VM cannot ping outside of its Host

Question

VM cannot ping outside of its Host

SBrickey23 25

Hello all,

I've been working on a lab network to test out live migrations.

Host 1:

VM 1

Host 2: (Joined to the Domain)

VM 2 (Current Domain Controller) (DNS Server)

I have set static IP addresses for all of these devices. However, from each VM I can only ping the Host that the VM is on. I can also ping the VM from the Host. My problem is that I cannot ping the opposite Host or VM from the VM I'm working with.

To make that a little easier to understand, here is an example:
HOST 1 can Ping VM 1 and vice-versa.
HOST 2 can Ping VM 2 and vice-versa.
HOST 2 can Ping HOST 1 and vice-versa.

VM 1 cannot ping HOST 2 or VM 2
VM 2 cannot ping HOST 1 or VM 1

Windows Firewall is completely disabled on all of the computers, Network Discovery is enabled on all computers. Each VM is configured with an external switch in Hyper-V Manager.

VM 2 shows "No Internet" in the taskbar, however it can ping Google.com, ping its Host, and shows the domain name in the ncpa.cpl menu.
Just to note, HOST 1 and VM 1 cannot ping the DNS server or Domain on VM 2.

Any help or suggestions? Thanks!

Accepted answer

6 additional answers

Your answer

Answer 1

Anonymous

The host address has nothing to do with this. Pinging the host also makes no difference as far as the vms are concerned. Can the vms reach the router? Might check (on both vms)

ping 10.10.10.17

and also

tracert 8.8.8.8

another thing to try is recreating the vSwitches. When you create a new external vSwitch the internet protocols are removed from the adapter and the Hyper-V Extensible Switch protocol is added turning that physical port into a multi-port virtual switch. Connect your VMs to this vSwitch and use each VM's vEthernet to configure the addressing in the exact same manner as if it were a physical NIC

--please don't forget to upvote and Accept as answer if the reply is helpful--

SBrickey23 25 Reputation points

2023-08-04T21:17:25.45+00:00

The Ping to the router was successful on both VM's. The tracert was also successful. I reinstalled both Virtual Switches on the VM's and then set the IPv4 and DNS settings on the NIC inside the virtual machine connection using the ncpa.cpl panel.

Still, the ping from VM1 to VM2 and vice versa was unsuccessful.
Anonymous

2023-08-04T21:26:41.6066667+00:00

Try changing the subnet mask on both vms to 255.255.255.0
SBrickey23 25 Reputation points

2023-08-04T21:45:22.0166667+00:00

Same result.
Anonymous

2023-08-04T21:52:16.1833333+00:00

Might try standing up some new ones for testing. Leave them OOB as far as everything is concerned and enable ICMPv4 on all three profiles.
SBrickey23 25 Reputation points

2023-08-04T21:54:49.4666667+00:00

Probably my best bet at this point, going to start on this on Monday as I'm leaving the office for the weekend. Thanks for your help!
Anonymous

2023-08-04T22:04:05.0933333+00:00

Sounds good.

Answer 2

Anonymous

Make sure the guests on each host are using external vSwitches and that there's a route defined between them.

And separately I'd check the domain controller and problem members have the static ip address of DC listed for DNS and no others such as a router or public DNS.

Also post the unedited results below

ipconfig /all > C:\vm1.txt	  
ipconfig /all > C:\vm2.txt

--please don't forget to upvote and Accept as answer if the reply is helpful--

Anonymous

2023-08-04T12:15:20.8+00:00

Just checking if there's any progress or updates?

--please don't forget to upvote and Accept as answer if the reply is helpful--

SBrickey23 25

Sorry, just got back to the office to work on this again.

All of the VM's are set to use external switches.

Here are the outputs from the two VM's:

VM1:

Windows IP Configuration

   Host Name . . . . . . . . . . . . : COSTELLO
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Ethernet:

   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft Hyper-V Network Adapter
   Physical Address. . . . . . . . . : 00-15-5D-0A-13-01
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::95d1:54fe:2ba0:408f%8(Preferred) 
   IPv4 Address. . . . . . . . . . . : 10.10.10.21(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.240
   Default Gateway . . . . . . . . . : 10.10.10.17
   DHCPv6 IAID . . . . . . . . . . . : 100668765
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-2C-5C-84-88-00-15-5D-0A-13-01
   DNS Servers . . . . . . . . . . . : 10.10.10.20
                                       10.10.10.21
   NetBIOS over Tcpip. . . . . . . . : Enabled

VM2:

