Pinging Windows Server 2008

Windows Firewall

Enabling File and Printer Sharing (Echo Request - ICMPv4-In)

One of the most common ways for an administrator to see if a particular server is up or not is to send an ICMP packet to the server or in orther words, to ping it.  This is also known as sending an Echo Request to the server.

As Microsoft tightens security on Windows Server 2008, they have the built-in Windows Firewall blocking ICMP requests by default.  We have a couple of options to unblock this or enable the ping request and reply.  Here’s how you can turn this on using the MMC snap-in:

  1. Open Server Manager
  2. Expand Configuration section
  3. Expand Windows Firewall with Advanced Security (OK, Microsoft, is there a Basic one???)
  4. Click on Inbound Rules
  5. In the middle pane, scroll down and find “File and Printer Sharing (Echo Request – ICMPvX-in)” where the X stands for the IP version number
  6. Right click it and select Enable

If you are running the core version or if you wish to do this via command line, you can accomplish the same thing by issuing the following netsh command:

netsh firewall set icmpsetting 8

Netsh seems to be the simplest way to enable ping on Windows Server 2008 however if lacks some advanced options.  I am not saying that it can’t be done – just stating the obvious that for advanced options, it’s better to get it done via the GUI.

If you want to edit advanced options then right click it and select Properties option instead.  With advanced options, you can fine tune other options like changing the scope so only a certain computers or IP address can ping your server or define which address will response to an ICMP request.

Keep in mind that by enabling ping on your servers, your servers could be subjected to DoS (deny of service) attack since flooding a server with a large number of ping requests is very easy to do.  That’s why when Pinkie was designed, I had specifically set the lowest Ping Delay Time option to be 100 milliseconds.  I could have set it for 1 millisecond or no delay at all.  But can you imagine what happens if someone was to use the tool for malicious intent?

About Brian Dao

I am a former United States Paratrooper; served in the 504th Parachute Infantry Regiment of the 82nd Airborne Division back in the 90's. I've been working in the IT field for over 10 years and have had various positions to include database & server administration, web/desktop application programming and network admin. My current job is to keep the bits from falling out of the switches at Hewlett Packard. Pinkie is a software that I designed and programmed in the wee hours. It's been in the works for over three years during which time, plenty of skittles and cokes have been consumed.

Comments

  1. anxiety says:

    Very interesting info!
    Perfect just what I was looking for!

  2. Boneless says:

    Hi, thanks for the post. I need some help, how can i enable ping response from a machine that is inside the network to internet?… in other words, i have a virtual lab, it has 2 machines: windows 2008 std (the server) and windows xp (the client), after read your post i can ping the server from the client, but, i can’t ping from the client to internet (i.e ping google.com), the dns service resolves the ip for google.com but the ping doesn’t respond. Thanks a lot for any help. Sorry for my english 😀

  3. Pal says:

    Perfect Solution. Thanks.

Speak Your Mind