Sunday, December 12, 2010

Source IP address and skipassource hotfix for Windows 2008 R2

I ran into an interesting issue this weekend. I have one Windows 2008 R2 web server that has multiple IP address bound to the same network card and the problem with is that this server is having communication problems (read: server is not communicating anymore).

I have found out that, starting form Windows 2008, all the server's IP addresses get automatically registered on the DNS servers. And this is by design.

In fact Microsoft has changed how the way the TCP/IP stack behaves in the sense that there is no more a ‘Primary’ IP address. So, when multiple IP addresses are assigned to a single network interface, they are all treated evenly and they are are all registered into DNS.

But, if, as in my case, you have a firewall configured for letting pass the outbound traffic from just one of these IP addresses, then you are likely to get a communication problem.

Happily enough, there is a quite manual solution which can be applied to solve this problem. Sadly, being this solution manual means that it is not easily deployed and that it is not (and never will be) standard. So I think in the long term I should take in consideration this changes in the way Windows network kernel behaves in my future architecture planning.

Ok, let's go straight to the point and see the solution.

First there is one hotfix to download from Microsoft:

For Windows 2008 and Windows Vista: go here and download the hotfix 975808
For WIndows 2008 R2 and Windows: go here and download ther hotfix 2386184

After you install this hotfix, reboot the server then remove the 'Secondary' IP addresses from the network adapter via the GUI and reassign them with the netsh commandline as shown here:

netsh int ipv4 add address "Local Area Connection 1" x.x.x.x skipassource=true

As you see, I have added the skipassource flag and set it to 'True'. By using this flag this way, I am telling my Microsoft box not to use these IP address for outgoing communication. That solved my problem.

If you want there is a nice Powershell script which can be used to optimze this last step. You can find it here.

I hope this helps. Microsoft is ever changing, so sometimes it is hard to follow...

No comments:

Post a Comment

Related Posts Plugin for WordPress, Blogger...