Browsing issues with windows 2003 Enterprise server and multiple NIC's

Hi,

We are experiencing a very wierd issue with Windows 2003 Enterprise
server.
Originally we had a windows 2000 server and this gave us no issues
what so
ever. It takes a while to explain so bear with me.

We have the following setup. We wish to communicate from a website on
Windows 2003 Enterprise server to a samba share on a SCO Openserver
5.0.6
unix box. the version of samba is 2.2.8a compiled in house. The
website
pulls live stock information from the unix box each time a customer
places
an order, and connects to the unix server to authorise credit card
payments.this is achieved by use of UNC paths to point at the relevent
shared folders on the unix server.

The network configuration on the unix server is as follows

192.168.0.241/24 10/100 Local network for
administration

192.168.10.241/24 10/100 ASP client network

192.168.11.241/24 Fibre network for link to
websites and
data backups

The deafult gateway is setup as 192.168.0.1, this happens to be the
internal address of our Firewall. The firewall is a Watchguard
firebox III
1000. Configured with all three interfaces on a public IP address and
using
NAT for the private subnets.

Originally we had linked to this server a Windows 2000 server
configured as
follows

192.168.0.254/24 10/100 Local network for
administration

192.168.11.254/24 Fibre network for link from
websites
and data backups

X.X.X.254 Public ip address for web
access

The default gateway for this server is 192.168.0.1. There is an entry
in
winnt/system32/drivers/etc/hosts that points to the
192.168.11.241 address of the unix server. On this box all requests
from the
website to the unix server are made using UNC paths, the host name of
the
unix server matching the entry in the local hosts file.All connections
work
as they should, through the fibre network. All well and good. We now
reach
the problem. We are attempting to upgrade the server to Windows 2003
Enterprise.

the server is configured in a very similar way to the Windows 2000
server.

192.168.0.250/24 10/100 Local network for
administration

192.168.11.250/24 Fibre network for link from
websites
and data backups

X.X.X.254 Public ip address for web
access



The default gateway was originally 192.168.0.1. There is an entry in
winnt/system32/drivers/etc/hosts that points to the
192.168.11.241 address of the unix server. This is exactly the same
as for
the Windows 2000 server.

Connections from this server choose any interface on the windows
server to
make the connection, chosen randomly from all three available
interfaces.
This rapidly became apparant as we restricted the shares on the unix
box to
be only available on the 192.168.11.0/24 subnet. We were seeing a
large
number of errors from the website saying it was unable to communicate
with
the unix server. As soon as we enabled the samba share on the
192.168.0.0/24 subnet then all the error messages went away. the
problem is
that we need to restrict the traffic between the website and the unix
server
to the 192.168.11.0/24 subnet.

In order to try and achieve this we have carried out the following
changes
to the networking configuration on the Windows 2003 server.

1. We have changed the default gateway of the Windows Server to
192.168.11.1
2. We have changed the bind order of the network cards to place the
fibre
card as the first card.
3. We have entered manual metrics, assigning 1 to the fibre card and
20 to
the other 2 cards.
4. We have added a persistant static route to the unix server through
the
fibre interface card.
5. We have removed the NetBios configuration from the two networks we
do not
want to use.


None of this makes any difference. The windows server still randomly
selects an interface to connect through. We have tried re-installing
the
operating system on another server, just in case there was an issue
with the
hardware, but this produces the same results.



Any ideas on what is necessary to try to fix this would be appreciated


Spencer Clark
System Support Manager

The Windows server should not have a default gateway configured on either
LAN NIC. Its only default route should be out to the Internet, so that it
can send replies to its web clients. Communication on the 192.168 subnets
doesn't require any routes, because the server has an interface in each
subnet and traffic goes "on the wire". This has priority over any route.

Changing thr route metrics won't really make any difference in this
case. It only has an effect if there is an alternate route to the IP address
in use. If the machine has a packet for a 192.168.0 address it will use its
192.168.0 interface, and ditto for the other subnet. So if it is using both
routes, the name of the Unix server must resolve to both IP numbers.

