A frustrating problem

My LAN topology is this:
<router> -> 'server1'(Win7)
<router> -> <switch> -> 'andruewfh'(Win10)
<router> -> <WAP> -(wifi)-> 'andrue-laptop2'(Win10)

Now all of the above works for individual use and has done for several years now. All machines are in the same Homegroup.
In addition I can:
* From 'andrue-laptop2' access files on and remotely control 'server1'
* From 'andruewfh' access files on and remotely control 'server1'

But what I cannot do is get 'andrue-laptop2' talking to 'andruewfh'. If I try to ping 'andruewfh' from 'andrue-laptop2' I get:
Pinging andruewfh.home.gateway [192.168.1.111] with 32 bytes of data:
Request timed out.

In the reverse direction I get:
Pinging andrue-laptop2.home.gateway [192.168.1.108] with 32 bytes of data:
Destination host unreachable.

From either of those two machines pinging 'server1' does not show the DNS suffix and also uses IPv6 (For what it's worth I have IPv6 on my WAN as well).

I do have quite a bit of experience with Windows networking but I cannot work out what the problem is here. Those two machines just don't want to talk to each other :-/

What router, WAP and switch?

In reply to a post by ian007jen:

What router, WAP and switch?

Router is Billion 8800nr2. WAP is a TP-LINK TL-WR841N with DHCP turned off. The switch mentioned in my first post is a TP-LINK TL-SG1008D V6.

I forgot to mention that I do have an Ethernet cable available for laptop and I get the the same result. The topography there is:

<router> -> <switch> -> <andrue-laptop2>

That is a different switch. That's a TP-Link 5-Port 10/100.

It seems like it's just the two machines that won't talk. Which is mad. I've been doing some LAN housekeeping and it's like living in a house with two angry children who refuse to speak to each other. I have to keep saving files onto the server's share from one machine so I can pick it up with the other.

Edited by Andrue (Sun 21-Jan-18 13:43:35)

I don't like your network though, you will be pushing large amounts through the router unnecessarily. I would have designed it with the router going to the switch and then from there to the Server, WAP and wired devices. That leaves just Internet up/down traffic and DHCP requests on the switch to router link.

The only additional connection I may put to the router is a single port to connect a PC if there is a network issue/failure.

In Windows 10 under Network and Sharing Center, do either or both PCs (andrue-laptop2 and andruewfh) show the LAN as Public Network?

This invokes some default firewall rules filtering on incoming PING and on sharing their own services out to the network.
It would not prevent them from acting as clients accessing shares on server1 if its own setting shows it as Private, Domain or Home (which all allow the local subnet by default).

Unfortunately Windows 10 removed the obvious way to change between Public to Private or Home present in Windows 7 but you can try disconnecting from and forgetting the network, then seeing if it asks when it first joins / connects.

But yes if this is to be one flat LAN there are pros in bringing them together on a switch and only passing through the router to and from Internet (or other isolated DMZ or LAN), though not clear-cut until have more devices than router's own switch-chip interfaces (usually 4).

Edited by prlzx (Sun 21-Jan-18 14:35:36)

In reply to a post by MHC:

I don't like your network though, you will be pushing large amounts through the router unnecessarily.

Yeah, I suppose so. But it's mostly browsing on the laptop so that has to go through the router. The desktop is hardly ever powered on. Music and video go through the router which I agree is not ideal but it seems to work well enough. I do have plans to rearrange everything if/when the HG612 fails because the router will have to take on additional DSL duties.

But right now I'm happy enough to leave well enough alone

But I have more information. The desktop has IPv6 access (it runs the TBB speedtester as IPv6) but it times out when it tries to ping google.com. In fact so does my laptop. Only the server can ping it (and the server is configured for IPv6 both for email and as my TBBQM end-point.

Edited by Andrue (Sun 21-Jan-18 14:37:38)

There may be additional factors when concerning traffic to/from Internet, I would say sort out the LAN communication flowing how you need first.

Is your local DNS resolution good for local devices (are they receiving a valid local DNS server over v4 and v6)?

Oh also, since the opening up of TLDs, anyone could register .gateway at some future time.

You might want to switch to either .lan or .intranet (and hope they always reject applications for that) or .lan.yourowndomain (where yourowndomain is something you already own / have registered). Currently there is no TLD guaranteed reserved for private networks, other than .local which is reserved for mDNS and not allowed for unicast DNS servers.

In reply to a post by prlzx:

There may be additional factors when concerning traffic to/from Internet, I would say sort out the LAN communication flowing how you need first.

Oh sure, I was just adding that as additional information. I know that IPv6 is working for all LAN hosts so not being able to ping IPV6 destinations on the WAN is of no real importance.

Is your local DNS resolution good for local devices (are they receiving a valid local DNS server over v4 and v6)?

The addresses for both IPv4 and IPv6 agree with what the machines think and what the router thinks. They just don't always work :-/

Oh also, since the opening up of TLDs, anyone could register .gateway at some future time.

Best to tell Microsoft that then. That appears to be the suffix for a homegroup. Leastwise I didn't choose it. I've set up a lot of networks for software QA and I know to use .local.

ok back to the first question, do all Windows computers agree they are connected to a Home or Private (or Domain) network rather than Public? (Public is one of the potential problems to eliminate)

They are all set to private and consequently are discoverable. As I mentioned - even the two that won't talk can see each other.

Out of curiosity can they "talk" to each other if you use their IP address rather than their "name"?

I have some answers! What a tangled web...

So here are what I've found so far
* Kaspersky firewall has different settings around ICMP on both the desktop and Laptop. No idea why - just different combinations on each.
* Kaspersky firewall on the server has all ICMP settings at allow.
* Kaspersky firewall was blocking Remote Desktop on the desktop.
I've no idea how any of this came about. I have records and the only mention they make is of disabling the email protection on the server and disabling popup supression the clients because it slows browsing. However the server was upgraded from a previous firewall so Kaspersky might have inherited the settings from that?
But to complicate things further I'd forgotten that in an attempt to stop my Harmony Hub from disconnecting I'd temporarily set my DHCP lease to be several hundred days (it's back to 12 hours now). The desktop was okay because it's used so rarely that it's lease had been renewed. But I had two entries for my laptop in DHCP. Unfortunately it appears that the only way to clear these is to reboot the router and I can't be bothered. I don't need the desktop now so I'll shut it down and chances are that next time I actually want to talk to my laptop the old leases will have expired anyway.

I'm still puzzled why the desktop and laptop won't use IPv6 by default (with the changes to Kaspersky they both ping just fine if forced to). But maybe when the DHCP is sorted out IPv6 will come good as well.

Thanks for all your help, folks - several of your suggestions helped direct my thoughts toward the solution

Yes modern operating systems will use IPv6 by default, but adding anti-malware tools into the mix might change that, if they aren't fully compatible with dual stack (say if IPv6 was bolted on to an existing product rather than a first-class citizen).

The other thing is Happy Eyeballs

I really do not like Kaspersky, it's always had weird buggy issues. From my perspective there is little value in paying for an Antivirus nowadays, just my two cents.