One of the most common ways for an administrator to see if a particular server is up or not is to send an ICMP packet to the server or in orther words, to ping it. This is also known as sending an Echo Request to the server.
As Microsoft tightens security on Windows Server 2008, they have the built-in Windows Firewall blocking ICMP requests by default. We have a couple of options to unblock this or enable the ping request and reply. Here’s how you can turn this on using the MMC snap-in:
- Open Server Manager
- Expand Configuration section
- Expand Windows Firewall with Advanced Security (OK, Microsoft, is there a Basic one???)
- Click on Inbound Rules
- In the middle pane, scroll down and find “File and Printer Sharing (Echo Request – ICMPvX-in)” where the X stands for the IP version number
- Right click it and select Enable
If you are running the core version or if you wish to do this via command line, you can accomplish the same thing by issuing the following netsh command:
netsh firewall set icmpsetting 8
Netsh seems to be the simplest way to enable ping on Windows Server 2008 however if lacks some advanced options. I am not saying that it can’t be done – just stating the obvious that for advanced options, it’s better to get it done via the GUI.
If you want to edit advanced options then right click it and select Properties option instead. With advanced options, you can fine tune other options like changing the scope so only a certain computers or IP address can ping your server or define which address will response to an ICMP request.
Keep in mind that by enabling ping on your servers, your servers could be subjected to DoS (deny of service) attack since flooding a server with a large number of ping requests is very easy to do. That’s why when Pinkie was designed, I had specifically set the lowest Ping Delay Time option to be 100 milliseconds. I could have set it for 1 millisecond or no delay at all. But can you imagine what happens if someone was to use the tool for malicious intent?