Server 2008, 2 NICs, 2 fixed IPs – big delays using internet

metricsnicroutingwindows-server-2008

I have an all in one Windows 2008 server, configured with AD/DHCP/DNS/RRAS – all set up with wizards and no specific tweaking. The server has 2 network adapters : one of which ("MyWAN") is plugged into our office's internet connection, the other ("MyLAN") is plugged into a local switch, which is also where all our desktops are connected. So this one server is doing everything.

When first set up, MyLAN had a fixed IP of 192.168.2.1 and served the desktops with DHCP scope 192.168.2.50-99. It also told them to use 192.168.2.1 as DNS and gateway. MyWAN was setup to take its IP etc from DHCP, being handled by the building's router and ADSL modem etc. All desktops were setup to use DHCP.

This all worked perfectly fine, until I recently changed MyWAN to have a static IP (I wanted to access it from home, and needed to give it a static IP to port map in the building's router).

Things still work, but there is now a long delay when accessing the internet. The actual speed is as before when downloading, but there is a pause of 3-6 secs when connecting to new hosts (for example if I browse to slashdot from either a desktop or the server itself, it'll hang on connecting to slashdot.org, hang again on connecting to *.fsdn, *.google-analytics.com and all the other hosts referenced from the main page).

If I ping slashdot.org from the server, I get the following :

Pinging slashdot.org [216.34.181.45] with 32 bytes of data:
Reply from 192.168.2.1: Destination host unreachable.
Reply from 216.34.181.45: bytes=32 time=99ms TTL=239
Reply from 216.34.181.45: bytes=32 time=100ms TTL=239
Reply from 216.34.181.45: bytes=32 time=101ms TTL=239

Pinging anywhere external always seems to hit 192.168.2.1 first, which doesn't seem right.

Trying tracert from the server gives the following :

Tracing route to slashdot.org [216.34.181.45] over a maximum of 30 hops:
1 MYSERVER01.intranet [192.168.2.1] reports: Destination host unreachable

Trying tracert from a desktop gives the following :

Tracing route to slashdot.org [216.34.181.45] over a maximum of 30 hops:
    1  <1 ms    *      <1 ms   MYSERVER [192.168.2.1]
    2   *       *       *      Request timed out.
    3   6 ms    6 ms    6 ms   dsl-gw1.ge.mer.uk.webtapestry.net [217.151.111.17]
    4  38 ms  239 ms  251 ms   gw-router.ge.mer.uk.webtapestry.net [217.151.111.13]

…and then all is fine after that.

I think that DNS is working fine because the domain names are getting translated to correct IPs immediately. DHCP seems to be okay? So perhaps it's something up with my RRAS setup – although I can't see any option during the setup wizard which I would have filled in differently.

I've also tried changing the binding order of the two network connections, to prioritise MyWAN, but that doesn't seem to have done anything.

Any idea what's up?

Many thanks – Rob

EDIT :

"route print" from the server :

===========================================================================
Interface List
 10 ...00 27 19 b1 73 cc ...... Realtek PCIe GBE Family Controller
 11 ...00 1f d0 5f 4f 36 ...... Realtek PCIe GBE Family Controller #2
  1 ........................... Software Loopback Interface 1
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0   172.17.110.254   172.17.110.200    276
          0.0.0.0          0.0.0.0         On-link       192.168.2.1    266
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
     172.17.110.0    255.255.255.0         On-link    172.17.110.200    276
   172.17.110.200  255.255.255.255         On-link    172.17.110.200    276
   172.17.110.255  255.255.255.255         On-link    172.17.110.200    276
      192.168.2.0    255.255.255.0         On-link       192.168.2.1    266
      192.168.2.1  255.255.255.255         On-link       192.168.2.1    266
    192.168.2.255  255.255.255.255         On-link       192.168.2.1    266
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link    172.17.110.200    276
        224.0.0.0        240.0.0.0         On-link       192.168.2.1    266
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link    172.17.110.200    276
  255.255.255.255  255.255.255.255         On-link       192.168.2.1    266
===========================================================================
Persistent Routes:
  Network Address          Netmask  Gateway Address  Metric
          0.0.0.0          0.0.0.0      192.168.2.1  Default 
          0.0.0.0          0.0.0.0   172.17.110.254  Default 
===========================================================================

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
  1    306 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None

"route print" from a desktop :

===========================================================================
Interface List
 13 ...00 1d 7d 01 db 9d ...... Realtek PCIe GBE Family Controller
  1 ........................... Software Loopback Interface 1
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.2.1     192.168.2.50     10
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.2.0    255.255.255.0         On-link      192.168.2.50    266
     192.168.2.50  255.255.255.255         On-link      192.168.2.50    266
    192.168.2.255  255.255.255.255         On-link      192.168.2.50    266
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link      192.168.2.50    266
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link      192.168.2.50    266
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
  1    306 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None

Note that 172.17.110.200 is the static IP of MyWAN.

Best Answer

Looking at "route print" from the server, the LAN adapter has a lower metric than the WAN adapter. This means that it's the first route tried - which is obviously not correct.

Both the LAN and WAN adapters had Automatic Metric ticked in the TCP/IP properties. The LAN adapter happens to have had a lower metric automatically applied - perhaps this is due to the order the hardware is attached to the motherboard or something?

The fix was to untick Automatic Metric for the LAN adapter and give it a fairly high number. I set it to 100, which resulted in a metric of 356 in "route print", which is greater than that of the WAN adapter and so the latter is tried first.

Related Topic