File and Printer Sharing (Echo Request - ICMPv4-In) Rule no longer working after Windows Update

Question

_{Sunday, November 29, 2015 12:30 PM}

Seems my Windows 10 updated today and I can't ping my computer anymore. This has been working for a long time and suddenly it stops working after this update. The File and Printer Sharing (Echo Request - ICMPv4-In) rule is still enabled. When I disable my Windows firewall, I can again ping my computer. What has changed in this latest update en why does the Windows Firewall rule File and Printer Sharing (Echo Request - ICMPv4-In) no longer allows icmp requests..... 

I enabled loggign of dropped packets and see this in pfirewall.log everyt time a ping is dropped..

2015-11-29 13:20:45 DROP ICMP 212.71.234.84 78.21.33.152 - - 84 - - - - 8 0 - RECEIVE

Please let me know what I can to do tore-allow ICMP...

All replies (11)

_{Monday, November 30, 2015 4:36 PM ✅Answered | 2 votes}

Found the problem. Apparently the fall update set the scope of 'File and Printer Sharing (Echo Request - ICMPv4-In)' -> remote ip address to 'Local subnet'.

When I change it to 'Any IP address' or the IP of my CentOS server it works again....

_{Sunday, November 29, 2015 1:29 PM}

The IP addresses for the dropped packets are two public addresses, so what IP is it trying to ping? To me if looks like the name lookup is failing and DNS is resolving the name to public DNS servers, which do not respond to ping.

So can you ping the Windows 10 machine by IP?

Pinging the name what IP is it trying to ping?

_{Sunday, November 29, 2015 4:19 PM}

The first ip 212.71.234.84 is the ip of the server from where I'm pinging... 78.21.33.152 is the current ip of my Windows 10 pc.

I cannot ping the WIndows 10 machine by ip, neitehr by the dyndns record. This has worked for a long time and only stopped working since the update.

_{Sunday, November 29, 2015 4:28 PM | 1 vote}

Ok. For information I can ping Windows 10 all updates on my local network.

What happens if you try;

tracert -4 78.21.33.152

I get as far as 213.224.206.140.

_{Sunday, November 29, 2015 4:50 PM}

It's a CentOS server:

traceroute to 78.21.33.152 (78.21.33.152), 30 hops max, 60 byte packets
 1  router2-lon.linode.com (212.111.33.230)  0.547 ms  0.711 ms  0.753 ms
 2  212.111.33.237 (212.111.33.237)  1.116 ms  1.317 ms  1.298 ms
 3  xe-9-0-2.edge3.London1.Level3.net (212.113.15.169)  0.955 ms  0.953 ms  0.945 ms
 4  ae-0-11.bar1.Brussels1.Level3.net (4.69.148.177)  5.666 ms  5.656 ms  5.628 ms
 5  212.3.238.130 (212.3.238.130)  5.667 ms  5.652 ms  5.626 ms
 6  dD5E0FA65.access.telenet.be (213.224.250.101)  9.180 ms  9.214 ms  9.281 ms
 7  dD5E0FA11.access.telenet.be (213.224.250.17)  8.768 ms  8.778 ms  8.759 ms
 8  * * *

But the fact that when I disable the firewall on the Windows 10 it suddenly works must mean the problem is in the firewall no? This is the traceroute when the fw is disabled:

➜  ~  traceroute 78.21.33.152
traceroute to 78.21.33.152 (78.21.33.152), 30 hops max, 60 byte packets
 1  router2-lon.linode.com (212.111.33.230)  0.687 ms  0.682 ms  0.817 ms
 2  212.111.33.237 (212.111.33.237)  1.236 ms  1.319 ms  1.087 ms
 3  xe-9-0-2.edge3.London1.Level3.net (212.113.15.169)  0.978 ms  0.952 ms  0.960 ms
 4  ae-0-11.bar1.Brussels1.Level3.net (4.69.148.177)  5.736 ms  5.764 ms  5.762 ms
 5  212.3.238.130 (212.3.238.130)  5.759 ms  5.755 ms  5.748 ms
 6  dD5E0FA65.access.telenet.be (213.224.250.101)  9.250 ms  9.315 ms  9.239 ms
 7  dD5E0FA11.access.telenet.be (213.224.250.17)  8.765 ms  8.765 ms  8.753 ms
 8  * * *
 9  78-21-33-152.access.telenet.be (78.21.33.152)  18.608 ms * *

Thanks for helping me troubleshoot this by the way. 

_{Sunday, November 29, 2015 5:06 PM | 1 vote}

Yes sorry overlooked the fact you said turning the firewall off and it works. So can only think the network Windows 10 thinks it is on has changed, i.e. Private, Domain, Public. I get the three different rules on firewall for 'File and Printer Sharing (Echo Request - ICMPv4-In)'. So for the firewall off test you turn it off completely? Perhaps check the network type Windows 10 is reporting.

_{Sunday, November 29, 2015 5:17 PM}

Hey Mr Happy, 

Yes I deactivated it completely and then it's working. I also tried to restore the default settings of the Windows Firewall to be 100 % sure there was no bogus rule somewhere. Then I re-enabled the 'File and Printer Sharing (Echo Request - ICMPv4-In)' for Public, Domain and Private. But it still does not work. Only disabling the firewall make it work again.

This is very weird and I have not seen this ever (while I do have 8 years experience as a sysadmin)...  I have been monitoring my home pc from my Linode CentOS server with Nagios XI for months without any problem.

My network and sharing center says it's a 'Public Network'. It's like the 'File and Printer Sharing (Echo Request - ICMPv4-In)' are never applied.

_{Sunday, November 29, 2015 6:40 PM | 1 vote}

Someone once said "Windows 10 is like a box chocolates..."

Throwing things out there, on the General tab of the rule, if I set Allow the connection if it secure stops my ping. Also on the Advanced tab perhaps try the Edge traversal rule, set to Block edge traversal by default. Does not look like that has changed (did check a 10240 build) but maybe worth a try. Not sure you are NAT'd on the way as both public addresses.

_{Sunday, November 29, 2015 7:47 PM}

It is set to "Allow the connection" and not on "Allow the connection if it is secure". Edge traversal is set to "Block edge traversal" (also tried with allow). I'm not natted between the two and are indeed two public ip addresses.

_{Monday, November 30, 2015 5:52 PM | 1 vote}

Interesting that is set to Local subnet on the Public rule. Thanks for sharing.

_{Monday, October 1, 2018 11:10 PM}

Thank you. Had same problem.