Windows IP Configuration

   Host Name . . . . . . . . . . . . : ABBOTT
   Primary Dns Suffix  . . . . . . . : vbr.local
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : vbr.local

Ethernet adapter Ethernet:

   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft Hyper-V Network Adapter
   Physical Address. . . . . . . . . : 00-15-5D-0A-13-01
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::b4a0:5ac:d210:5e73%14(Preferred) 
   IPv4 Address. . . . . . . . . . . : 10.10.10.20(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.240
   Default Gateway . . . . . . . . . : 10.10.10.17
   DHCPv6 IAID . . . . . . . . . . . : 100668765
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-2C-5C-66-16-00-15-5D-0A-13-01
   DNS Servers . . . . . . . . . . . : ::1
                                       127.0.0.1
                                       10.10.10.21
   NetBIOS over Tcpip. . . . . . . . : Enabled

Thanks!

Answer 3

Anonymous

Looks like there may be a rouge IPv6 DHCP server (probably a router?) on the network. If IPv6 is used and not configured correctly this will cause no end to grief (especially for domain controllers)

--please don't forget to upvote and Accept as answer if the reply is helpful--

Anonymous

2023-08-04T15:04:53.55+00:00

Just checking if there's any progress or updates?

--please don't forget to upvote and Accept as answer if the reply is helpful--
SBrickey23 25 Reputation points

2023-08-04T15:09:47.4666667+00:00

As you said, my router was unintentionally running an IPv6 DHCP server, which I have now disabled. I also disabled IPv6 via the Registry Editor and the individual NIC's on each Host and VM. However, this did not fix the issue. I am still unable to ping from the VM to the other host or VM.

Answer 4

Anonymous

Are the hosts side-by-side or on opposite sides of the earth? Wondering about the route between vSwitches. I'd check that both got the domain network profile. ICMPv4 firewall rule is not enabled by default unless the domain profile is in use.

When NLA starts to detect the network location, the machine will contact a domain controller via port 389. If this detection is successful, it will get the domain firewall profile (allowing for correct ports) and we cannot change the network location profile.

If the domain was not found or process failed, NLA will let you to determine which firewall profile will be used, private or public, likely defaulting to Public

If problems persist then please run;

Dcdiag /v /c /d /e /s:%computername% >C:\dcdiag.log (run on PDC emulator)
repadmin /showrepl >C:\repl.txt (run on any domain controller)
ipconfig /all > C:\%computername%.txt (run on EVERY domain controller)
ipconfig /all > C:\problemVM.txt (run on problem VM)

Also check the domain controller System and Replication (DFS or FRS) event logs for errors since last boot. Post the Event Source and Event IDs of any found. (no evtx files)

then put unzipped text files up on OneDrive and share a link.

Anonymous

2023-08-04T18:02:35.22+00:00

Just checking if there's any progress or updates?

--please don't forget to upvote and Accept as answer if the reply is helpful--
SBrickey23 25 Reputation points

2023-08-04T18:39:24.7366667+00:00

The Hosts are directly next to each other and are connected by an unmanaged switch. The router provides the path from the local network to the internet and is the only other device connected to the network.

Windows Firewall is completely disabled on all devices since this is purely a test environment.

The Domain Controller and the Host connected to the Domain both have picked up the Domain profile, however since the other Host and VM are not connected to the domain (because they are unable to contact it) they are still just on a private profile.

Here is the output from those commands:

https://1drv.ms/f/s!ApGagamgg9cvgRYBcGPc1erbQ21q?e=zlNl9N

System Event Log:
Error 10028 - Source DistributedCOM

I was unable to locate the FRS event log in the event viewer.

Answer 5

Anonymous

At a minimum a domain controller should have its own static ip address listed for DNS plus the loopback (127.0.0.1) listed for DNS also remove the invalid 10.10.10.21 then do ipconfig /flushdns, ipconfig /registerdns, and restart the netlogon service

The Time Server is not running on ABBOTT

"server holding the PDC role is down"

sc triggerinfo w32time start/networkon stop/networkoff

may solve this problem. Then reboot and wait about 10 minutes for services to start up.

--please don't forget to upvote and Accept as answer if the reply is helpful--

SBrickey23 25 Reputation points

2023-08-04T20:13:42.6266667+00:00

Unfortunately even after these changes, I am still unable to ping the other Host (Host1) or VM (VM1) from the Domain Controller (VM2). Here are screenshots of my NIC settings just to confirm my settings.

Host 2:

https://imgur.com/a/obb7fQv

VM 2:

https://imgur.com/a/2E2l651

Share via

VM cannot ping outside of its Host

6 additional answers

Your answer