Routing problem Terminal Server

The Network:
Our company has 3 locations. Location A hosts a Domain Controller, Exchange
Server, the Terminal Server and a Proxy/VPN server.
Location B has a Proxy/VPN server which connects only to Location A.
Location C has a VPN server which connects only to Location B.
Clients in location B and C have a static route to the network in Location A.

The Problem:
Clients in Location B and C sometimes lose their connection with RDC to the
Terminal Server in Location A. Restarting their pc doesn't solve the problem.
It is possible from Location A to manage the servers in Location B and C, so
VPN is still working correct (also RRAS doesn't report an error or connection
drop).

What I've find out(!!):
When I remove all the routes on the Terminal Server(in Location A) to
Location B and C, and I add the routes manually on the Terminal Server to the
pc's in Location B and C... then all the users can connect to the Terminal
Server again. If I don't add the users manually, but restart the Terminal
Server everything is ok too. Restarting the VPN server doesn't make a
difference so the problem is really on the Terminal Server.

So, it lookes like something happens to the routing "service" on the
Terminal Server.

What I'd like to know :
1) A solution to the problem
2) Is their a certain service that I can restart when the problem occurs ??
It's not always possible to restart the Terminal Server, and adding 30
routes on the Terminal Server is funny...

Jurrion,
Sound like you already have static routes set up correctly in site A.B and C
VPN servers
Try point the default gateway of the terminal server to your VPN server in
site A. This should eliminate the need for static routes.
Clients in Site B and C should have their gateway pointing to the VPN server
in their site.

You mentioned adding 30 routes you should only have to add 2 to the terminal
server if you cant point the default gateway to your VPN server or are you
being dramatic.
Route to add if site B is 192.168.200.0/24
Route add 192.168.200.0 mask 255.255.255.0 192.168.10.1 -p

Route to add if site C is 192.168.201.0/24
Route add 192.168.201.0 mask 255.255.255.0 192.168.10.1 -p

"Jurrion" wrote:

> The Network:
> Our company has 3 locations. Location A hosts a Domain Controller, Exchange
> Server, the Terminal Server and a Proxy/VPN server.
> Location B has a Proxy/VPN server which connects only to Location A.
> Location C has a VPN server which connects only to Location B.
> Clients in location B and C have a static route to the network in Location A.
>
> The Problem:
> Clients in Location B and C sometimes lose their connection with RDC to the
> Terminal Server in Location A. Restarting their pc doesn't solve the problem.
> It is possible from Location A to manage the servers in Location B and C, so
> VPN is still working correct (also RRAS doesn't report an error or connection
> drop).
>
> What I've find out(!!):
> When I remove all the routes on the Terminal Server(in Location A) to
> Location B and C, and I add the routes manually on the Terminal Server to the
> pc's in Location B and C... then all the users can connect to the Terminal
> Server again. If I don't add the users manually, but restart the Terminal
> Server everything is ok too. Restarting the VPN server doesn't make a
> difference so the problem is really on the Terminal Server.
>
> So, it lookes like something happens to the routing "service" on the
> Terminal Server.
>
> What I'd like to know :
> 1) A solution to the problem
> 2) Is their a certain service that I can restart when the problem occurs ??
> It's not always possible to restart the Terminal Server, and adding 30
> routes on the Terminal Server is funny...

I'm going to set the default gateway on the Terminal Server, it might do the
trick.
It can take about a week to know if it works, because I can't reproduce the
problem (it just happens).

About your routing suggestion:
We do have two static routes on the Terminal Server to Site B and C, but
sometimes the static routes just won't work anymore. The routing table isn't
update automatically anymore.
Example:
Site A has range : 130.13.0.0 subnet 255.255.255.0
Site B has range : 120.100.0.0 subnet 255.255.0.0
Site C has range : 130.13.2.0 subnet 255.255.255.0

The Terminal Server (site A) has 2 static routes, added likes this:
To site B : route add -p 120.100.0.0 mask 255.255.0.0 130.13.0.10 (VPN server)
To site C : route add -p 130.13.2.0 mask 255.255.255.0 130.13.0.10

Clients site B use : route add -p 130.13.0.0 mask 255.255.255.0 120.100.0.10
Clients site C use : route add -p 130.13.0.0 mask 255.255.255.0 130.13.2.10

When a client connects to the Terminal Server than the routing table is
updated.
Example:
When a client from siteB connects, than the following route is added in the
routing table on the Terminal Server : 120.100.0.101 mask 255.255.255.255
130.13.0.10

The problem is that sometimes my routing table won't update itself.
Clients can't connect anymore from Site B And C, and I have to delete all
the routes to site B and C. Even the static routes. Then I have to add 30
routes to the client pc's itself (route add -p 120.100.0.101 mask
255.255.255.255 130.13.0.10), because re-adding the static routes doesn't
work.
When I add everything manually and list the routing table, all the addresses
are seen.

