Routing Table Issue

Dear MS Support Engineer:

This is a re-post of a previous discussion. Unfortunately for me, I did not
have my profile setup correctly beforehand. Therefore, you did not know to
respond. I would appreciate your advice in this issue:

My client has Windows Server 2003 R2 Standard Edition SP2. It has two NICs
installed. 192.168.10.x is to an internal network. 192.168.20.x is only
attached to a firewall and the Internet. The metrics are supposed to give
priority to
192.168.20.x, but it isn't working out that way. I have written a bat file
for modifying the routing table, but it isn't working.

I have including a portion of the routing table below immediately following
a restart of the server:
ctive Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.10.254 192.168.10.2 10
0.0.0.0 0.0.0.0 192.168.20.254 192.168.20.5 10
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.10.0 255.255.255.0 192.168.10.2 192.168.10.2 10
192.168.10.2 255.255.255.255 127.0.0.1 127.0.0.1 10
192.168.10.255 255.255.255.255 192.168.10.2 192.168.10.2 10
192.168.20.0 255.255.255.0 192.168.20.5 192.168.20.5 10
192.168.20.5 255.255.255.255 127.0.0.1 127.0.0.1 10
192.168.20.255 255.255.255.255 192.168.20.5 192.168.20.5 10
224.0.0.0 240.0.0.0 192.168.10.2 192.168.10.2 10
224.0.0.0 240.0.0.0 192.168.20.5 192.168.20.5 10
255.255.255.255 255.255.255.255 192.168.10.2 192.168.10.2 1
255.255.255.255 255.255.255.255 192.168.20.5 192.168.20.5 1
Default Gateway: 192.168.10.254

The .bat file I use to modify the routing table is as follows. It is run
every time the system restarts:
route change 0.0.0.0 Mask 0.0.0.0 192.168.20.254 Metric 10 IF 0x10004
route change 0.0.0.0 Mask 0.0.0.0 192.168.10.254 Metric 20 IF 0x10003

When I run the bat file manually, it does not change the routing table
metrics.

If the server is left alone, a user is able to access the server via the
external address. The router forwards all traffic to 192.168.20.x. A full TCP
session is established and sustained. However, after a few days, the routing
table changes as follows:
================================================== =========================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.10.254 192.168.10.2 10
0.0.0.0 0.0.0.0 192.168.20.254 192.168.20.5 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.10.0 255.255.255.0 192.168.10.2 192.168.10.2 10
192.168.10.2 255.255.255.255 127.0.0.1 127.0.0.1 10
192.168.10.255 255.255.255.255 192.168.10.2 192.168.10.2 10
192.168.20.0 255.255.255.0 192.168.20.5 192.168.20.5 20
192.168.20.5 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.20.255 255.255.255.255 192.168.20.5 192.168.20.5 20
224.0.0.0 240.0.0.0 192.168.10.2 192.168.10.2 10
224.0.0.0 240.0.0.0 192.168.20.5 192.168.20.5 20
255.255.255.255 255.255.255.255 192.168.10.2 192.168.10.2 1
255.255.255.255 255.255.255.255 192.168.20.5 192.168.20.5 1
Default Gateway: 192.168.10.254

This issue was addressed more than a year ago and for reasons unknown to me,
the problem has returned.

I did notice that the default gateway is the 192.168.10.x network, not the
192.168.20.x network. Is that part of the problem?

Can you advise me how I can fix this issue?

Thanks.