If Netbios over TCP/IP is disabled and the host file only contains the
192.168.11 address, the problem is how does it resolve the name to a
192.168.0 address? Do you have a local DNS server running on the 192.168.0
subnet?

"Spencer Clark" <msdn@exact3ex_removethis.co.uk> wrote in message
news:(E-Mail Removed)...
> Hi,
>
> We are experiencing a very wierd issue with Windows 2003 Enterprise
> server.
> Originally we had a windows 2000 server and this gave us no issues
> what so
> ever. It takes a while to explain so bear with me.
>
> We have the following setup. We wish to communicate from a website on
> Windows 2003 Enterprise server to a samba share on a SCO Openserver
> 5.0.6
> unix box. the version of samba is 2.2.8a compiled in house. The
> website
> pulls live stock information from the unix box each time a customer
> places
> an order, and connects to the unix server to authorise credit card
> payments.this is achieved by use of UNC paths to point at the relevent
> shared folders on the unix server.
>
> The network configuration on the unix server is as follows
>
> 192.168.0.241/24 10/100 Local network for
> administration
>
> 192.168.10.241/24 10/100 ASP client network
>
> 192.168.11.241/24 Fibre network for link to
> websites and
> data backups
>
> The deafult gateway is setup as 192.168.0.1, this happens to be the
> internal address of our Firewall. The firewall is a Watchguard
> firebox III
> 1000. Configured with all three interfaces on a public IP address and
> using
> NAT for the private subnets.
>
> Originally we had linked to this server a Windows 2000 server
> configured as
> follows
>
> 192.168.0.254/24 10/100 Local network for
> administration
>
> 192.168.11.254/24 Fibre network for link from
> websites
> and data backups
>
> X.X.X.254 Public ip address for web
> access
>
> The default gateway for this server is 192.168.0.1. There is an entry
> in
> winnt/system32/drivers/etc/hosts that points to the
> 192.168.11.241 address of the unix server. On this box all requests
> from the
> website to the unix server are made using UNC paths, the host name of
> the
> unix server matching the entry in the local hosts file.All connections
> work
> as they should, through the fibre network. All well and good. We now
> reach
> the problem. We are attempting to upgrade the server to Windows 2003
> Enterprise.
>
> the server is configured in a very similar way to the Windows 2000
> server.
>
> 192.168.0.250/24 10/100 Local network for
> administration
>
> 192.168.11.250/24 Fibre network for link from
> websites
> and data backups
>
> X.X.X.254 Public ip address for web
> access
>
>
>
> The default gateway was originally 192.168.0.1. There is an entry in
> winnt/system32/drivers/etc/hosts that points to the
> 192.168.11.241 address of the unix server. This is exactly the same
> as for
> the Windows 2000 server.
>
> Connections from this server choose any interface on the windows
> server to
> make the connection, chosen randomly from all three available
> interfaces.
> This rapidly became apparant as we restricted the shares on the unix
> box to
> be only available on the 192.168.11.0/24 subnet. We were seeing a
> large
> number of errors from the website saying it was unable to communicate
> with
> the unix server. As soon as we enabled the samba share on the
> 192.168.0.0/24 subnet then all the error messages went away. the
> problem is
> that we need to restrict the traffic between the website and the unix
> server
> to the 192.168.11.0/24 subnet.
>
> In order to try and achieve this we have carried out the following
> changes
> to the networking configuration on the Windows 2003 server.
>
> 1. We have changed the default gateway of the Windows Server to
> 192.168.11.1
> 2. We have changed the bind order of the network cards to place the
> fibre
> card as the first card.
> 3. We have entered manual metrics, assigning 1 to the fibre card and
> 20 to
> the other 2 cards.
> 4. We have added a persistant static route to the unix server through
> the
> fibre interface card.
> 5. We have removed the NetBios configuration from the two networks we
> do not
> want to use.
>
>
> None of this makes any difference. The windows server still randomly
> selects an interface to connect through. We have tried re-installing
> the
> operating system on another server, just in case there was an issue
> with the
> hardware, but this produces the same results.
>
>
>
> Any ideas on what is necessary to try to fix this would be appreciated
>
>
> Spencer Clark
> System Support Manager
>

Hi,

thanks for the response.

