This topic describes the causes of and solutions to the issue that a general fault occurs when you ping the public IP address of a Windows Elastic Compute Service (ECS) instance.
Problem description
When you ping the public IP address of a Windows instance, you are prompted with a general fault or a common issue.
Causes
The preceding issue may occur due to different causes. The following table describes the causes and the corresponding solutions.
Cause | Solution |
Cause | Solution |
Third-party antivirus software or security protection software is installed on the Windows instance. | Check third-party antivirus software or security protection software |
The internal gateway and route configurations of the Windows instance are incorrect. | Check the gateway and route configurations of the Windows instance |
Other causes. |
Solutions
Check third-party antivirus software or security protection software
Third-party antivirus software or security protection software may have network protection capabilities to control traffic similar to a firewall.
If third-party antivirus software or security protection software is installed on the Windows instance, uninstall or temporarily disable the software. Then, ping the public IP address of the instance again.
Check the gateway and route configurations of the Windows instance
You must configure the correct default gateway address and default route for an instance to communicate with the Internet. If the configurations are incomplete or incorrect, the instance may be unable to access the Internet. To troubleshoot the issue, perform the following steps:
Step 1: Check the default gateway configuration
Run the ipconfig command to view the default gateway configuration.
Check whether the default gateway address is correct. You can compare the default gateway address of the Windows instance against the IPv4 CIDR block of the vSwitch to which the instance is connected. If the default gateway address is the third-to-last address within the CIDR block of the vSwitch, the address is correct. In this example, the CIDR block of the vSwitch is 172.16.0.0/24, as shown in the preceding figure. The correct default gateway address is 172.16.0.253.
If the default gateway information is not displayed in the instance or the default gateway address is incorrect, perform the following steps to reconfigure the default gateway.
In this example, an instance that runs Windows Server 2022 is used.
Open Network and Sharing Center.
Click Change adapter settings.
Double-click the primary elastic network interface (ENI) named Ethernet. Then, click Properties in the Ethernet Status dialog box.
In the Ethernet Properties dialog box, double-click Internet Protocol Version 4 (TCP/IPv4).
In the Internet Protocol Version 4 (TCP/IPv4) Properties dialog box, select Obtain an IP address automatically for automatic address assignment or select Use the following IP address to configure the correct IP address settings, including the default gateway.
Click OK.
Step 2: Check the default route
Run the route print command to check whether a default route exists.
The route whose network destination and network mask are 0.0.0.0 is the default route, as shown in the following figure. The Windows instance uses the default route to communicate with the Internet.
If no default route is available, run the following command to add a default route and replace <Default gateway address> with the actual default gateway address:
route -p add 0.0.0.0 mask 0.0.0.0 <Default gateway address>Sample command:
route -p add 0.0.0.0 mask 0.0.0.0 172.16.0.253Troubleshoot other causes
The following factors may also cause the preceding issue:
A network adapter is disabled or does not work as expected.
The network protocol stack is damaged due to viruses or malware.
You enabled specific built-in network tools, which are disabled by default, but you incorrectly configured the tools. In this case, you can configure rules to restrict network traffic and temporarily disable the network tools for troubleshooting.
Open Device Manager.
Check whether the network adapters work as expected. If a network adapter is disabled, you must enable it. If a network adapter does not work as expected or the version of a network adapter is outdated, update the driver as described in Install the virtio driver.
In this example, an instance that runs Windows Server 2012 is used. Operations for instances that run other Windows Server versions are similar.
In the lower-left corner of the desktop, click the
icon to start Server Manager. In the upper-right corner, choose Tools > Windows Defender Firewall with Advanced Security.
Check the status of the firewall.
If the firewall is disabled, no additional operation is required.
If the firewall is enabled, perform the following operations:
In the Windows Defender Firewall with Advanced Security window, click Outbound Rules.
Check whether a block rule prohibits outbound access. If a block rule prohibits outbound access, disable or modify the rule.
Open Local Security Policy.
Click IP Security Policies On Local Computer, right-click an existing security policy, and then select Properties. Check the security policy.
If Yes is displayed in the Policy Assigned column of the policy and the policy contains block rules, disable or modify the policy.
Open Server Manager. In the upper-right corner, choose Tools > Routing and Remote Access.
If the routing and remote access tool is not found, the tool is not installed. In this case, no additional operations are required.
Disable the tool.
