Hello, I am fairly new to running Windows 2008, and the Advanced Firewall has been a source of frustration for me :-( I understand the reasons for the extra security, and I am trying to embrace it. I am just trying to get stuff to work in this "new" (ha) environment. The server I am having a problem with is Windows 2008 SP1 64 bit. (not R2). It runs Microsoft SQL Server 2008, and the SQL DBA is trying to access our SMTP relay to send herself alerts. This is ServerA. ServerB is Windows 2003 sp2, 32bit. It is running the standard Microsoft SMTP service. Other servers can access it just fine. When I ping ServerB from ServerA, it resolves the name in DNS, but it replies "Request timed out.". When I ping the other way, it works fine. When I ping ServerB from any other server, it also works fine. When I telnet from ServerA to ServerB by saying "telnet ServerB 25" I get "Could not open connection to the host, on port 25:Connection failed" When I telnet from my workstation to ServerB, I can do the HELO, and it responds with the Hello. So I am positive that the SMTP server it working just fine. There is no firewall on ServerB. The infuriating thing is if (from ServerA) I "net use * \\ServerB\c$", it works! The problem is protocol dependant! ICMP and SMTP are not working, but everything else seems to. We have IP based restrictions on our SMTP server (ServerB), and I have verified and reverified the IPs. It is set up to allow ServerA in. So it comes down to Firewall issue, or some kind of weird networking issue. I have tried creating rules on the firewall, that will allow port 25 traffic, I have created rules that will allow all traffic, each way, I have issued the following command : "netsh advfirewall set AllProfiles state off", which disables the firewall. When I first started troubleshooting, I noticed that the Windows Firewall service was completely disabled in Admin Tools/Services, and I renabled it, as Microsoft does not recommend this. I have tried a bunch of things, and I don't know what else to do. It really really seems like a firewall issue, but if that is the case, why is it still a problem when the firewall is off? Any ideas? Thanks! Steve

Hello Steve, Thank you for your question. I am trying to involve someone familiar with this topic to further look at this issue. There might be some time delay. Appreciate your patience. Thank you for your understanding and support. Regards, Bruce This posting is provided "AS IS" with no warranties, and confers no rights. Please remember to click "Mark as Answer" on the post that helps you, and to click "Unmark as Answer" if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

hello steve, to narrow down the issue, please run the following command to disable BFE service and Firewall service on server A. (and if there is anothe firewall or anti-virus application on the server, you may consider disabling them also. ) net stop BFE net stop MPSsvc if the two commands didn't work then we may need to gather netmon trace

Thanks Alex and Bruce! I did the "net stop BFE", and it prompted me to stop 3 other services, IPsec Policy Agent service, Windows Firewall Service, and IKE and AuthIP IPsec Keying Modules Service. Then the Base Filtering Engine service stopped (BFE). Obviously, when I ran "net stop MPSsvc", it said "Windows Firewall Service is not started". It can't hurt to stop it twice though...so I did. I then pinged ServerB, and I got the same result: "Request timed out". I tried stopping all the McAfee antivirus services. I was able to stop all of them but the "McAfee Validation Trust Protection Service". (which is for rootkits and whatnot, and is designed not to stop. If it could be stopped, it wouldn't be very effective against rootkits, I guess!) Anyhow, with all the main mcafee antivirus stuff stopped, it still doesn't ping. I haven't done a netmon trace in about 10 years, but i can look into doing that. I was looking at the firewall log (when it was still on), and there were no blocking events. thanks for your assistance!

Ok. I was able to rule out the firewall as the problem. We have two nics, one on the production network, and one on the Private net for backups. For certain servers, like the SMTP server, it was trying to use the Private net instead the Production. When I disable the nic on the private net, everything works properly. When i reenable it, the problem resurfaces. And yes, I went into the Advanced Settings, and changed the binding order for the nics so Production SHOULD come first. When I first stood up the server, the Private net accidentally was the first nic online. I didn't realize that it mattered. Next server I build, i will make sure that is the case. I guess I'll fiddle with the nics, try to delete and reset up the private net one, and hopefully the OS will see it properly.

Please try disabling RSS To disable receive-side scaling, you have to type the following command at a command prompt: netsh interface tcp set global rss=disabled Sumesh P - Microsoft Online Community Support

OK, I am officially a moron. The network settings for my privatenet nic were incorrect. I compared it to a known working server, and I disabled "Register this connection's suffix in DNS", disabled netbios over tcpip, and fixed the subnet mask. Everything is working now. It was such an odd problem, it was only broken for one server it was trying to connect to, it didn't occur to me that the PrivateNet's nic might have the wrong settings. Thanks for the troubleshooting help!