Routing issue

Ask a question

Tuesday, May 22, 2012 6:49 PM

0

First I'll start with our setup:

Charter Internet (modem and Fortinet Firewall (.1) providing DHCP)

We have two domain controller, both server 2008 r2 (.8 and .4, both DNS servers)

One Exchange 2010 server (.7)

One Sharepoint 2010 Server (.2)

One SQL 2007 Server (.4)

All of these servers are static mapped with the IP listed, all the same gateway (.1) and subnet. All pointing at the the two DC for DNS.

These servers are all connected to a 3Com 4210 switch (.22), which feeds other switches within the building.

We asked Charter to come out and upgrade our Fortinet firewall. There we able to clone the setting from one to the new one, however, when it was inplace, we had an issue. All the servers worked as expected except for the exchange server. It was able to see our internal network, and DNS was working correctly, but we were not able to browse the web, and recieved timeouts whenever we tried to ping out. When we put the old firewall back in line, of course it all worked again. Simple you say...firewall configuration issue. Well, we battled that with Charter. They say port forwarding for 80, and the ports required for exchange were all correct and the same as on the old unit.

So that leads to today. I decided to run a tracert to google.com. The first hop goes to .114, then to .1 So Igo investigating what is at .114 and found it to be an old OfficeConnect 9 (OC) under one of the clients desks. No idea why its routing through there. So I unplug the OC and go back to the exchange server, tracert google.com, and get unresponsive. DNS is working though. Of course all of our external mail is on hold now as there is no internet traffic.

I plug the switch back in, in a matter of minutes its all working again.

So, I've ran out of ideas here. I guess what I am asking for is some direction in what to look at. I've checked the 4210 and that still has its default setting out of the box, with exception to the login. I don't see why the Fortinet would be an issue as is static assigned IP and DNS, and all of the other servers tracert out to the gateway (.1) on the first hop and are unaffected by the unplugging of the switch.

Any ideas here would be appreaciated.

Thanks
- Reply
- Quote

All Replies

Tuesday, May 22, 2012 5:15 PM

0
Hello,

I have an server running Server 2008 R2 w/Exchange 2010. While upgrading our Fortinet firewall (the new appliance is not connected yet at this time) I discovered something odd. When I tracert to google.com, I am seeing it hit an old superstack 9 switch on the first hop before its hitting the Fortinet gateway. The server is physically connected to our 4210 switch, which is connected to the Fortinet. The 9 port is has no connection to the 4210. When I unplug the 9 my internet connection on the server is dropped. DNS works, but no external activity what so ever. Internal traffic is fine.

Does anyone have any idea why the server is routing through an old switch and then to the gateway? All our other servers tracert out correctly to the gateway address first.

George
- Merged by Rick TanModerator Wednesday, May 23, 2012 9:12 AM
- Reply
- Quote
Tuesday, May 22, 2012 5:21 PM

0

Hello,

I don't see that your problem is with a Microsoft solution.

For that, I would recommend asking Fortinet and your switches vendor technical support for assistance.

However, you can try asking them here: http://social.technet.microsoft.com/Forums/en-US/winserverNIS/threads

This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
Microsoft Student Partner 2010 / 2011
Microsoft Certified Professional
Microsoft Certified Systems Administrator: Security
Microsoft Certified Systems Engineer: Security
Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration
Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration
Microsoft Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration
Microsoft Certified Technology Specialist: Windows 7, Configuring
Microsoft Certified Technology Specialist: Designing and Providing Volume Licensing Solutions to Large Organizations
Microsoft Certified IT Professional: Enterprise Administrator
Microsoft Certified IT Professional: Server Administrator
Microsoft Certified Trainer
- Reply
- Quote
Tuesday, May 22, 2012 6:58 PM

0

If your client first hit .114, I would take a look at that client's IP configuration. Is this a DHCP client? Could that device under someone's desk have DHCP services enabled and it issued IP leases? Or, on this affected workstation, check the local routing table (route print). Why is .114 listed as a default route?

Guides and tutorials, visit ITGeared.com.
- Reply
- Quote
Tuesday, May 22, 2012 7:01 PM

0

newer thread: http://social.technet.microsoft.com/Forums/en-US/winserverNIS/thread/71c8f771-1466-4113-a83e-8d086c33e3a6
Guides and tutorials, visit ITGeared.com.
- Reply
- Quote
Tuesday, May 22, 2012 7:13 PM

0

Here is my current route print from the exchange server. It is static mapped .7:

===========================================================================
Interface List
11...3c 4a 92 e0 12 7c ......HP NC326i PCIe Dual Port Gigabit Server Adapt

10...3c 4a 92 e0 12 7d ......HP NC326i PCIe Dual Port Gigabit Server Adapt
1...........................Software Loopback Interface 1
15...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
12...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface Metric
          0.0.0.0          0.0.0.0         On-link       172.16.52.7    276
          0.0.0.0          0.0.0.0      172.16.52.1      172.16.52.7    276
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1 255.255.255.255         On-link         127.0.0.1    306
127.255.255.255 255.255.255.255         On-link         127.0.0.1    306
      172.16.52.0    255.255.255.0         On-link       172.16.52.7    276
      172.16.52.7 255.255.255.255         On-link       172.16.52.7    276
    172.16.52.255 255.255.255.255         On-link       172.16.52.7    276
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link       172.16.52.7    276
255.255.255.255 255.255.255.255         On-link         127.0.0.1    306
255.255.255.255 255.255.255.255         On-link       172.16.52.7    276
===========================================================================
Persistent Routes:
Network Address          Netmask Gateway Address Metric
          0.0.0.0          0.0.0.0      172.16.52.7 Default
          0.0.0.0          0.0.0.0      172.16.52.1 Default
===========================================================================