Hello DHK,

You should avoid multihoming a server, as you did. The easiest way is to
use one NIC from the server and connect all machine to the same switch. There
connect also the firewall and use that as the DG for all machines, so the
netwrok is secured from the firewall and you ahve no communication problem.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> Dear MS Support Engineer:
>
> This is a re-post of a previous discussion. Unfortunately for me, I
> did not have my profile setup correctly beforehand. Therefore, you did
> not know to respond. I would appreciate your advice in this issue:
>
> My client has Windows Server 2003 R2 Standard Edition SP2. It has two
> NICs installed. 192.168.10.x is to an internal network. 192.168.20.x
> is only attached to a firewall and the Internet. The metrics are
> supposed to give priority to 192.168.20.x, but it isn't working out
> that way. I have written a bat file for modifying the routing table,
> but it isn't working.
>
> I have including a portion of the routing table below immediately
> following
> a restart of the server:
> ctive Routes:
> Network Destination Netmask Gateway Interface
> Metric
> 0.0.0.0 0.0.0.0 192.168.10.254 192.168.10.2
> 10
> 0.0.0.0 0.0.0.0 192.168.20.254 192.168.20.5
> 10
> 127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1
> 1
> 192.168.10.0 255.255.255.0 192.168.10.2 192.168.10.2
> 10
> 192.168.10.2 255.255.255.255 127.0.0.1 127.0.0.1
> 10
> 192.168.10.255 255.255.255.255 192.168.10.2 192.168.10.2
> 10
> 192.168.20.0 255.255.255.0 192.168.20.5 192.168.20.5
> 10
> 192.168.20.5 255.255.255.255 127.0.0.1 127.0.0.1
> 10
> 192.168.20.255 255.255.255.255 192.168.20.5 192.168.20.5
> 10
> 224.0.0.0 240.0.0.0 192.168.10.2 192.168.10.2
> 10
> 224.0.0.0 240.0.0.0 192.168.20.5 192.168.20.5
> 10
> 255.255.255.255 255.255.255.255 192.168.10.2 192.168.10.2
> 1
> 255.255.255.255 255.255.255.255 192.168.20.5 192.168.20.5
> 1
> Default Gateway: 192.168.10.254
> The .bat file I use to modify the routing table is as follows. It is
> run
> every time the system restarts:
> route change 0.0.0.0 Mask 0.0.0.0 192.168.20.254 Metric 10 IF 0x10004
> route change 0.0.0.0 Mask 0.0.0.0 192.168.10.254 Metric 20 IF 0x10003
> When I run the bat file manually, it does not change the routing table
> metrics.
>
> If the server is left alone, a user is able to access the server via
> the
> external address. The router forwards all traffic to 192.168.20.x. A
> full TCP
> session is established and sustained. However, after a few days, the
> routing
> table changes as follows:
> ================================================== ====================
> =====
> Active Routes:
> Network Destination Netmask Gateway Interface
> Metric
> 0.0.0.0 0.0.0.0 192.168.10.254 192.168.10.2
> 10
> 0.0.0.0 0.0.0.0 192.168.20.254 192.168.20.5
> 20
> 127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1
> 1
> 192.168.10.0 255.255.255.0 192.168.10.2 192.168.10.2
> 10
> 192.168.10.2 255.255.255.255 127.0.0.1 127.0.0.1
> 10
> 192.168.10.255 255.255.255.255 192.168.10.2 192.168.10.2
> 10
> 192.168.20.0 255.255.255.0 192.168.20.5 192.168.20.5
> 20
> 192.168.20.5 255.255.255.255 127.0.0.1 127.0.0.1
> 20
> 192.168.20.255 255.255.255.255 192.168.20.5 192.168.20.5
> 20
> 224.0.0.0 240.0.0.0 192.168.10.2 192.168.10.2
> 10
> 224.0.0.0 240.0.0.0 192.168.20.5 192.168.20.5
> 20
> 255.255.255.255 255.255.255.255 192.168.10.2 192.168.10.2
> 1
> 255.255.255.255 255.255.255.255 192.168.20.5 192.168.20.5
> 1
> Default Gateway: 192.168.10.254
> This issue was addressed more than a year ago and for reasons unknown
> to me, the problem has returned.
>
> I did notice that the default gateway is the 192.168.10.x network, not
> the 192.168.20.x network. Is that part of the problem?
>
> Can you advise me how I can fix this issue?
>
> Thanks.
>

