none
Direct Access/VPN - Add server to Cluser creates some strange routes

    Question

  • Hello,

    Our DA/VPN servers have worked well for years (setup before I joined the company) but we recently decided to add two new Server 2012 R2 servers to the cluster. I went through the process to add the servers in Remote Access Management Console and the first server joined without and issue but when users connect their VPN, DNS doesnt work.

    So I checked the routing and a strange active route has been added during the server add i.e. 10.2.44.80.  This IP doesnt relate to anything on our network.

    I tried removing the server from the cluster and sure enough the route was deleted and then added itself when I re-added it.

    I can see this IP in the DA sever GPO but I cant see this line when I edit the GPO and as I said I dont know what it is or what the probe address is as this isnt whats set in the console:

    Software\Policies\Microsoft\Windows\RemoteAccess\Config\GlobalWebProbeURL directaccess-WebProbeHost.kingspan.net 
    Software\Policies\Microsoft\Windows\RemoteAccess\Config\InternalVIPs 10.2.44.80/255.255.255.0 
    Software\Policies\Microsoft\Windows\RemoteAccess\Config\InternetVIPs 10.2.44.80/255.255.255.0 

    I should point out that the old servers have no mention of 10.2.44.80 in their routing table.

    the table:

    IPv4 Route Table
    ===========================================================================
    Active Routes:
    Network Destination        Netmask          Gateway       Interface  Metric
              0.0.0.0          0.0.0.0   10.2.2.249    10.2.2.82    266
             10.0.0.0        255.0.0.0    10.2.44.249     10.2.44.82      6
             10.0.0.0        255.0.0.0    10.2.44.249     10.2.44.80     51
          10.2.44.0    255.255.255.0         On-link      10.2.44.82    261
          10.2.44.0    255.255.255.0         On-link      10.2.44.80    306
         10.2.44.80  255.255.255.255         On-link      10.2.44.80    306
         10.2.44.82  255.255.255.255         On-link      10.2.44.82    261
        10.2.44.255  255.255.255.255         On-link      10.2.44.82    261
        10.2.44.255  255.255.255.255         On-link      10.2.44.80    306
         10.2.2.0    255.255.255.0         On-link     10.2.2.82    266
        10.2.2.82  255.255.255.255         On-link     10.2.2.82    266
       10.2.2.255  255.255.255.255         On-link     10.2.2.82    266
         10.2.111.1  255.255.255.255         On-link      10.2.111.1    306
            127.0.0.0        255.0.0.0         On-link      10.2.44.80    306
            127.0.0.1  255.255.255.255         On-link      10.2.44.80    306
      127.255.255.255  255.255.255.255         On-link      10.2.44.80    306
           172.16.0.0      255.240.0.0    10.2.44.249     10.2.44.82      6
           172.16.0.0      255.240.0.0    10.2.44.249     10.2.44.80     51
          192.168.0.0      255.255.0.0    10.2.44.249     10.2.44.82      6
          192.168.0.0      255.255.0.0    10.2.44.249     10.2.44.80     51
            224.0.0.0        240.0.0.0         On-link      10.2.44.80    306
            224.0.0.0        240.0.0.0         On-link      10.2.44.82    261
            224.0.0.0        240.0.0.0         On-link     10.2.2.82    266
            224.0.0.0        240.0.0.0         On-link      10.2.111.1    306
      255.255.255.255  255.255.255.255         On-link      10.2.44.80    306
      255.255.255.255  255.255.255.255         On-link      10.2.44.82    261
      255.255.255.255  255.255.255.255         On-link     10.2.2.82    266
      255.255.255.255  255.255.255.255         On-link      10.2.111.1    306
    ===========================================================================
    Persistent Routes:
      Network Address          Netmask  Gateway Address  Metric
             10.0.0.0        255.0.0.0    10.2.44.249       1
           172.16.0.0      255.240.0.0    10.2.44.249       1
          192.168.0.0      255.255.0.0    10.2.44.249       1
              0.0.0.0          0.0.0.0   10.2.2.249  Default

    Any ideas what I can do???

    Wednesday, June 13, 2018 8:51 AM

All replies

  • Hi,

    I am currently performing research on this issue and will get back to you as soon as possible. I appreciate your patience.

    If you have any updates during this process, please feel free to let me know.

    Best regards,

    Michael


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Thursday, June 14, 2018 2:47 PM