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination      Gateway
1    306 ::1/128                  On-link
1    306 ff00::/8                 On-link
===========================================================================
Persistent Routes:
None
- Reply
- Quote
Tuesday, May 22, 2012 7:16 PM

0

And here is my tracert from the exchange server. .1 is our gateway., .114 is the mysterious under the desk switch.

Tracing route to google.com [74.125.225.68]
over a maximum of 30 hops:

1    51 ms     3 ms     3 ms 172.16.52.114
2     3 ms     5 ms     5 ms 172.16.52.1
3     4 ms    22 ms     5 ms 24-231-244-177.static.aldl.mi.charter.com [24.23
1.244.177]
4    52 ms    17 ms    13 ms 10.182.30.1
5    12 ms    13 ms    11 ms dtr01gnvlmi-gbe-1-28.gnvl.mi.charter.com [96.34.
38.222]
6    13 ms    11 ms    11 ms dtr01rcfrmi-tge-4-3.rcfr.mi.charter.com [96.34.3
2.79]
7    15 ms    18 ms    15 ms crr01aldlmi-tge-0-0-3-0.aldl.mi.charter.com [96.
34.32.38]
8    25 ms    21 ms    23 ms bbr01aldlmi-tge-0-0-0-3.aldl.mi.charter.com [96.
34.2.214]
9    18 ms    25 ms    21 ms bbr01chcgil-tge-0-1-0-8.chcg.il.charter.com [96.
34.1.134]
10    18 ms    17 ms    19 ms prr01chcgil-tge-0-0-0-2.chcg.il.charter.com [96.
34.3.57]
11    16 ms    17 ms    19 ms 72.14.223.17
12    35 ms    17 ms    17 ms 209.85.254.128
13    18 ms    56 ms    17 ms 209.85.250.30
14    16 ms    21 ms    54 ms ord08s07-in-f4.1e100.net [74.125.225.68]
- Reply
- Quote
Wednesday, May 23, 2012 2:03 AM

0

Take a look at the configuration of the .114 device. Is it possible that someone misconfigured it and it is actually configured with 2 IPs (.114 & .1)? That is the only explanation I can come up with based on what you have posted. Hmm...I would also take a closer look by taking a packet capture and inspecting the traffic on the wire.
Guides and tutorials, visit ITGeared.com.
- Reply
- Quote
Wednesday, May 23, 2012 3:30 AM

1
Steven,

I assume the Exchange server is not a DC.

Are there two NICs on the Exchange server, an iSCSI adapter, and/or is RRAS on it?

The route print shows two 0.0.0.0 gateways. There should only be one default gateway on any device.

===========================================================================
Persistent Routes:
Network Address          Netmask Gateway Address Metric
          0.0.0.0          0.0.0.0      172.16.52.7 Default
          0.0.0.0          0.0.0.0      172.16.52.1 Default
===========================================================================

I don't know what 172.16.52.7 is, especially if you've stated that 172.16.52.1 is your default gateway, therefore I suggest to delete that unknown route:

route delete 172.15.52.7

Then double check by running a route print and an ipconfig /all to make sure 172.16.52.1 still remains. If not, go into the NIC properties and set it to 172.16.52.1, and try your tracerts and pathpings again.

Ace Fekay
MVP, MCT, MCITP EA, MCTS Windows 2008/R2, Exchange 2007 & Exchange 2010, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer
Microsoft MVP - Directory Services
Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php

This post is provided AS-IS with no warranties or guarantees and confers no rights.
- Edited by Ace Fekay [MCT]MVP Wednesday, May 23, 2012 3:31 AM
- Marked As Answer by Steven Wayne Powell Wednesday, May 23, 2012 12:21 PM
- Reply
- Quote
Wednesday, May 23, 2012 1:51 PM

0

That was it. I completely missed that. I ended up removing both the persistant routes, then going to the NIC and adding the gateway back it. Tracert worked properly, and continued to work after I removed the .114 switch. Thanks a million!

There are dual NICS in the server as well. We don't use one of them as its for management/ILO

Thanks Again!
- Reply
- Quote
Wednesday, May 23, 2012 3:33 PM

0

You are welcome! :-)

Just keep the unused NIC disabled.

Ace Fekay
MVP, MCT, MCITP EA, MCTS Windows 2008/R2, Exchange 2007 & Exchange 2010, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer
Microsoft MVP - Directory Services
Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php

This post is provided AS-IS with no warranties or guarantees and confers no rights.
- Reply
- Quote

Routing issue

All Replies

Products

Resources

Solutions

Updates

Trials

Related Sites

Training

Certifications

Other resources

Support by product

Other support links

Not an IT pro?