"DHK" <(E-Mail Removed)> wrote in message
news:7F699A94-787C-46A5-9C54-(E-Mail Removed)...
> Dear MS Support Engineer:
>
> This is a re-post of a previous discussion. Unfortunately for me, I did
> not
> have my profile setup correctly beforehand. Therefore, you did not know to
> respond. I would appreciate your advice in this issue:
>
> My client has Windows Server 2003 R2 Standard Edition SP2. It has two
> NICs
> installed. 192.168.10.x is to an internal network. 192.168.20.x is only
> attached to a firewall and the Internet. The metrics are supposed to give
> priority to
> 192.168.20.x, but it isn't working out that way. I have written a bat file
> for modifying the routing table, but it isn't working.
>
> I have including a portion of the routing table below immediately
> following
> a restart of the server:
> ctive Routes:
> Network Destination Netmask Gateway Interface
> Metric
> 0.0.0.0 0.0.0.0 192.168.10.254 192.168.10.2 10
> 0.0.0.0 0.0.0.0 192.168.20.254 192.168.20.5 10
> 127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
> 192.168.10.0 255.255.255.0 192.168.10.2 192.168.10.2 10
> 192.168.10.2 255.255.255.255 127.0.0.1 127.0.0.1 10
> 192.168.10.255 255.255.255.255 192.168.10.2 192.168.10.2 10
> 192.168.20.0 255.255.255.0 192.168.20.5 192.168.20.5 10
> 192.168.20.5 255.255.255.255 127.0.0.1 127.0.0.1 10
> 192.168.20.255 255.255.255.255 192.168.20.5 192.168.20.5 10
> 224.0.0.0 240.0.0.0 192.168.10.2 192.168.10.2 10
> 224.0.0.0 240.0.0.0 192.168.20.5 192.168.20.5 10
> 255.255.255.255 255.255.255.255 192.168.10.2 192.168.10.2 1
> 255.255.255.255 255.255.255.255 192.168.20.5 192.168.20.5 1
> Default Gateway: 192.168.10.254
>
> The .bat file I use to modify the routing table is as follows. It is run
> every time the system restarts:
> route change 0.0.0.0 Mask 0.0.0.0 192.168.20.254 Metric 10 IF 0x10004
> route change 0.0.0.0 Mask 0.0.0.0 192.168.10.254 Metric 20 IF 0x10003
>
> When I run the bat file manually, it does not change the routing table
> metrics.
>
> If the server is left alone, a user is able to access the server via the
> external address. The router forwards all traffic to 192.168.20.x. A full
> TCP
> session is established and sustained. However, after a few days, the
> routing
> table changes as follows:
> ================================================== =========================
> Active Routes:
> Network Destination Netmask Gateway Interface
> Metric
> 0.0.0.0 0.0.0.0 192.168.10.254 192.168.10.2 10
> 0.0.0.0 0.0.0.0 192.168.20.254 192.168.20.5 20
> 127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
> 192.168.10.0 255.255.255.0 192.168.10.2 192.168.10.2 10
> 192.168.10.2 255.255.255.255 127.0.0.1 127.0.0.1 10
> 192.168.10.255 255.255.255.255 192.168.10.2 192.168.10.2 10
> 192.168.20.0 255.255.255.0 192.168.20.5 192.168.20.5 20
> 192.168.20.5 255.255.255.255 127.0.0.1 127.0.0.1 20
> 192.168.20.255 255.255.255.255 192.168.20.5 192.168.20.5 20
> 224.0.0.0 240.0.0.0 192.168.10.2 192.168.10.2 10
> 224.0.0.0 240.0.0.0 192.168.20.5 192.168.20.5 20
> 255.255.255.255 255.255.255.255 192.168.10.2 192.168.10.2 1
> 255.255.255.255 255.255.255.255 192.168.20.5 192.168.20.5 1
> Default Gateway: 192.168.10.254
>
> This issue was addressed more than a year ago and for reasons unknown to
> me,
> the problem has returned.
>
> I did notice that the default gateway is the 192.168.10.x network, not the
> 192.168.20.x network. Is that part of the problem?
>
> Can you advise me how I can fix this issue?
>
> Thanks.


I agree with Meinolf regarding multihoming. Also worse, it appears there are
two gateways. You can only have one on any given machine.

--
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Please reply back to the newsgroup or forum to benefit from collaboration
among responding engineers, and to help others benefit from your resolution.

Ace Fekay, MCT, MCSE, MCSA 2003 & 2000, MCSA Messaging
Microsoft Certified Trainer
(E-Mail Removed)
http://twitter.com/acefekay

For urgent issues, you may want to contact Microsoft PSS directly. Please
check http://support.microsoft.com for regional support phone numbers.