So, the real problem is that the routing table isn't update automatically
anymore...

Any ideas, how to fix that ?


"Wendel Hamilton" wrote:

> Jurrion,
> Sound like you already have static routes set up correctly in site A.B and C
> VPN servers
> Try point the default gateway of the terminal server to your VPN server in
> site A. This should eliminate the need for static routes.
> Clients in Site B and C should have their gateway pointing to the VPN server
> in their site.
>
> You mentioned adding 30 routes you should only have to add 2 to the terminal
> server if you cant point the default gateway to your VPN server or are you
> being dramatic.
> Route to add if site B is 192.168.200.0/24
> Route add 192.168.200.0 mask 255.255.255.0 192.168.10.1 -p
>
> Route to add if site C is 192.168.201.0/24
> Route add 192.168.201.0 mask 255.255.255.0 192.168.10.1 -p
>
> "Jurrion" wrote:
>
> > The Network:
> > Our company has 3 locations. Location A hosts a Domain Controller, Exchange
> > Server, the Terminal Server and a Proxy/VPN server.
> > Location B has a Proxy/VPN server which connects only to Location A.
> > Location C has a VPN server which connects only to Location B.
> > Clients in location B and C have a static route to the network in Location A.
> >
> > The Problem:
> > Clients in Location B and C sometimes lose their connection with RDC to the
> > Terminal Server in Location A. Restarting their pc doesn't solve the problem.
> > It is possible from Location A to manage the servers in Location B and C, so
> > VPN is still working correct (also RRAS doesn't report an error or connection
> > drop).
> >
> > What I've find out(!!):
> > When I remove all the routes on the Terminal Server(in Location A) to
> > Location B and C, and I add the routes manually on the Terminal Server to the
> > pc's in Location B and C... then all the users can connect to the Terminal
> > Server again. If I don't add the users manually, but restart the Terminal
> > Server everything is ok too. Restarting the VPN server doesn't make a
> > difference so the problem is really on the Terminal Server.
> >
> > So, it lookes like something happens to the routing "service" on the
> > Terminal Server.
> >
> > What I'd like to know :
> > 1) A solution to the problem
> > 2) Is their a certain service that I can restart when the problem occurs ??
> > It's not always possible to restart the Terminal Server, and adding 30
> > routes on the Terminal Server is funny...

Jurrion,
When a client connects to the terminal server there should be no additional
routes added. I think this is causing the eventual routing failure.
You already have all the routes you need to connect your TS to any computer.
Try disabling the RIP on the TS.
Also the clients in your remote sites should not need static routes if their
default gateway is the VPN server in their respective sites.
Any reason why they are not?
If you have internet routers in the remote sites then you can add static
routes to them to route traffic back to the VPN server. In most cases it is
unnecessary to configure static routes on any workstations and relatively few
servers.
I hardly ever use static routes or RIP to achieve simular configurations
that you have.

"Jurrion" wrote:

> I'm going to set the default gateway on the Terminal Server, it might do the
> trick.
> It can take about a week to know if it works, because I can't reproduce the
> problem (it just happens).
>
> About your routing suggestion:
> We do have two static routes on the Terminal Server to Site B and C, but
> sometimes the static routes just won't work anymore. The routing table isn't
> update automatically anymore.
> Example:
> Site A has range : 130.13.0.0 subnet 255.255.255.0
> Site B has range : 120.100.0.0 subnet 255.255.0.0
> Site C has range : 130.13.2.0 subnet 255.255.255.0
>
> The Terminal Server (site A) has 2 static routes, added likes this:
> To site B : route add -p 120.100.0.0 mask 255.255.0.0 130.13.0.10 (VPN server)
> To site C : route add -p 130.13.2.0 mask 255.255.255.0 130.13.0.10
>
> Clients site B use : route add -p 130.13.0.0 mask 255.255.255.0 120.100.0.10
> Clients site C use : route add -p 130.13.0.0 mask 255.255.255.0 130.13.2.10
>
> When a client connects to the Terminal Server than the routing table is
> updated.
> Example:
> When a client from siteB connects, than the following route is added in the
> routing table on the Terminal Server : 120.100.0.101 mask 255.255.255.255
> 130.13.0.10
>
> The problem is that sometimes my routing table won't update itself.
> Clients can't connect anymore from Site B And C, and I have to delete all
> the routes to site B and C. Even the static routes. Then I have to add 30
> routes to the client pc's itself (route add -p 120.100.0.101 mask
> 255.255.255.255 130.13.0.10), because re-adding the static routes doesn't
> work.
> When I add everything manually and list the routing table, all the addresses
> are seen.
>
> So, the real problem is that the routing table isn't update automatically
> anymore...
>
> Any ideas, how to fix that ?
>
>
> "Wendel Hamilton" wrote:
>
> > Jurrion,
> > Sound like you already have static routes set up correctly in site A.B and C
> > VPN servers
> > Try point the default gateway of the terminal server to your VPN server in
> > site A. This should eliminate the need for static routes.
> > Clients in Site B and C should have their gateway pointing to the VPN server
> > in their site.
> >
> > You mentioned adding 30 routes you should only have to add 2 to the terminal
> > server if you cant point the default gateway to your VPN server or are you
> > being dramatic.
> > Route to add if site B is 192.168.200.0/24
> > Route add 192.168.200.0 mask 255.255.255.0 192.168.10.1 -p
> >
> > Route to add if site C is 192.168.201.0/24
> > Route add 192.168.201.0 mask 255.255.255.0 192.168.10.1 -p
> >
> > "Jurrion" wrote:
> >
> > > The Network:
> > > Our company has 3 locations. Location A hosts a Domain Controller, Exchange
> > > Server, the Terminal Server and a Proxy/VPN server.
> > > Location B has a Proxy/VPN server which connects only to Location A.
> > > Location C has a VPN server which connects only to Location B.
> > > Clients in location B and C have a static route to the network in Location A.
> > >
> > > The Problem:
> > > Clients in Location B and C sometimes lose their connection with RDC to the
> > > Terminal Server in Location A. Restarting their pc doesn't solve the problem.
> > > It is possible from Location A to manage the servers in Location B and C, so
> > > VPN is still working correct (also RRAS doesn't report an error or connection
> > > drop).
> > >
> > > What I've find out(!!):
> > > When I remove all the routes on the Terminal Server(in Location A) to
> > > Location B and C, and I add the routes manually on the Terminal Server to the
> > > pc's in Location B and C... then all the users can connect to the Terminal
> > > Server again. If I don't add the users manually, but restart the Terminal
> > > Server everything is ok too. Restarting the VPN server doesn't make a
> > > difference so the problem is really on the Terminal Server.
> > >
> > > So, it lookes like something happens to the routing "service" on the
> > > Terminal Server.
> > >
> > > What I'd like to know :
> > > 1) A solution to the problem
> > > 2) Is their a certain service that I can restart when the problem occurs ??
> > > It's not always possible to restart the Terminal Server, and adding 30
> > > routes on the Terminal Server is funny...

Thanks for the advice, we are now using Default Gateways and everything is
still working fine .

"Wendel Hamilton" wrote:

> Jurrion,
> When a client connects to the terminal server there should be no additional
> routes added. I think this is causing the eventual routing failure.
> You already have all the routes you need to connect your TS to any computer.
> Try disabling the RIP on the TS.
> Also the clients in your remote sites should not need static routes if their
> default gateway is the VPN server in their respective sites.
> Any reason why they are not?
> If you have internet routers in the remote sites then you can add static
> routes to them to route traffic back to the VPN server. In most cases it is
> unnecessary to configure static routes on any workstations and relatively few
> servers.
> I hardly ever use static routes or RIP to achieve simular configurations
> that you have.
>
> "Jurrion" wrote:
>
> > I'm going to set the default gateway on the Terminal Server, it might do the
> > trick.
> > It can take about a week to know if it works, because I can't reproduce the
> > problem (it just happens).
> >
> > About your routing suggestion:
> > We do have two static routes on the Terminal Server to Site B and C, but
> > sometimes the static routes just won't work anymore. The routing table isn't
> > update automatically anymore.
> > Example:
> > Site A has range : 130.13.0.0 subnet 255.255.255.0
> > Site B has range : 120.100.0.0 subnet 255.255.0.0
> > Site C has range : 130.13.2.0 subnet 255.255.255.0
> >
> > The Terminal Server (site A) has 2 static routes, added likes this:
> > To site B : route add -p 120.100.0.0 mask 255.255.0.0 130.13.0.10 (VPN server)
> > To site C : route add -p 130.13.2.0 mask 255.255.255.0 130.13.0.10
> >
> > Clients site B use : route add -p 130.13.0.0 mask 255.255.255.0 120.100.0.10
> > Clients site C use : route add -p 130.13.0.0 mask 255.255.255.0 130.13.2.10
> >
> > When a client connects to the Terminal Server than the routing table is
> > updated.
> > Example:
> > When a client from siteB connects, than the following route is added in the
> > routing table on the Terminal Server : 120.100.0.101 mask 255.255.255.255
> > 130.13.0.10
> >
> > The problem is that sometimes my routing table won't update itself.
> > Clients can't connect anymore from Site B And C, and I have to delete all
> > the routes to site B and C. Even the static routes. Then I have to add 30
> > routes to the client pc's itself (route add -p 120.100.0.101 mask
> > 255.255.255.255 130.13.0.10), because re-adding the static routes doesn't
> > work.
> > When I add everything manually and list the routing table, all the addresses
> > are seen.
> >
> > So, the real problem is that the routing table isn't update automatically
> > anymore...
> >
> > Any ideas, how to fix that ?
> >
> >
> > "Wendel Hamilton" wrote:
> >
> > > Jurrion,
> > > Sound like you already have static routes set up correctly in site A.B and C
> > > VPN servers
> > > Try point the default gateway of the terminal server to your VPN server in
> > > site A. This should eliminate the need for static routes.
> > > Clients in Site B and C should have their gateway pointing to the VPN server
> > > in their site.
> > >
> > > You mentioned adding 30 routes you should only have to add 2 to the terminal
> > > server if you cant point the default gateway to your VPN server or are you
> > > being dramatic.
> > > Route to add if site B is 192.168.200.0/24
> > > Route add 192.168.200.0 mask 255.255.255.0 192.168.10.1 -p
> > >
> > > Route to add if site C is 192.168.201.0/24
> > > Route add 192.168.201.0 mask 255.255.255.0 192.168.10.1 -p
> > >
> > > "Jurrion" wrote:
> > >
> > > > The Network:
> > > > Our company has 3 locations. Location A hosts a Domain Controller, Exchange
> > > > Server, the Terminal Server and a Proxy/VPN server.
> > > > Location B has a Proxy/VPN server which connects only to Location A.
> > > > Location C has a VPN server which connects only to Location B.
> > > > Clients in location B and C have a static route to the network in Location A.
> > > >
> > > > The Problem:
> > > > Clients in Location B and C sometimes lose their connection with RDC to the
> > > > Terminal Server in Location A. Restarting their pc doesn't solve the problem.
> > > > It is possible from Location A to manage the servers in Location B and C, so
> > > > VPN is still working correct (also RRAS doesn't report an error or connection
> > > > drop).
> > > >
> > > > What I've find out(!!):
> > > > When I remove all the routes on the Terminal Server(in Location A) to
> > > > Location B and C, and I add the routes manually on the Terminal Server to the
> > > > pc's in Location B and C... then all the users can connect to the Terminal
> > > > Server again. If I don't add the users manually, but restart the Terminal
> > > > Server everything is ok too. Restarting the VPN server doesn't make a
> > > > difference so the problem is really on the Terminal Server.
> > > >
> > > > So, it lookes like something happens to the routing "service" on the
> > > > Terminal Server.
> > > >
> > > > What I'd like to know :
> > > > 1) A solution to the problem
> > > > 2) Is their a certain service that I can restart when the problem occurs ??
> > > > It's not always possible to restart the Terminal Server, and adding 30
> > > > routes on the Terminal Server is funny...

We have received a special hotfix from Microsoft to fix this problem: KB901150.

"Jurrion" wrote:

> The Network:
> Our company has 3 locations. Location A hosts a Domain Controller, Exchange
> Server, the Terminal Server and a Proxy/VPN server.
> Location B has a Proxy/VPN server which connects only to Location A.
> Location C has a VPN server which connects only to Location B.
> Clients in location B and C have a static route to the network in Location A.
>
> The Problem:
> Clients in Location B and C sometimes lose their connection with RDC to the
> Terminal Server in Location A. Restarting their pc doesn't solve the problem.
> It is possible from Location A to manage the servers in Location B and C, so
> VPN is still working correct (also RRAS doesn't report an error or connection
> drop).
>
> What I've find out(!!):
> When I remove all the routes on the Terminal Server(in Location A) to
> Location B and C, and I add the routes manually on the Terminal Server to the
> pc's in Location B and C... then all the users can connect to the Terminal
> Server again. If I don't add the users manually, but restart the Terminal
> Server everything is ok too. Restarting the VPN server doesn't make a
> difference so the problem is really on the Terminal Server.
>
> So, it lookes like something happens to the routing "service" on the
> Terminal Server.
>
> What I'd like to know :
> 1) A solution to the problem
> 2) Is their a certain service that I can restart when the problem occurs ??
> It's not always possible to restart the Terminal Server, and adding 30
> routes on the Terminal Server is funny...