Like any firewall, the Microsoft software firewall on Windows Server 2016 blocks by default almost all communication ports. Originally, the ping is also denied, even in a WAN local area network / server member. This tutorial explains how to configure the Windows Server 2016 firewall to ping. This is done simply with the WS16 built-in utility for setting advanced firewall security rules.

The procedure is the same under Windows Server 2016 as with previous versions of WindowsServer (2012 / R2, 2008 / R2). Windows Server 1709 and 1803 updates are also affected by this guide.

By default, with the Windows firewall active, a 2016 server does not respond to ping:

Sending a 'ping' request on winserver2016 with 32 bytes of data:
Timeout exceeded the demand.
Timeout exceeded the demand.
Timeout exceeded the demand.
Timeout exceeded the demand.
Ping statistics for 192.168.0.10:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss)

Configure the Windows Server 2016 firewall to accept and respond to ping requests

1. Connect locally or remotely on the Windows Server 2016 machine.

2. Open the Windows Firewall, either by the built-in search or by the Start Menu, Windows Administrative Tools, Windows Firewall with advanced security features .

3. In the left menu, click on ”  Inbound Rules  “:

4. In the right menu, click on ”  New rule  “.

5. In the first Rule Type screen, choose ”  Custom  ” and do Next .

6. Leave ”  All Programs  ” and then Next .

7. Open the “Protocol Type” list to select ”  ICMPv4  ” that corresponds to the Internet Control Message Protocol (ping). Do not change other options on this screen.

8. In the Extended section, leave ”  Any IP address  ” in both fields if there is no particular constraint. Otherwise, specify the specific IP addresses, IP ranges, or subnets that are allowed to ping the machine.

9. What action to take? ”  Allow connection  ” to answer ping requests from another extension.

10. Define on which networks this new rule must be applied: check only Domain to prevent the ping from being allowed on another connection than the one of the company (which should not change for a server).

11. Give this firewall rule a name and click Finish to validate it.

12. The ping is immediately functional from another PC on the network.

Sending a ping request on winserver2016.domain.local [192.168.0.10] with 32 bytes of data:
Answer of 192.168.0.10: bytes = 32 times <1ms TTL = 128
Answer of 192.168.0.10: bytes = 32 times <1ms TTL = 128
Answer of 192.168.0.10: bytes = 32 times <1ms TTL = 128
Answer of 192.168.0.10: bytes = 32 times <1ms TTL = 128
Ping statistics for 192.168.0.10:
Packages: sent = 4, received = 4, lost = 0 (loss 0%),
Approximate loop time in milliseconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms

This tutorial was useful? Say it in the comments and share this guide to help your friends!