"Ace Fekay [MCT]" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> "DHK" <(E-Mail Removed)> wrote in message
> news:7F699A94-787C-46A5-9C54-(E-Mail Removed)...
>> Dear MS Support Engineer:
>>
>> This is a re-post of a previous discussion. Unfortunately for me, I did
>> not
>> have my profile setup correctly beforehand. Therefore, you did not know
>> to
>> respond. I would appreciate your advice in this issue:
>>
>> My client has Windows Server 2003 R2 Standard Edition SP2. It has two
>> NICs
>> installed. 192.168.10.x is to an internal network. 192.168.20.x is only
>> attached to a firewall and the Internet. The metrics are supposed to give
>> priority to
>> 192.168.20.x, but it isn't working out that way. I have written a bat
>> file
>> for modifying the routing table, but it isn't working.
>>
>> I have including a portion of the routing table below immediately
>> following
>> a restart of the server:
>> ctive Routes:
>> Network Destination Netmask Gateway Interface
>> Metric
>> 0.0.0.0 0.0.0.0 192.168.10.254 192.168.10.2
>> 10
>> 0.0.0.0 0.0.0.0 192.168.20.254 192.168.20.5
>> 10
>> 127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1
>> 1
>> 192.168.10.0 255.255.255.0 192.168.10.2 192.168.10.2
>> 10
>> 192.168.10.2 255.255.255.255 127.0.0.1 127.0.0.1
>> 10
>> 192.168.10.255 255.255.255.255 192.168.10.2 192.168.10.2
>> 10
>> 192.168.20.0 255.255.255.0 192.168.20.5 192.168.20.5
>> 10
>> 192.168.20.5 255.255.255.255 127.0.0.1 127.0.0.1
>> 10
>> 192.168.20.255 255.255.255.255 192.168.20.5 192.168.20.5
>> 10
>> 224.0.0.0 240.0.0.0 192.168.10.2 192.168.10.2
>> 10
>> 224.0.0.0 240.0.0.0 192.168.20.5 192.168.20.5
>> 10
>> 255.255.255.255 255.255.255.255 192.168.10.2 192.168.10.2
>> 1
>> 255.255.255.255 255.255.255.255 192.168.20.5 192.168.20.5
>> 1
>> Default Gateway: 192.168.10.254
>>
>> The .bat file I use to modify the routing table is as follows. It is run
>> every time the system restarts:
>> route change 0.0.0.0 Mask 0.0.0.0 192.168.20.254 Metric 10 IF 0x10004
>> route change 0.0.0.0 Mask 0.0.0.0 192.168.10.254 Metric 20 IF 0x10003
>>
>> When I run the bat file manually, it does not change the routing table
>> metrics.
>>
>> If the server is left alone, a user is able to access the server via the
>> external address. The router forwards all traffic to 192.168.20.x. A full
>> TCP
>> session is established and sustained. However, after a few days, the
>> routing
>> table changes as follows:
>> ================================================== =========================
>> Active Routes:
>> Network Destination Netmask Gateway Interface
>> Metric
>> 0.0.0.0 0.0.0.0 192.168.10.254 192.168.10.2
>> 10
>> 0.0.0.0 0.0.0.0 192.168.20.254 192.168.20.5
>> 20
>> 127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1
>> 1
>> 192.168.10.0 255.255.255.0 192.168.10.2 192.168.10.2
>> 10
>> 192.168.10.2 255.255.255.255 127.0.0.1 127.0.0.1
>> 10
>> 192.168.10.255 255.255.255.255 192.168.10.2 192.168.10.2
>> 10
>> 192.168.20.0 255.255.255.0 192.168.20.5 192.168.20.5
>> 20
>> 192.168.20.5 255.255.255.255 127.0.0.1 127.0.0.1
>> 20
>> 192.168.20.255 255.255.255.255 192.168.20.5 192.168.20.5
>> 20
>> 224.0.0.0 240.0.0.0 192.168.10.2 192.168.10.2
>> 10
>> 224.0.0.0 240.0.0.0 192.168.20.5 192.168.20.5
>> 20
>> 255.255.255.255 255.255.255.255 192.168.10.2 192.168.10.2
>> 1
>> 255.255.255.255 255.255.255.255 192.168.20.5 192.168.20.5
>> 1
>> Default Gateway: 192.168.10.254
>>
>> This issue was addressed more than a year ago and for reasons unknown to
>> me,
>> the problem has returned.
>>
>> I did notice that the default gateway is the 192.168.10.x network, not
>> the
>> 192.168.20.x network. Is that part of the problem?
>>
>> Can you advise me how I can fix this issue?
>>
>> Thanks.
>
>
> I agree with Meinolf regarding multihoming. Also worse, it appears there
> are two gateways. You can only have one on any given machine.
>
> --
> Ace
>
> This posting is provided "AS-IS" with no warranties or guarantees and
> confers no rights.
>
> Please reply back to the newsgroup or forum to benefit from collaboration
> among responding engineers, and to help others benefit from your
> resolution.
>
> Ace Fekay, MCT, MCSE, MCSA 2003 & 2000, MCSA Messaging
> Microsoft Certified Trainer
> (E-Mail Removed)
> http://twitter.com/acefekay
>
> For urgent issues, you may want to contact Microsoft PSS directly. Please
> check http://support.microsoft.com for regional support phone numbers.

