Server 2016 routing doesnt works

xiaohong ma 96 Reputation points
2021-07-15T14:27:41.257+00:00

Hi all,
I googled a lot but no luck.
In my hyper v environment, I have only 1 VM with Server 2016 (ADDS, DNS and Remote Access) installed, the VM has 2 NICs, the internal NIC IP 10.0.0.250 and external NIC IP 192.168.0.250 which connect to my home's internet router (192.168.0.1).
After LAN routing configured the service started normally but not routed as expected.
The both NICs can ping each other (ping -S 10.0.0.250 192.168.0.250 success and ping -S 192.168.0.250 10.0.0.250 also success) BUT ping -S 10.0.0.250 192.168.0.1 failed!
I'm a newbie I really don't know what is wrong! Please advise.
Thanks!

Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
13,108 questions
0 comments No comments
{count} votes

Accepted answer
  1. xiaohong ma 96 Reputation points
    2021-07-19T13:49:27.087+00:00

    Hi Sonny,

    Thank you very very much for your detailed explanation.
    I know the difference between NAT and Router:

    NAT--multiple private IPs share a public IP;
    Router--connect different subnets.

    I rebuilt the lab environment according to your post, but unfortunately, on RRAS, I still can’t ping between the 2 NICs, note: my Ping cmd with -S switch,

    Ping -S 192.168.1.2 192.168.0.104

    But once I set HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\IPEnableRouter to 1, I can ping between NICs without issue no matter RRAS installed or not.

    Ping -S 192.168.1.2 192.168.0.1

    Still failed.

    Then I configured "LAN Routing" on RRAS server, I CANNOT ping from DC to Windows 10 client, vice versa.

    Then funny thing happened:

    I connected all VMs in internal switch and set IPs as:

    DC:
    IPv4 address 10.0.0.1
    Default Gateway 10.0.0.2
    RRAS server:
    IPv4 address 10.0.0.2
    IPv4 address 11.0.0.1
    Windows 10 client:
    IPv4 address 11.0.0.2
    Default Gateway 11.0.0.1

    Set IPEnableRouter to 1 and REMOVED RRAS, all VMs can ping each other!
    No matter how many subnets I added, the subnet can ping each other as long as IPEnableRouter set to 1 even without RRAS service.

    This is incredible! Microsoft drives me crazy!


8 additional answers

Sort by: Most helpful
  1. xiaohong ma 96 Reputation points
    2021-07-15T14:38:45.243+00:00

    Hi DSPatrick,
    Thank you for your quick responding!
    I also tried it on a member server, same issue.

    0 comments No comments

  2. xiaohong ma 96 Reputation points
    2021-07-15T15:03:30.557+00:00

    I just wanted to make routing service works, see my initial post please, thanks.

    0 comments No comments

  3. xiaohong ma 96 Reputation points
    2021-07-15T17:10:52.603+00:00

    The article you mentioned is about NAT instead of Routing, NAT works but Routing doesnt.
    115106-ka02r000000y5fnqas-en-us-3.jpeg

    I'm not talking about above, I'm talking about below, thank you!

    115135-rras-wizard-windows-server-20164.png

    115136-lan-routing-enble5.png

    0 comments No comments

  4. Sunny Qi 11,046 Reputation points Microsoft Vendor
    2021-07-16T06:32:48.793+00:00

    Hi,

    Thanks for posting in Q&A platform.

    Firstly, I noticed that DC has been configured as RRAS server, please kindly note that multihomed DCs are not recommended since they may cause much confusion and numerous errors may generate. AD, DNS and DHCP are the only roles considered acceptable to put on a DC under best practice.

    At current status, if you need subnet 10.0.0.0 can ping subnet 192.168.0.0 successfully, I would suggest you remove RRAS role from the DC&DNS server and create a new VM to host the RRAS role. The DC&DNS server needs to be configured with 1 NIC with IP 10.0.0.0 subnet. The new RRAS server needs to be configured with 2 NICs, one is in subnet 10.0.0.0 and another one is subnet 192.168.0.0. Next please configure the RRAS NIC which is in 10.0.0.0 subnet as DC&DNS server's default gateway. Now I think DC can ping your home's internet router 192.168.0.1 successfully.

    Best Regards,
    Sunny

    ----------

    If the Answer is helpful, please click "Accept Answer" and upvote it.

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.