Dual NIC Win2008 routing problem when private NIC enabled?

windows-server-2008 routing nic

7,227

Have you looked at the network adapter binding order, maybe there is something wrong is this case?

7,227

sqrepants

Updated on September 17, 2022

Comments

sqrepants almost 2 years

Have Win2008 Terminal Server. Works fine if only public NIC is enabled.

But you want to enable the private NIC as well. What happens? Boom, nobody can access the Terminal Server (via public NIC).

Have tried:

Setting a persistent static route (didn't work)
Giving the private NIC a higher metric (didn't work either)
Setting "Consider Unidentified networks as private" in local security policy (Computer configration -->Windows Settings -->Security Settings -->select Network list manager policies)
Enabling weakhostsend/receive mode on each interface, as follows: (didn't work either)

    netsh interface ipv4 set interface "Private NIC" weakhostsend=enabled store=persistent
    netsh interface ipv4 set interface "Private NIC" weakhostreceive=enabled store=persistent
    netsh interface ipv4 set interface "Public NIC" weakhostsend=enabled store=persistent
    netsh interface ipv4 set interface "Public NIC" weakhostreceive=enabled store=persistent

None of these worked.

route print output:

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0    111.222.333.1   111.222.333.99     21
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
    192.168.244.0    255.255.255.0         On-link     192.168.244.1    502
    192.168.244.1  255.255.255.255         On-link     192.168.244.1    756
  192.168.244.255  255.255.255.255         On-link     192.168.244.1    756
    111.222.333.0    255.255.255.0         On-link    111.222.333.99    276
   111.222.333.99  255.255.255.255         On-link    111.222.333.99    276
  111.222.333.255  255.255.255.255         On-link    111.222.333.99    276
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link    111.222.333.99    276
        224.0.0.0        240.0.0.0         On-link     192.168.244.1    756
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link    111.222.333.99    276
  255.255.255.255  255.255.255.255         On-link     192.168.244.1    756
===========================================================================
Persistent Routes:
  Network Address          Netmask  Gateway Address  Metric
          0.0.0.0          0.0.0.0    111.222.333.1       1
    192.168.244.0    255.255.255.0    192.168.244.1       2
===========================================================================

Update: After the suggestion below, I checked the binding order and corrected it. This made it work -- until the server was restarted.

After a reboot, nobody could connect again. The binding order is still correct, with Remote Access Connections followed by Public NIC followed by Private NIC.

The difference is, AFTER THE RESTART, the Persistent Routes order in route print above reversed itself. So it becomes:

Persistent Routes:
Network Address          Netmask  Gateway Address  Metric
192.168.244.0    255.255.255.0    192.168.244.1       2
0.0.0.0          0.0.0.0    111.222.333.1       1

Any ideas on how to get the previous Persistent Routes order to stick?

Vick Vega over 13 years

I assume you have removed the Default Gateway from the internal NIC?
sqrepants over 13 years

Yes, default gateway is blank on the internal NIC.

sqrepants over 13 years

Thanks shadowman12, that was it! The network binding order was the reversed of what it should of been, with the Private NIC hogging the top spot. I moved "Remote Access Connections" to the top, followed by "Public NIC", followed by "Private NIC". It works! For those wondering how to get to the binding order settings, go to Start - Run - ncpa.cpl - Advanced menu - Advanced.
sqrepants over 13 years

HOLD ON -- UPDATE -- after a reboot, nobody could connect again. The binding order is still correct, with Remote Access Connections followed by Public NIC followed by Private NIC. The difference is, AFTER THE RESTART, the Persistent Routes order in route print above reversed itself. So it becomes 192.168.244.0 ... Metric 2 followed by 0.0.0.0 Metric 1. Is there any way to get the Persistent Routes order to stick?
Guido van Brakel over 13 years

You can do route add -p. Have you done that?
sqrepants over 13 years

Yes, both routes are persistent and were created with route add -p. But the order of the persistent routes is reversed. How can I get the persistent routes to show up in the correct order - across reboots?
sqrepants over 13 years

I even added each individual interface to the end of the route add -p - it still only works if the Persistent Routes order in route print is 0.0.0.0 on the first line, and then the 192.168.244.0 on the second line. After every reboot, the order is reversed and the private network is unroutable.
Vick Vega over 13 years

Anything in the logs?
sqrepants about 13 years

Nothing related.
Guido van Brakel about 13 years

Please contact Microsoft for this, I think it's a bug.
sqrepants about 13 years

Also tried giving the private interface route a giant metric, with route add -p 192.168.244.0 mask 255.255.255.0 192.168.244.1 metric 1000 if 13, rebooted, and the persistent routes order reversed again. Am thinking about contacting Microsoft as you suggested but if anyone else has any ideas I'd love to hear them?