Microsoft Product Activation server reachability

Nathan Anderson nathana at
Fri Jan 11 07:01:08 UTC 2013

So the ICMP message "communication prohibited by filter" must be a normal response to ICMP ping through that gateway.

Unfortunately, it's not completely fixed yet, but I'm guessing by this measure of progress that they must be working on it.  I now get HTTP 403 in response to any request I send to it.  Tried to reactive this copy of Windows Server once more anyway, and now get "Online activation cannot be completed at this time." (Message number: 24579)  Before, it simply claimed I must not have working internet connectivity.

-- Nathan

-----Original Message-----
From: Scott Howard [mailto:scott at] 
Sent: Thursday, January 10, 2013 10:55 PM
To: Ben Carleton
Cc: Nathan Anderson; nanog at
Subject: Re: Microsoft Product Activation server reachability

Working now, tested from 3 hosts on different networks on both 80 and 443 :

$ telnet 443
Connected to
Escape character is '^]'.


On Fri, Jan 11, 2013 at 12:02 AM, Ben Carleton <carleton at> wrote:

	----- Original Message -----
	> From: "Nathan Anderson" <nathana at>
	> To: "nanog at" <nanog at>
	> Sent: Thursday, January 10, 2013 11:24:16 PM
	> Subject: Microsoft Product Activation server reachability
	> Anybody else having a problem reaching (what appears to be) the sole
	> Microsoft Product Activation server (
	> $ ping
	> PING ( 56 data bytes
	> 36 bytes from Communication prohibited by filter
	> I get this sourcing from our network, from AT&T 3G, and from ye residential
	> DSL connection located in the greater Seattle area. They aren't simply
	> source-filtering. Either that or they are source-filtering for
	> This is apparently the only server/IP they have set up to respond to these
	> requests. resolves to that IP via every DNS server
	> I've tried (so no round-robin A records), Microsoft products that need to
	> activate over the internet only try to resolve that FQDN, and I've looked
	> for others without success ( isn't valid, for example).
	> --
	> Nathan Anderson
	> First Step Internet, LLC
	> nathana at
	I am seeing the same from NYC metro. According to MS (, access to that host on 80 and 443 is all that should be required to activate. (and has no AAAA, go figure)
	[ben at razor ~]$ ping
	PING ( 56(84) bytes of data.
	From icmp_seq=2 Packet filtered
	--- ping statistics ---
	6 packets transmitted, 0 received, +1 errors, 100% packet loss, time 5260ms
	[ben at razor ~]$ telnet 80
	[ben at razor ~]$ telnet 443
	-- Ben

More information about the NANOG mailing list