locked
Windows Server 2008 using multiple static IP addresses RRS feed

  • Question

  • Here is the scenario:

    Using a cisco switch, and routing is done over vlans.

    I have "Register DNS entries" disabled. I do my own DNS management and I don't want windows doing it.

    I have a Windows 2003 Server A, using IPs 10.10.10.1, 10.10.10.2, 10.10.10.3, and 10.10.10.4

    Now I take away 10.10.10.4 from Server A (remove from the IP list), I want another server to use this IP address.

    I have a Windows 2003 Server B, and a Windows 2008 Server C.

    IF I try to use the IP address on server 2003 B (assign it to one of the NICs), it is immediately accessible (right after I click "OK" on the "Local Area Connection Properties")

    IF I try to use that exact same IP address on server 2008 C, on the server the IP is usable, but no other device on the network can make contact with this IP address (the IP address appears as unused).

    I have lots of IP address I have been playing with, this problem comes up every single time on Windows 2008. I have also tried multiple 2008 builds on different hardware, no change. There are some workarounds, but they aren't reliable:

     1. Wait long enough. Sometimes a few hours wait and the IP address works and I can connect to server C using it, sometimes not
     2. Set that new IP as the main IP address (rather than appending it to the list of static TCP/IP addresses, configured on the TCP/IPv4 Properties page)

    Why does this work on Windows 2003 right away, where as with 2008 it gets stuck?

    What I noticed:

     - Sometimes, if the main IP address is a lower value than the one I am trying to set, it will be picked up immediately. So if the main nic IP is set to 10.10.10.25 and I want to add 10.10.10.27, it will work right away on 2008. But if I try to add 10.10.10.24, it will refuse to work

     - When the address is added, it will work indefinitely. So if I remove it, then "OK", then add it again, it will always work.

     - In Windows 2003, when I make ANY change in the TCP/IP Properties panel (even under advanced), the server will "work" (aka freeze, hang, do its thing) for 3-5 seconds, then come back. In Windows 2008, if I change the main IP it will "work" for 3-5 seconds, but no other change causes it to "work" in the same manner, and adding IPs causes it to come back instantly with no noticeable "work" (unlike 2003)

    Is it the way Windows 2008 broadcasts IP changes? Is it the way ARP packets are sent? Is it the way Windows 2008 routes traffic? Or is this a bug in the Windows 2008 networking layer that needs to be fixed?
    Wednesday, September 2, 2009 8:24 PM

All replies

  • Hello,

     

    Thanks for your post here.

     

    From the description, when you add an additional IP address on the Windows Server 2008 NIC the address doesn't come to work right away while adding an additional IP address onto Windows Server 2003 works well.

     

    I suspect the issue may result from the new ARP caching behavior in Windows Vista and later OS. When a client station has a longer ARP timeout than the CSM (Cisco). In this case, the ARP entry for this host would expire sooner on the CSM than on the client station. After this, the CSM does not accept any additional packets from this client station.

     

    Description of Address Resolution Protocol (ARP) caching behavior in Windows Vista TCP/IP implementations

    http://support.microsoft.com/kb/949589

     

    Understanding CSM ARP Behavior

    http://www.cisco.com/en/US/products/hw/modules/ps2706/products_tech_note09186a00803937a7.shtml

     

    Please answer the following questions for further investigations:

     

    1. When you add an additional IP address onto Windows Server 2008 server, which server do you test the connection to the problematic Windows Server 2008 from? Is it a server in the same VLAN as the problematic 2008 server? Is it a Windows Sever 2003 server?

     

    If you have any questions or concerns, please do not hesitate to let me know.

     

    Thursday, September 3, 2009 10:16 AM
  • Thanks for your reply Miles, I think I am finally getting somewhere with this.

    Right now I don't have a 2008 server in the same VLAN, I can put one on it if need be. But here are the results:

     - Pinging from any machine on a different VLAN, does not work. Tried server 2003 and Vista sp2.
     - Pinging from a 2003 box on the same VLAN: WORKS!

    Immediately after pinging from the machine on the same VLAN, the IP is pingable from all other machines in the network. Amazing.. something so simple, yet never thought to try it.

    So now here is my question back to you: do I have to keep doing this (set the ip, ping from same vlan) every time I want to use a new IP address?? Or is there something else I can do to make this happen right away.

    I appreciate your help!

    Thursday, September 3, 2009 4:08 PM
  • Hi,

     

    Thanks for the update.

     

    I am not a expert on the Cisco devices. However, according to the tech article from Cisco you may try to check how it works if you add the problematic Windows Server 2008 server into the Dummy Serverfarm. For the detailed steps, you may refer to the steps in the bottom.

     

    If you have any questions or concerns, please do not hesitate to let me know.

