Microsoft Product Activation server reachability
nathana at fsr.com
Fri Jan 11 07:01:08 UTC 2013
So the ICMP message "communication prohibited by filter" must be a normal response to ICMP ping through that gateway.
Unfortunately, it's not completely fixed yet, but I'm guessing by this measure of progress that they must be working on it. I now get HTTP 403 in response to any request I send to it. Tried to reactive this copy of Windows Server once more anyway, and now get "Online activation cannot be completed at this time." (Message number: 24579) Before, it simply claimed I must not have working internet connectivity.
From: Scott Howard [mailto:scott at doc.net.au]
Sent: Thursday, January 10, 2013 10:55 PM
To: Ben Carleton
Cc: Nathan Anderson; nanog at nanog.org
Subject: Re: Microsoft Product Activation server reachability
Working now, tested from 3 hosts on different networks on both 80 and 443 :
$ telnet wpa.one.microsoft.com 443
Connected to wpa.one.microsoft.com.
Escape character is '^]'.
On Fri, Jan 11, 2013 at 12:02 AM, Ben Carleton <carleton at vanoc.net> wrote:
----- Original Message -----
> From: "Nathan Anderson" <nathana at fsr.com>
> To: "nanog at nanog.org" <nanog at nanog.org>
> Sent: Thursday, January 10, 2013 11:24:16 PM
> Subject: Microsoft Product Activation server reachability
> Anybody else having a problem reaching (what appears to be) the sole
> Microsoft Product Activation server (wpa.one.microsoft.com)?
> $ ping wpa.one.microsoft.com
> PING wpa.one.microsoft.com (18.104.22.168): 56 data bytes
> 36 bytes from 22.214.171.124: Communication prohibited by filter
> I get this sourcing from our network, from AT&T 3G, and from ye residential
> DSL connection located in the greater Seattle area. They aren't simply
> source-filtering. Either that or they are source-filtering for 0.0.0.0/0.
> This is apparently the only server/IP they have set up to respond to these
> requests. wpa.one.microsoft.com resolves to that IP via every DNS server
> I've tried (so no round-robin A records), Microsoft products that need to
> activate over the internet only try to resolve that FQDN, and I've looked
> for others without success (wpa.two.microsoft.com isn't valid, for example).
> Nathan Anderson
> First Step Internet, LLC
> nathana at fsr.com
I am seeing the same from NYC metro. According to MS (http://technet.microsoft.com/en-us/library/bb457159.aspx#ECAA), access to that host on 80 and 443 is all that should be required to activate. (and wpa.one.microsoft.com has no AAAA, go figure)
[ben at razor ~]$ ping wpa.one.microsoft.com
PING wpa.one.microsoft.com (126.96.36.199) 56(84) bytes of data.
From 188.8.131.52 icmp_seq=2 Packet filtered
--- wpa.one.microsoft.com ping statistics ---
6 packets transmitted, 0 received, +1 errors, 100% packet loss, time 5260ms
[ben at razor ~]$ telnet wpa.one.microsoft.com 80
[ben at razor ~]$ telnet wpa.one.microsoft.com 443
More information about the NANOG