I agree also. Don't try to outsmart the software by writing batch files.
Set it up correctly.

Dear Meinolf:

In brief, the client modified his requirement so that the multi-homed server
only required access from the internal network.

Originally, the end user also wanted access via the Internet, thus the extra
firewall/router.

So I disabled the second network card. If they end user changes his mind
down the road, I'll be sure to post here my question regarding how to
reconfigure the server.

Thanks for your assistance.
Herb Kolodny


"Meinolf Weber [MVP-DS]" <meiweb(nospam)@gmx.de> wrote in message
news:(E-Mail Removed) .com...
> Hello DHK,
>
> You should avoid multihoming a server, as you did. The easiest way is to
> use one NIC from the server and connect all machine to the same switch.
> There connect also the firewall and use that as the DG for all machines,
> so the netwrok is secured from the firewall and you ahve no communication
> problem.
>
> Best regards
>
> Meinolf Weber
> Disclaimer: This posting is provided "AS IS" with no warranties, and
> confers no rights.
> ** Please do NOT email, only reply to Newsgroups
> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>
>> Dear MS Support Engineer:
>>
>> This is a re-post of a previous discussion. Unfortunately for me, I
>> did not have my profile setup correctly beforehand. Therefore, you did
>> not know to respond. I would appreciate your advice in this issue:
>>
>> My client has Windows Server 2003 R2 Standard Edition SP2. It has two
>> NICs installed. 192.168.10.x is to an internal network. 192.168.20.x
>> is only attached to a firewall and the Internet. The metrics are
>> supposed to give priority to 192.168.20.x, but it isn't working out
>> that way. I have written a bat file for modifying the routing table,
>> but it isn't working.
>>
>> I have including a portion of the routing table below immediately
>> following
>> a restart of the server:
>> ctive Routes:
>> Network Destination Netmask Gateway Interface
>> Metric
>> 0.0.0.0 0.0.0.0 192.168.10.254 192.168.10.2
>> 10
>> 0.0.0.0 0.0.0.0 192.168.20.254 192.168.20.5
>> 10
>> 127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1
>> 1
>> 192.168.10.0 255.255.255.0 192.168.10.2 192.168.10.2
>> 10
>> 192.168.10.2 255.255.255.255 127.0.0.1 127.0.0.1
>> 10
>> 192.168.10.255 255.255.255.255 192.168.10.2 192.168.10.2
>> 10
>> 192.168.20.0 255.255.255.0 192.168.20.5 192.168.20.5
>> 10
>> 192.168.20.5 255.255.255.255 127.0.0.1 127.0.0.1
>> 10
>> 192.168.20.255 255.255.255.255 192.168.20.5 192.168.20.5
>> 10
>> 224.0.0.0 240.0.0.0 192.168.10.2 192.168.10.2
>> 10
>> 224.0.0.0 240.0.0.0 192.168.20.5 192.168.20.5
>> 10
>> 255.255.255.255 255.255.255.255 192.168.10.2 192.168.10.2
>> 1
>> 255.255.255.255 255.255.255.255 192.168.20.5 192.168.20.5
>> 1
>> Default Gateway: 192.168.10.254
>> The .bat file I use to modify the routing table is as follows. It is
>> run
>> every time the system restarts:
>> route change 0.0.0.0 Mask 0.0.0.0 192.168.20.254 Metric 10 IF 0x10004
>> route change 0.0.0.0 Mask 0.0.0.0 192.168.10.254 Metric 20 IF 0x10003
>> When I run the bat file manually, it does not change the routing table
>> metrics.
>>
>> If the server is left alone, a user is able to access the server via
>> the
>> external address. The router forwards all traffic to 192.168.20.x. A
>> full TCP
>> session is established and sustained. However, after a few days, the
>> routing
>> table changes as follows:
>> ================================================== ====================
>> =====
>> Active Routes:
>> Network Destination Netmask Gateway Interface
>> Metric
>> 0.0.0.0 0.0.0.0 192.168.10.254 192.168.10.2
>> 10
>> 0.0.0.0 0.0.0.0 192.168.20.254 192.168.20.5
>> 20
>> 127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1
>> 1
>> 192.168.10.0 255.255.255.0 192.168.10.2 192.168.10.2
>> 10
>> 192.168.10.2 255.255.255.255 127.0.0.1 127.0.0.1
>> 10
>> 192.168.10.255 255.255.255.255 192.168.10.2 192.168.10.2
>> 10
>> 192.168.20.0 255.255.255.0 192.168.20.5 192.168.20.5
>> 20
>> 192.168.20.5 255.255.255.255 127.0.0.1 127.0.0.1
>> 20
>> 192.168.20.255 255.255.255.255 192.168.20.5 192.168.20.5
>> 20
>> 224.0.0.0 240.0.0.0 192.168.10.2 192.168.10.2
>> 10
>> 224.0.0.0 240.0.0.0 192.168.20.5 192.168.20.5
>> 20
>> 255.255.255.255 255.255.255.255 192.168.10.2 192.168.10.2
>> 1
>> 255.255.255.255 255.255.255.255 192.168.20.5 192.168.20.5
>> 1
>> Default Gateway: 192.168.10.254
>> This issue was addressed more than a year ago and for reasons unknown
>> to me, the problem has returned.
>>
>> I did notice that the default gateway is the 192.168.10.x network, not
>> the 192.168.20.x network. Is that part of the problem?
>>
>> Can you advise me how I can fix this issue?
>>
>> Thanks.
>>
>
>

