The Ping.exe Command Line Tool

Updated: November 18, 2009

Applies To: Windows Server 2008 R2

You use the Ping.exe command line tool in DirectAccess to verify name resolution and reachability. For example, you can use Ping.exe for the following:

• Internet Protocol version 4 (IPv4) and Internet Protocol version 6 (IPv6)-based reachability of the DirectAccess server across the Internet

• IPv6-based reachability of intranet resources beyond the DirectAccess server, such as the intranet DNS server

• Intranet name resolution

For example, if you cannot reach any intranet resources, you can do the following from the DirectAccess client:

1. Use the netsh namespace show effectivepolicy command to obtain the IPv6 address of your intranet Domain Name System (DNS) server.

   If your computer has determined that it is on the intranet, the netsh namespace show effectivepolicy command will display no intranet DNS servers.

2. Use the Ping.exe tool to ping the IPv6 address of your intranet DNS server.

3. If step 2 is not successful, troubleshoot IPv6 routing and reachability issues between the DirectAccess client and intranet DNS server.

4. If step 2 is successful, use the Ping.exe tool with the -6 option to ping the name of the intranet server.

5. If step 4 is not successful, troubleshoot Internet Protocol security (IPsec) negotiation issues between the DirectAccess client and DirectAccess server.

This simplified troubleshooting example is based on the full intranet and selected server access models and their default IPsec global settings, which exempt Internet Control Message Protocol (ICMP) traffic from IPsec protection. Therefore, it is possible for step 2 to succeed (the DirectAccess client sends only ICMP for IPv6 [ICMPv6] traffic, which is exempt from IPsec protection) and step 4 to fail (the DirectAccess client sends DNS traffic, which is not exempt from IPsec protection).