Enable Ping Windows Server 2012 R2

  1. Server 2012 R2 Repair Install
  2. Enable Ping On Windows Server 2012 R2

Enable Ping Windows Server 2012 R2. 6/24/2019 0 Comments Aug 08, 2018 The below guide shows you how to enable ping in Windows Server 2016 or 2012 R2 OS. Though the original post was written and screenshots are taken based on Windows 2012 R2 server, but the same steps are applicable for Windows 2012 R2 also. Once opened, click on Inbound Rules at the top left. Scroll down and select File and Printer Sharing (Echo Request – ICMPv4 – In). Once selected, click on Enable Rule. When the rules are enabled, you will now be able to ping your server IP address. Come back and check for new updates. The rule is already present in Windows Server 2012, and you just need to enable it. For this purpose, select “Inbound Rules”. Search and right-click on “File and Printer Sharing” (Echo Request-ICMPV4-In). Choose the option of Enable Rule. Now, ping requests are allowed on Windows 2012 R2 Server.

You have just deployed a shiny new Windows 2012 R2 member server, and joined it to the domain. After the server has restarted you try and ping it from one of the other domain machines, but ping is dropped. You check the Network Location Awareness, as you have been burnt by that before, but that is fine and it can see the AD domain.

In the below example, note that the DNS request was successful. The name was resolved to an IP address, yes it is the correct one, and then the ICMP requests time out. What may also confuse matters is that other machines do respond to the ping requests. Note that the DC does respond, but the other server does not. Exchange is not yet installed onto that machine.

What typically happens at this point is that the Windows Firewall is disabled, and since ping now works the firewall is never re-enabled. This is not a good security practice at all. We aim to have defence in depth, and host based firewalls are one part of a holistic solution. Much better to figure out what is driving the behaviour, and then we can address it.

Default Windows Firewall Behaviour

Windows firewall was introduced way back with Windows XP SP2. XP SP2 was a huge overhaul, and introduced many security features. Windows Firewall is present and enabled by default in Windows today. Depending on the Windows roles and features which are installed, you will find different Windows Firewall rules enabled. This is an action which is performed when the role or feature was installed. These rules are required for the role or feature to function.

This accounts for the difference observed above. The domain controller responded, but the bare-bones OS did not. Why?

The installation of the AD DS role also adds the File Server role, and File Server role enables its Windows Firewall rules to allow ping. This is illustrated below.

Windows 2012 R2 Domain Controller

Windows 2012 R2 Member Server. Note that the File Server role is not installed.

Enabling IMCP v4 Using PowerShell

Server 2012 R2 Repair Install

To enable the File and Printer Sharing (Echo Request – ICMPv4-In) rule in PowerShell we can use the below commands. Firstly we enable the rule, it applies to all profiles, and then we check the status:

Note that there is a separate rule for IPv6, this is the rule called File and Printer Sharing (Echo Request – ICMPv6-In). You can also use the reference it using FPS-ICMP6-ERQ-In, see the note at the end of this post on the difference between these long and short names.

Enabling IMCP v4 Using MMC

Enable Ping On Windows Server 2012 R2

There are a couple of ways to launch the graphical configuration tool. You will find Windows Firewall with Advanced Security listed under Administrative Tools. Alternatively you can run WF.msc and it will launch. The console is shown below. Note that the rules are filtered so that only the domain profile ones are shown. The File and Printer Sharing (Echo Request – ICMPv4-In rule is highlighted in the large red box.

Right click to enable the rule, and the status will change from grey to green.

Note that there is a separate rule for IPv6, this is the rule called File and Printer Sharing (Echo Request – ICMPv6-In).

Windows Firewall Intricacy

2012

In the above examples, you will have noticed that the below syntax was used to work with the firewall rule:

The Name attribute was used rather than DisplayName. This was to make the output more readable. The example below has the full display name of the rule, and since it has spaces must be enclosed within quotes. It is a bit more cumbersome to type and read.

Bonus

Now that you can adjust the individual Windows Firewall rule for ICMP, the next one you will typically want to review is the rule to allow SMB. This will allow you to connect to shared folders on the remote machine.

Hint – it is called File and Printer Sharing (SMB-In)

Cheers,

Rhoderick

Comments are closed.