Hello,

Thank you for posting here.

According to your description, I understand that:

You have a routing table issue in the Window Server 2003 R2 server with 2
NICs.

If I have misunderstood the problem, please don't hesitate to let me know.

Yes, first of all, we don't recommend to configure a server multi-homed
because of malfunction of some legacy service such as Browser service. If
you want to configure the server multi-homed to make it act as a
gateway/router, it is OK. All you need to do is to have a consistent
routing table on the server.

On this issue, please answer the following question to make us have a clean
understanding of your environment?

1. What is the topology of your network? Is it like:

Internet
|
|
|
|
Firewall
|
|
|
(192.168.20.x)
Windows Server 2003 R2
(192.168.10.x)
|
|
|
<Switch>
|
|
|
Clients

If I understand incorrectly, could you please explain your topology (with
illustration if possible)?

2. As the Windows Server 2003 R2 has the interface 192.168.10.x connected
to the internal network, what is the reason why you need a default gateway
on the internal interface?

If you have any questions or concerns, please do not hesitate to let me
know.




Best regards,

Miles Li

Microsoft Online Newsgroup Support

================================================== ================
Please post your SBS 2008 related questions to the SBS newsgroup on Connect
website:
https://connect.microsoft.com/sbs08/...i/default.aspx


Please post your EBS related questions to the EBS newsgroup on Connect
website:
https://connect.microsoft.com/ebs08/...i/default.aspx


If you want to use a newsreader other than a web forum to access these
newsgroups,
please refer to the following blog to apply NNTP password and configure a
newsreader:
http://msmvps.com/blogs/bradley/arch...for-the-sbs-20
08-newsgroups.aspx
================================================== ================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
================================================== ================
This posting is provided "AS IS" with no warranties, and confers no rights.
================================================== ================

Hello Miles. Thanks for your response.

Yes, you have the correct network topology.
Yes, the 192.168.10.x network is also connected to the Internet.
FYI, the 192.168.20.x firewall is configured to allow http and https traffic
only to pass.