I have re configured the system as you mention, and ensured that the
internal DNS server only has an entry for the unix server on the
192,.168.11.0/24 subnet. this has made no difference. If i telnet or
ping the server by name it wll always use the correct address. If I
coonect through either internet explorer or use the net use command
then connections are still made randomly thorough any of the
interfaces on the ?Windows server. Very puzzling


Spencer
On Wed, 9 Jun 2004 15:41:32 +1000, "Bill Grant" <not.available@online>
wrote:

> The Windows server should not have a default gateway configured on either
>LAN NIC. Its only default route should be out to the Internet, so that it
>can send replies to its web clients. Communication on the 192.168 subnets
>doesn't require any routes, because the server has an interface in each
>subnet and traffic goes "on the wire". This has priority over any route.
>
> Changing thr route metrics won't really make any difference in this
>case. It only has an effect if there is an alternate route to the IP address
>in use. If the machine has a packet for a 192.168.0 address it will use its
>192.168.0 interface, and ditto for the other subnet. So if it is using both
>routes, the name of the Unix server must resolve to both IP numbers.
>
> If Netbios over TCP/IP is disabled and the host file only contains the
>192.168.11 address, the problem is how does it resolve the name to a
>192.168.0 address? Do you have a local DNS server running on the 192.168.0
>subnet?
>
>"Spencer Clark" <msdn@exact3ex_removethis.co.uk> wrote in message
>news:(E-Mail Removed).. .
>> Hi,
>>
>> We are experiencing a very wierd issue with Windows 2003 Enterprise
>> server.
>> Originally we had a windows 2000 server and this gave us no issues
>> what so
>> ever. It takes a while to explain so bear with me.
>>
>> We have the following setup. We wish to communicate from a website on
>> Windows 2003 Enterprise server to a samba share on a SCO Openserver
>> 5.0.6
>> unix box. the version of samba is 2.2.8a compiled in house. The
>> website
>> pulls live stock information from the unix box each time a customer
>> places
>> an order, and connects to the unix server to authorise credit card
>> payments.this is achieved by use of UNC paths to point at the relevent
>> shared folders on the unix server.
>>
>> The network configuration on the unix server is as follows
>>
>> 192.168.0.241/24 10/100 Local network for
>> administration
>>
>> 192.168.10.241/24 10/100 ASP client network
>>
>> 192.168.11.241/24 Fibre network for link to
>> websites and
>> data backups
>>
>> The deafult gateway is setup as 192.168.0.1, this happens to be the
>> internal address of our Firewall. The firewall is a Watchguard
>> firebox III
>> 1000. Configured with all three interfaces on a public IP address and
>> using
>> NAT for the private subnets.
>>
>> Originally we had linked to this server a Windows 2000 server
>> configured as
>> follows
>>
>> 192.168.0.254/24 10/100 Local network for
>> administration
>>
>> 192.168.11.254/24 Fibre network for link from
>> websites
>> and data backups
>>
>> X.X.X.254 Public ip address for web
>> access
>>
>> The default gateway for this server is 192.168.0.1. There is an entry
>> in
>> winnt/system32/drivers/etc/hosts that points to the
>> 192.168.11.241 address of the unix server. On this box all requests
>> from the
>> website to the unix server are made using UNC paths, the host name of
>> the
>> unix server matching the entry in the local hosts file.All connections
>> work
>> as they should, through the fibre network. All well and good. We now
>> reach
>> the problem. We are attempting to upgrade the server to Windows 2003
>> Enterprise.
>>
>> the server is configured in a very similar way to the Windows 2000
>> server.
>>
>> 192.168.0.250/24 10/100 Local network for
>> administration
>>
>> 192.168.11.250/24 Fibre network for link from
>> websites
>> and data backups
>>
>> X.X.X.254 Public ip address for web
>> access
>>
>>
>>
>> The default gateway was originally 192.168.0.1. There is an entry in
>> winnt/system32/drivers/etc/hosts that points to the
>> 192.168.11.241 address of the unix server. This is exactly the same
>> as for
>> the Windows 2000 server.
>>
>> Connections from this server choose any interface on the windows
>> server to
>> make the connection, chosen randomly from all three available
>> interfaces.
>> This rapidly became apparant as we restricted the shares on the unix
>> box to
>> be only available on the 192.168.11.0/24 subnet. We were seeing a
>> large
>> number of errors from the website saying it was unable to communicate
>> with
>> the unix server. As soon as we enabled the samba share on the
>> 192.168.0.0/24 subnet then all the error messages went away. the
>> problem is
>> that we need to restrict the traffic between the website and the unix
>> server
>> to the 192.168.11.0/24 subnet.
>>
>> In order to try and achieve this we have carried out the following
>> changes
>> to the networking configuration on the Windows 2003 server.
>>
>> 1. We have changed the default gateway of the Windows Server to
>> 192.168.11.1
>> 2. We have changed the bind order of the network cards to place the
>> fibre
>> card as the first card.
>> 3. We have entered manual metrics, assigning 1 to the fibre card and
>> 20 to
>> the other 2 cards.
>> 4. We have added a persistant static route to the unix server through
>> the
>> fibre interface card.
>> 5. We have removed the NetBios configuration from the two networks we
>> do not
>> want to use.
>>
>>
>> None of this makes any difference. The windows server still randomly
>> selects an interface to connect through. We have tried re-installing
>> the
>> operating system on another server, just in case there was an issue
>> with the
>> hardware, but this produces the same results.
>>
>>
>>
>> Any ideas on what is necessary to try to fix this would be appreciated
>>
>>
>> Spencer Clark
>> System Support Manager
>>
>

