com I am seeing the same from NYC metro. According to MS (http://technet.microsoft.com/en-us/library/bb457159.aspx#ECAA), access to that host on 80 and 443 is all that should be required to activate. (and wpa.one.microsoft.com has no , go figure) [ben@razor ~]$ ping wpa.one.microsoft.com PING wpa.one.microsoft.com (94.245.126.107) 56(84) bytes of data. From 213.199.189.41 icmp_seq=2 Packet filtered ^C --- wpa.one.microsoft.com ping statistics --- 6 packets transmitted, 0 received, +1 errors, 100% packet loss, time 5260ms [ben@razor ~]$ telnet wpa.one.microsoft.com 80 Trying 94.245.126.107... ^C [ben@razor ~]$ telnet wpa.one.microsoft.com 443 Trying 94.245.126.107... ^C -- Ben
Re: Microsoft Product Activation server reachability
Working now, tested from 3 hosts on different networks on both 80 and 443 : $ telnet wpa.one.microsoft.com 443 Trying 94.245.126.107... Connected to wpa.one.microsoft.com. Escape character is '^]'. Scott On Fri, Jan 11, 2013 at 12:02 AM, Ben Carleton carle...@vanoc.net wrote: - Original Message - From: Nathan Anderson nath...@fsr.com To: nanog@nanog.org nanog@nanog.org Sent: Thursday, January 10, 2013 11:24:16 PM Subject: Microsoft Product Activation server reachability Anybody else having a problem reaching (what appears to be) the sole Microsoft Product Activation server (wpa.one.microsoft.com)? $ ping wpa.one.microsoft.com PING wpa.one.microsoft.com (94.245.126.107): 56 data bytes 36 bytes from 213.199.189.41: Communication prohibited by filter I get this sourcing from our network, from ATT 3G, and from ye residential DSL connection located in the greater Seattle area. They aren't simply source-filtering. Either that or they are source-filtering for 0.0.0.0/0 . This is apparently the only server/IP they have set up to respond to these requests. wpa.one.microsoft.com resolves to that IP via every DNS server I've tried (so no round-robin A records), Microsoft products that need to activate over the internet only try to resolve that FQDN, and I've looked for others without success (wpa.two.microsoft.com isn't valid, for example). -- Nathan Anderson First Step Internet, LLC nath...@fsr.com I am seeing the same from NYC metro. According to MS ( http://technet.microsoft.com/en-us/library/bb457159.aspx#ECAA), access to that host on 80 and 443 is all that should be required to activate. (and wpa.one.microsoft.com has no , go figure) [ben@razor ~]$ ping wpa.one.microsoft.com PING wpa.one.microsoft.com (94.245.126.107) 56(84) bytes of data. From 213.199.189.41 icmp_seq=2 Packet filtered ^C --- wpa.one.microsoft.com ping statistics --- 6 packets transmitted, 0 received, +1 errors, 100% packet loss, time 5260ms [ben@razor ~]$ telnet wpa.one.microsoft.com 80 Trying 94.245.126.107... ^C [ben@razor ~]$ telnet wpa.one.microsoft.com 443 Trying 94.245.126.107... ^C -- Ben
RE: Microsoft Product Activation server reachability
So the ICMP message communication prohibited by filter must be a normal response to ICMP ping through that gateway. Unfortunately, it's not completely fixed yet, but I'm guessing by this measure of progress that they must be working on it. I now get HTTP 403 in response to any request I send to it. Tried to reactive this copy of Windows Server once more anyway, and now get Online activation cannot be completed at this time. (Message number: 24579) Before, it simply claimed I must not have working internet connectivity. -- Nathan -Original Message- From: Scott Howard [mailto:sc...@doc.net.au] Sent: Thursday, January 10, 2013 10:55 PM To: Ben Carleton Cc: Nathan Anderson; nanog@nanog.org Subject: Re: Microsoft Product Activation server reachability Working now, tested from 3 hosts on different networks on both 80 and 443 : $ telnet wpa.one.microsoft.com 443 Trying 94.245.126.107... Connected to wpa.one.microsoft.com. Escape character is '^]'. Scott On Fri, Jan 11, 2013 at 12:02 AM, Ben Carleton carle...@vanoc.net wrote: - Original Message - From: Nathan Anderson nath...@fsr.com To: nanog@nanog.org nanog@nanog.org Sent: Thursday, January 10, 2013 11:24:16 PM Subject: Microsoft Product Activation server reachability Anybody else having a problem reaching (what appears to be) the sole Microsoft Product Activation server (wpa.one.microsoft.com)? $ ping wpa.one.microsoft.com PING wpa.one.microsoft.com (94.245.126.107): 56 data bytes 36 bytes from 213.199.189.41: Communication prohibited by filter I get this sourcing from our network, from ATT 3G, and from ye residential DSL connection located in the greater Seattle area. They aren't simply source-filtering. Either that or they are source-filtering for 0.0.0.0/0. This is apparently the only server/IP they have set up to respond to these requests. wpa.one.microsoft.com resolves to that IP via every DNS server I've tried (so no round-robin A records), Microsoft products that need to activate over the internet only try to resolve that FQDN, and I've looked for others without success (wpa.two.microsoft.com isn't valid, for example). -- Nathan Anderson First Step Internet, LLC nath...@fsr.com I am seeing the same from NYC metro. According to MS (http://technet.microsoft.com/en-us/library/bb457159.aspx#ECAA), access to that host on 80 and 443 is all that should be required to activate. (and wpa.one.microsoft.com has no , go figure) [ben@razor ~]$ ping wpa.one.microsoft.com PING wpa.one.microsoft.com (94.245.126.107) 56(84) bytes of data. From 213.199.189.41 icmp_seq=2 Packet filtered ^C --- wpa.one.microsoft.com ping statistics --- 6 packets transmitted, 0 received, +1 errors, 100% packet loss, time 5260ms [ben@razor ~]$ telnet wpa.one.microsoft.com 80 Trying 94.245.126.107... ^C [ben@razor ~]$ telnet wpa.one.microsoft.com 443 Trying 94.245.126.107... ^C -- Ben