     

    Friday, September 4, 2009 10:52 AM
  • Well I don't want to "fix it" from the Cisco side, I want to know how I can get Windows 2008 to behave similar to Windows 2003 in this regard...
    Friday, September 4, 2009 4:20 PM
  • Hi,

    I met the similar problem.

    We have two windows 2008 servers (we tried SP1 and SP2), suppose the IP on one server is 192.168.227.160 (serverA), and the IP on another server is 192.168.227.161(serverB). 

    If I add 192.168.227.159 on one server, for example, serverA, using Advanced TCP/IP Settings dialog, then I ping the 192.168.227.159 on another subnetwork (192.168.225.*), the ping works well. 

    Now I remove  192.168.227.159 from the serverA, and add it to the serverB, then ping 192.168.227.159 on another subnet, it won't work any more. It output "Request timed out". This can be easily reproduced by using another unused IP address.

    In any case, the newly added IP address (for example, 192.168.227.159) can be ping on the same subnet (I mean on 192.168.227.*).

    The above test works well on Windows 2003 server.

    How to solve it?

    Thanks.

    Tuesday, September 15, 2009 10:40 AM
  • You may want to verify that the IP you are adding to the NIC do register in the registry. It was my problem, Web Server running 2008, but I still do not know why I have to add the IPs directly in the registry. FYI The problem seemed to be coming from nowhrre but was triggered by a restart. I hope this help.
    Thursday, January 7, 2010 6:44 PM
  • 'm having the exact same issue. Has anybody found a fix for this yet? It's driving me crazy!!!
    Wednesday, April 20, 2011 1:19 PM
  • Experiencing a similar problem with server 2008 when binding multiple IPs.

    It appears that the numerically lower IP becomes the "main" IP of the server, even when it's specified as an "additional" IP. As you can imagine, this becomes a problem very quickly as the firewall rules have been configured for a specific IP and suddenly it's different.

    Server 2003 did not exhibit this behavior.

    • Proposed as answer by J.Malek Saturday, May 14, 2011 4:00 PM
    • Unproposed as answer by J.Malek Saturday, May 14, 2011 4:01 PM
    Monday, May 2, 2011 4:58 PM
  • Hi Guys,

    I had a same issue yesterday, after some research I found http://support.microsoft.com/kb/975808.

    After performing the steps as below, I was able to resolved that issue successfully. 

    Install SP2 (May be required)

    Hotfix Install (KB975808)

    Remove all existing VIPs

    Re-add all VIPs using the command - Netsh int ipv4 add address "Interface Name" <ip address> <subness mask> skipassource=true

    HTH,

    Best of luck.

    Thanks,

    • Proposed as answer by J.Malek Friday, June 10, 2011 6:48 PM
    Saturday, May 14, 2011 4:09 PM
  • Hi 

    Miles,

    I have one similar problem as above with Windows Server 2008 R2.

    I am using few static IPs (each NIC is separate) and one Virtual adapter (bind with NIC). I want one application always should take Virtual adapter IP address.

    Symptoms: If i set all other IPs as DHCP then most of the cases that application takes Virtual adapter IP, but if i set one or more IP statically then its not predictable that which IP it will take (At very restart it may change)

    Please help me in that.

    Neeraj 

    Sunday, June 12, 2011 6:27 PM
  •  I have similar problem. We have E10K on W8K R2 server. Setup is following:

        we have one NIC with two IP addresses - 192.168.111.32(email2) and 192.168.111.33(email1) . Exchange  stuff(management/powershell/owa etc) is configured on 111.33 address. Other website is configured for 111.32 address. Exchange management which connects to email1 worked well till I installed SP1 today. After that the name resolution which earlier solved the email1 and email1.domain to 111.33 started to resolve the email1 and email1.domain to 111.32 address. nslookup resolved it correctly to 111.33 address but ping and powershell exchange management(start-pssession to email1.domain) tried both to connect to 111.32 address which for me was wrong and  Exchange management didn't work on server itself anymore. Quick solution was to add "192.168.111.33 email1.domain" to hosts file and I got Exchange management to work again.  I guess that maybe changing the email2 to 111.34 or greater would also solved the problem(should try it tomorrow). I got the list of updates on SP1 but there is about thousand fixes and I just didn't want to read all titles to find some possible fix that caused this. Therefore my question - is there some changes on SP1 which caused the name resolution for ping and some other things to change?

    Thursday, September 15, 2011 10:52 PM
  •  As it turned out it was this "skipassource" related problem. As W8K R2 SP1 was installed the hotfix http://support.microsoft.com/kb/2386184 was also installed and I removed the .32 IP address and added it with netsh and skipassource=true and name resolution was normal back again.
    Friday, September 16, 2011 2:46 PM
  • This is a horrible design by Microsoft. Awful.  I wonder what excuse they have for doing this?
    Thursday, March 1, 2012 11:34 PM