Microsoft Product Activation server reachability

Nathan Anderson nathana at fsr.com
Fri Jan 11 07:01:08 UTC 2013


So the ICMP message "communication prohibited by filter" must be a normal response to ICMP ping through that gateway.

Unfortunately, it's not completely fixed yet, but I'm guessing by this measure of progress that they must be working on it.  I now get HTTP 403 in response to any request I send to it.  Tried to reactive this copy of Windows Server once more anyway, and now get "Online activation cannot be completed at this time." (Message number: 24579)  Before, it simply claimed I must not have working internet connectivity.

-- Nathan

-----Original Message-----
From: Scott Howard [mailto:scott at doc.net.au] 
Sent: Thursday, January 10, 2013 10:55 PM
To: Ben Carleton
Cc: Nathan Anderson; nanog at nanog.org
Subject: Re: Microsoft Product Activation server reachability

Working now, tested from 3 hosts on different networks on both 80 and 443 :

$ telnet wpa.one.microsoft.com 443
Trying 94.245.126.107...
Connected to wpa.one.microsoft.com.
Escape character is '^]'.


  Scott



On Fri, Jan 11, 2013 at 12:02 AM, Ben Carleton <carleton at vanoc.net> wrote:


	----- Original Message -----
	> From: "Nathan Anderson" <nathana at fsr.com>
	> To: "nanog at nanog.org" <nanog at nanog.org>
	> Sent: Thursday, January 10, 2013 11:24:16 PM
	> Subject: Microsoft Product Activation server reachability
	>
	> Anybody else having a problem reaching (what appears to be) the sole
	> Microsoft Product Activation server (wpa.one.microsoft.com)?
	>
	> $ ping wpa.one.microsoft.com
	> PING wpa.one.microsoft.com (94.245.126.107): 56 data bytes
	> 36 bytes from 213.199.189.41: Communication prohibited by filter
	>
	> I get this sourcing from our network, from AT&T 3G, and from ye residential
	> DSL connection located in the greater Seattle area. They aren't simply
	> source-filtering. Either that or they are source-filtering for 0.0.0.0/0.
	>
	> This is apparently the only server/IP they have set up to respond to these
	> requests. wpa.one.microsoft.com resolves to that IP via every DNS server
	> I've tried (so no round-robin A records), Microsoft products that need to
	> activate over the internet only try to resolve that FQDN, and I've looked
	> for others without success (wpa.two.microsoft.com isn't valid, for example).
	>
	> --
	> Nathan Anderson
	> First Step Internet, LLC
	> nathana at fsr.com
	>
	>
	
	
	I am seeing the same from NYC metro. According to MS (http://technet.microsoft.com/en-us/library/bb457159.aspx#ECAA), access to that host on 80 and 443 is all that should be required to activate. (and wpa.one.microsoft.com has no AAAA, go figure)
	
	[ben at razor ~]$ ping wpa.one.microsoft.com
	
	PING wpa.one.microsoft.com (94.245.126.107) 56(84) bytes of data.
	
	From 213.199.189.41 icmp_seq=2 Packet filtered
	^C
	--- wpa.one.microsoft.com ping statistics ---
	6 packets transmitted, 0 received, +1 errors, 100% packet loss, time 5260ms
	
	[ben at razor ~]$ telnet wpa.one.microsoft.com 80
	Trying 94.245.126.107...
	^C
	[ben at razor ~]$ telnet wpa.one.microsoft.com 443
	Trying 94.245.126.107...
	^C
	
	-- Ben
	
	





More information about the NANOG mailing list