I agree, it's odd. Sounds suspiciously like Netbios name resolution. I
guess you have checked with nbtstat. You may have to monitor the network
traffic to see exactly what is happening.

"Spencer Clark" <msdn@exact3ex_removethis.co.uk> wrote in message
news:(E-Mail Removed)...
>
>
> Hi,
>
> thanks for the response.
>
> I have re configured the system as you mention, and ensured that the
> internal DNS server only has an entry for the unix server on the
> 192,.168.11.0/24 subnet. this has made no difference. If i telnet or
> ping the server by name it wll always use the correct address. If I
> coonect through either internet explorer or use the net use command
> then connections are still made randomly thorough any of the
> interfaces on the ?Windows server. Very puzzling
>
>
> Spencer
> On Wed, 9 Jun 2004 15:41:32 +1000, "Bill Grant" <not.available@online>
> wrote:
>
> > The Windows server should not have a default gateway configured on
either
> >LAN NIC. Its only default route should be out to the Internet, so that it
> >can send replies to its web clients. Communication on the 192.168 subnets
> >doesn't require any routes, because the server has an interface in each
> >subnet and traffic goes "on the wire". This has priority over any route.
> >
> > Changing thr route metrics won't really make any difference in this
> >case. It only has an effect if there is an alternate route to the IP
address
> >in use. If the machine has a packet for a 192.168.0 address it will use
its
> >192.168.0 interface, and ditto for the other subnet. So if it is using
both
> >routes, the name of the Unix server must resolve to both IP numbers.
> >
> > If Netbios over TCP/IP is disabled and the host file only contains
the
> >192.168.11 address, the problem is how does it resolve the name to a
> >192.168.0 address? Do you have a local DNS server running on the
192.168.0
> >subnet?
> >
> >"Spencer Clark" <msdn@exact3ex_removethis.co.uk> wrote in message
> >news:(E-Mail Removed).. .
> >> Hi,
> >>
> >> We are experiencing a very wierd issue with Windows 2003 Enterprise
> >> server.
> >> Originally we had a windows 2000 server and this gave us no issues
> >> what so
> >> ever. It takes a while to explain so bear with me.
> >>
> >> We have the following setup. We wish to communicate from a website on
> >> Windows 2003 Enterprise server to a samba share on a SCO Openserver
> >> 5.0.6
> >> unix box. the version of samba is 2.2.8a compiled in house. The
> >> website
> >> pulls live stock information from the unix box each time a customer
> >> places
> >> an order, and connects to the unix server to authorise credit card
> >> payments.this is achieved by use of UNC paths to point at the relevent
> >> shared folders on the unix server.
> >>
> >> The network configuration on the unix server is as follows
> >>
> >> 192.168.0.241/24 10/100 Local network for
> >> administration
> >>
> >> 192.168.10.241/24 10/100 ASP client network
> >>
> >> 192.168.11.241/24 Fibre network for link to
> >> websites and
> >> data backups
> >>
> >> The deafult gateway is setup as 192.168.0.1, this happens to be the
> >> internal address of our Firewall. The firewall is a Watchguard
> >> firebox III
> >> 1000. Configured with all three interfaces on a public IP address and
> >> using
> >> NAT for the private subnets.
> >>