Regarding your question of why did I need to define a default gateway on the
internal interface. It was from ignorance that I did it. I thought that I
had to do it. This is my first and only multi-homed server configuration.

Regarding the browser service, is there a KB article you can recommend I
read that explains what bad things would happen?

Best regards.
DHK

"Miles Li [MSFT]" <v-(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
>
> Hello,
>
> Thank you for posting here.
>
> According to your description, I understand that:
>
> You have a routing table issue in the Window Server 2003 R2 server with 2
> NICs.
>
> If I have misunderstood the problem, please don't hesitate to let me know.
>
> Yes, first of all, we don't recommend to configure a server multi-homed
> because of malfunction of some legacy service such as Browser service. If
> you want to configure the server multi-homed to make it act as a
> gateway/router, it is OK. All you need to do is to have a consistent
> routing table on the server.
>
> On this issue, please answer the following question to make us have a
> clean
> understanding of your environment?
>
> 1. What is the topology of your network? Is it like:
>
> Internet
> |
> |
> |
> |
> Firewall
> |
> |
> |
> (192.168.20.x)
> Windows Server 2003 R2
> (192.168.10.x)
> |
> |
> |
> <Switch>
> |
> |
> |
> Clients
>
> If I understand incorrectly, could you please explain your topology (with
> illustration if possible)?
>
> 2. As the Windows Server 2003 R2 has the interface 192.168.10.x connected
> to the internal network, what is the reason why you need a default gateway
> on the internal interface?
>
> If you have any questions or concerns, please do not hesitate to let me
> know.
>
>
>
>
> Best regards,
>
> Miles Li
>
> Microsoft Online Newsgroup Support
>
> ================================================== ================
> Please post your SBS 2008 related questions to the SBS newsgroup on
> Connect
> website:
> https://connect.microsoft.com/sbs08/...i/default.aspx
>
>
> Please post your EBS related questions to the EBS newsgroup on Connect
> website:
> https://connect.microsoft.com/ebs08/...i/default.aspx
>
>
> If you want to use a newsreader other than a web forum to access these
> newsgroups,
> please refer to the following blog to apply NNTP password and configure a
> newsreader:
> http://msmvps.com/blogs/bradley/arch...for-the-sbs-20
> 08-newsgroups.aspx
> ================================================== ================
> When responding to posts, please "Reply to Group" via your newsreader so
> that others may learn and benefit from your issue.
> ================================================== ================
> This posting is provided "AS IS" with no warranties, and confers no
> rights.
> ================================================== ================
>

"DHK" <(E-Mail Removed)> wrote in message
news:306EC3DC-2885-4657-91AC-(E-Mail Removed)...
> Hello Miles. Thanks for your response.
>
> Yes, you have the correct network topology.
> Yes, the 192.168.10.x network is also connected to the Internet.
> FYI, the 192.168.20.x firewall is configured to allow http and https
> traffic only to pass.
>
> Regarding your question of why did I need to define a default gateway on
> the internal interface. It was from ignorance that I did it. I thought
> that I had to do it. This is my first and only multi-homed server
> configuration.
>
> Regarding the browser service, is there a KB article you can recommend I
> read that explains what bad things would happen?
>

What happens with the browser service with two NICs is that it tries to
register the machine's computer name (NetBIOS) name with both IPs, which
causes a duplicate name error. Keep in mind with NetBIOS, names must be
unique. Remember the old TV show, Bob Newhart when the one guy introduced
his brother Larry, and his other brother Larry? That's not possible with
NetBIOS names. One way to alleviate this is to disable NetBIOS on the outer
interface, as well as Microsoft File and Print services (which disabled the
server service on the outer interface).

