Server 2016 routing doesnt works

Question

Hi all,
I googled a lot but no luck.
In my hyper v environment, I have only 1 VM with Server 2016 (ADDS, DNS and Remote Access) installed, the VM has 2 NICs, the internal NIC IP 10.0.0.250 and external NIC IP 192.168.0.250 which connect to my home's internet router (192.168.0.1).
After LAN routing configured the service started normally but not routed as expected.
The both NICs can ping each other (ping -S 10.0.0.250 192.168.0.250 success and ping -S 192.168.0.250 10.0.0.250 also success) BUT ping -S 10.0.0.250 192.168.0.1 failed!
I'm a newbie I really don't know what is wrong! Please advise.
Thanks!

Answer 1

Hi Sonny,

Thank you very very much for your detailed explanation.
I know the difference between NAT and Router:

NAT--multiple private IPs share a public IP;
Router--connect different subnets.

I rebuilt the lab environment according to your post, but unfortunately, on RRAS, I still can’t ping between the 2 NICs, note: my Ping cmd with -S switch,

Ping -S 192.168.1.2 192.168.0.104

But once I set HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\IPEnableRouter to 1, I can ping between NICs without issue no matter RRAS installed or not.

Ping -S 192.168.1.2 192.168.0.1

Still failed.

Then I configured "LAN Routing" on RRAS server, I CANNOT ping from DC to Windows 10 client, vice versa.

Then funny thing happened:

I connected all VMs in internal switch and set IPs as:

DC:
IPv4 address 10.0.0.1
Default Gateway 10.0.0.2
RRAS server:
IPv4 address 10.0.0.2
IPv4 address 11.0.0.1
Windows 10 client:
IPv4 address 11.0.0.2
Default Gateway 11.0.0.1

Set IPEnableRouter to 1 and REMOVED RRAS, all VMs can ping each other!
No matter how many subnets I added, the subnet can ping each other as long as IPEnableRouter set to 1 even without RRAS service.

This is incredible! Microsoft drives me crazy!

Answer 2

Hi Sunny,
Thank you for the detailed explanation. But I have tried to install RRAS on an alone member server, same result.
I even tried it on a alone physical machine, and also tried adding static routing, no lucky.
Appreciated for your help!

Best,
Mark

Answer 3

Hi Sunny,
To simplify this matter, I installed server 2019 on a standalone physical computer with 2 NICs, followed

https://protechgurus.com/configure-lan-routing-windows-server-2016/

to install and configure the "Lan routing" service, same problem. I can ping between two NICs ("ping -S 10.0.0.250 192.168.0.250" successful and "ping -S 192.168.0.250 10.0.0.250" also successful) but "ping -S 10.0.0.250 192.168.0.1" failed.
But if I configure NAT instead of "Lan routing", I can successfully ping outside from 10.0.0.250.
In addition, "ping -S 192.168.0.250 192.168.0.1" without issue.
Any suggestions?

Answer 4

Hi,

Many thanks for your update.

I can ping between two NICs ("ping -S 10.0.0.250 192.168.0.250" successful and "ping -S 192.168.0.250 10.0.0.250" also successful)

For this question, please kindly note that this is a normal phenomenon since these 2 NICs were hosted by a same client, and they do not need router to route the traffic between them.

Based on provided information, my understanding is you want to achieve 2 different subnets can ping and communicate with each other successfully through a RRAS server. Please correct me if there is any misunderstanding.

Theoretically, this can be achieved by configuring a RRAS server with LAN routing service.

I did a test in my lab and here is a result for your reference:

DC:

IPv4 address 192.168.0.101

Default Gateway 192.168.0.104

RRAS server:

IPv4 address 192.168.0.104

IPv4 address 192.168.1.2

Windows 10 client:

IPv4 address 192.168.1.11

Default Gateway 192.168.1.2

After configuring the RRAS server with LAN routing service only, from Windows 10 side, I can ping my DC successfully.

So please make sure that your clients are pointing to the correct gateway. For testing purpose, I would suggest you disabled Windows Firewall temporarily when initiate ping command.

Screenshot from win10 side:

Screenshot from DC side:

Best Regards,
Sunny

----------

If the Answer is helpful, please click "Accept Answer" and upvote it.

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

Answer 5

Hi,

Please kindly note that Network address translation (NAT) provides a method for translating the Internet Protocol version 4 (IPv4) addresses of computers on one network into IPv4 addresses of computers on a different network. The network address translation (NAT) functionality provided by the Routing and Remote Access service enables computers on a private network to access computers on a public network, such as the Internet.

In your scenario, I think the issue is achieving routing between 2 subnets not achieving private IP can access Internet. So actually, LAN routing should be the solution.

For more details regarding of NAT, please refer to the following links:

What Is NAT?

How NAT Works

Best Regards,
Sunny

----------

If the Answer is helpful, please click "Accept Answer" and upvote it.

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.