> >> Originally we had linked to this server a Windows 2000 server
> >> configured as
> >> follows
> >>
> >> 192.168.0.254/24 10/100 Local network for
> >> administration
> >>
> >> 192.168.11.254/24 Fibre network for link from
> >> websites
> >> and data backups
> >>
> >> X.X.X.254 Public ip address for web
> >> access
> >>
> >> The default gateway for this server is 192.168.0.1. There is an entry
> >> in
> >> winnt/system32/drivers/etc/hosts that points to the
> >> 192.168.11.241 address of the unix server. On this box all requests
> >> from the
> >> website to the unix server are made using UNC paths, the host name of
> >> the
> >> unix server matching the entry in the local hosts file.All connections
> >> work
> >> as they should, through the fibre network. All well and good. We now
> >> reach
> >> the problem. We are attempting to upgrade the server to Windows 2003
> >> Enterprise.
> >>
> >> the server is configured in a very similar way to the Windows 2000
> >> server.
> >>
> >> 192.168.0.250/24 10/100 Local network for
> >> administration
> >>
> >> 192.168.11.250/24 Fibre network for link from
> >> websites
> >> and data backups
> >>
> >> X.X.X.254 Public ip address for web
> >> access
> >>
> >>
> >>
> >> The default gateway was originally 192.168.0.1. There is an entry in
> >> winnt/system32/drivers/etc/hosts that points to the
> >> 192.168.11.241 address of the unix server. This is exactly the same
> >> as for
> >> the Windows 2000 server.
> >>
> >> Connections from this server choose any interface on the windows
> >> server to
> >> make the connection, chosen randomly from all three available
> >> interfaces.
> >> This rapidly became apparant as we restricted the shares on the unix
> >> box to
> >> be only available on the 192.168.11.0/24 subnet. We were seeing a
> >> large
> >> number of errors from the website saying it was unable to communicate
> >> with
> >> the unix server. As soon as we enabled the samba share on the
> >> 192.168.0.0/24 subnet then all the error messages went away. the
> >> problem is
> >> that we need to restrict the traffic between the website and the unix
> >> server
> >> to the 192.168.11.0/24 subnet.
> >>
> >> In order to try and achieve this we have carried out the following
> >> changes
> >> to the networking configuration on the Windows 2003 server.
> >>
> >> 1. We have changed the default gateway of the Windows Server to
> >> 192.168.11.1
> >> 2. We have changed the bind order of the network cards to place the
> >> fibre
> >> card as the first card.
> >> 3. We have entered manual metrics, assigning 1 to the fibre card and
> >> 20 to
> >> the other 2 cards.
> >> 4. We have added a persistant static route to the unix server through
> >> the
> >> fibre interface card.
> >> 5. We have removed the NetBios configuration from the two networks we
> >> do not
> >> want to use.
> >>
> >>
> >> None of this makes any difference. The windows server still randomly
> >> selects an interface to connect through. We have tried re-installing
> >> the
> >> operating system on another server, just in case there was an issue
> >> with the
> >> hardware, but this produces the same results.
> >>
> >>
> >>
> >> Any ideas on what is necessary to try to fix this would be appreciated
> >>
> >>
> >> Spencer Clark
> >> System Support Manager
> >>
> >
>