The following are some links on multihomed browsers:

Symptoms of multihomed browsersIf a client requested a list of servers from
a multihomed browser server, .... To prevent multihomed Microsoft Windows NT
servers from becoming browser ...
http://support.microsoft.com/kb/191611

Common causes and solutions of browser Event ID 8021 and Event ID ...For
correct browser operation, you should not operate multihomed Windows NT 4.0
PDCs or Windows 2000 and later PDC Emulators. ...
http://support.microsoft.com/kb/135404

Troubleshooting multihomed master browser issueIt is not recommended to
setup multihomed server as a domain controller. If you do, you may
experience master browser issue and receive Event ID 8021 - The ...
http://www.chicagotech.net/troublesh...erbrowser1.htm


Hopefully this machine will not be a domain controller, or it extremely
complicates things if multihomed due to the DNS SRV and other data that gets
registered into DNS, which can effectively disable or cause AD to
malfunction. If you decide to make this a DC, I can provide you a complete
step by step to alter the DC to make it work as a DC. Of course it has
registry alterations to control DNS registration. However I do recommend to
not go this route with a DC, and simply get an inexpensive firewall to
handle the tasks controlling network/internet traffic.

Ace

Hello,

Thanks for the update. Also thanks for the great sharing from Ace.

From the description that 192.168.10.x network is also connected to the
Internet, I'd like to know the topology of your network.

Why you need 2 NICs both connected to the Internet? Is it possible to
reconfigure the server's connection and change it to the 1 NIC scenarios?

If you have any questions or concerns, please do not hesitate to let me
know.



Best regards,

Miles Li

Microsoft Online Newsgroup Support

================================================== ================
Please post your SBS 2008 related questions to the SBS newsgroup on Connect
website:
https://connect.microsoft.com/sbs08/...i/default.aspx


Please post your EBS related questions to the EBS newsgroup on Connect
website:
https://connect.microsoft.com/ebs08/...i/default.aspx


If you want to use a newsreader other than a web forum to access these
newsgroups,
please refer to the following blog to apply NNTP password and configure a
newsreader:
http://msmvps.com/blogs/bradley/arch...for-the-sbs-20
08-newsgroups.aspx
================================================== ================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
================================================== ================
This posting is provided "AS IS" with no warranties, and confers no rights.
================================================== ================

Dear Ace and Miles.

Ace, many thanks to the list of KB articles. I will be checking them out
immediately.
No, the server is not a domain controller. It is just an app server.

Miles, the computer has been changed to a 1 NIC configuration already. I did
it by disabling the NIC going to the 192.168.20.x network. The only network
now is the 192.168.10.x which serves all the internal clients.

Network Topology Goals: The original network is 192.168.10.x. It is a
classic single domain controller on a single subnet. When the second network
was setup, it was not connected to the first. A separate external IP address
fed into a separate router/firewall dedicated to 192.168.20.x. The server in
question is/was the only device. It is a dedicated web server for external
access. Later, the user requested access from the internal network to permit
file transfers. Without knowing the implications, I simply connected the two
and tweaked the router table, at least I tried to. I did it that way because
it was easier than configuring the first router with a DMZ. This client uses
Watchguard Edge e-series routers.

Based on the feedback I received on this posting, if and when the client
wants it both ways, I should setup the DMZ, yes?

DHK

"Miles Li [MSFT]" <v-(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
>
> Hello,
>
> Thanks for the update. Also thanks for the great sharing from Ace.
>
> From the description that 192.168.10.x network is also connected to the
> Internet, I'd like to know the topology of your network.
>
> Why you need 2 NICs both connected to the Internet? Is it possible to
> reconfigure the server's connection and change it to the 1 NIC scenarios?
>
> If you have any questions or concerns, please do not hesitate to let me
> know.
>
>
>
> Best regards,
>
> Miles Li
>
> Microsoft Online Newsgroup Support
>
> ================================================== ================
> Please post your SBS 2008 related questions to the SBS newsgroup on
> Connect
> website:
> https://connect.microsoft.com/sbs08/...i/default.aspx
>
>
> Please post your EBS related questions to the EBS newsgroup on Connect
> website:
> https://connect.microsoft.com/ebs08/...i/default.aspx
>
>
> If you want to use a newsreader other than a web forum to access these
> newsgroups,
> please refer to the following blog to apply NNTP password and configure a
> newsreader:
> http://msmvps.com/blogs/bradley/arch...for-the-sbs-20
> 08-newsgroups.aspx
> ================================================== ================
> When responding to posts, please "Reply to Group" via your newsreader so
> that others may learn and benefit from your issue.
> ================================================== ================
> This posting is provided "AS IS" with no warranties, and confers no
> rights.
> ================================================== ================
>