Default Gateway Reverts to Old Setting

Discussion in 'Server Networking' started by DukieDallas, Aug 19, 2006.

  1. DukieDallas

    DukieDallas Guest

    Having a problem with the default gateway setting on a WinSvr2003 Std box at
    one of my clients.

    This server is on the only IP subnet at the client's main office. It's
    configured as a DC with another DC on the subnet, which is an SBS2003
    Premium box which holds all the FSMO roles. Both DCs run DNS for the
    domain, but onlly the SBS2003 server runs WINS.

    The server has two identical 10/100/1000 NICs, plus a (Broadcom) BASP
    Virtual Adapter which is part of optional NIC teaming. We're not doing any
    of the teaming, and the BASP Virtual Adapter and one of the physical NICs
    are disabled.

    We re-numbered the IP subnet in this office as part of a IP numbering
    architecture involving several branch offices VPNs with this main office as
    the VPN hub. The previous subnet was 192.168.0.0/24 with the old default
    gateway at 192.168.0.1. The renumbered subnet is 192.168.60.0/24 with the
    default gateway at 192.168.60.254.

    The server has static IP addressing on the active NIC. TCP/IP properties
    are left to use DHCP on the two disabled NICs, not that it should matter.
    TCP/IP is the only network protocol installed. DNS & WINS are set
    correrctly and NetBIOS is enabled on the active NIC. Advanced Settings in
    Network Properties look right as to sequence and protocol bindings.

    The problem is that the default gateway setting for the active NIC keeps
    reverting back to 192.168.0.1 from 192.168.60.254 at random times. After
    it's set correctly, it'll revert back after the server runs for some period
    of time. It may revert back after a reboot (but not always), overnight
    (during which a backup normally occurs, using BackupExec Remote Agent) or
    just after a few hours.

    I've re-set the default gateway numerous times, but it always reverts back
    to the old, now non-existent IP. I've searched the registry many times and
    removed or updated any reference to the old 192.168.0.x network. I've also
    changed which NIC is the active one and set the IP addressing correctly on
    the new one only to have the gateway get changed to the old 192.18.0.1 one
    on that NIC which had never been on that old network. Haven't found
    anything on-point in the Microsoft Support KnowledgeBase.

    We're at the point now of maybe removing/reinstalling the TCP/IP and/or
    networking software on this box. But we don't know if that will cure this
    and it's a hassle anyway.

    Anyone have any ideas?

    Thanks,
    DD

    Anyone have any i
     
    DukieDallas, Aug 19, 2006
    #1
    1. Advertisements

  2. In
    Only thing I can think of is there is some 3rd party software running that
    may be causing this. Can you list what's installed even as minuscule as it
    may sound? Something is doing it. Maybe a firewall or security app, if it's
    Terminal Server, maybe something a user installed, etc.

    --
    Ace
    Innovative IT Concepts, Inc
    Willow Grove, PA

    This posting is provided "AS-IS" with no warranties or guarantees and
    confers no rights.

    Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
    Microsoft MVP - Directory Services
    Microsoft Certified Trainer

    Having difficulty reading or finding responses to your post?
    Instead of the website you're using, I suggest to use OEx (Outlook Express
    or any other newsreader), and configure a news account, pointing to
    news.microsoft.com. This is a direct link to the Microsoft Public
    Newsgroups. It is FREE and requires NO ISP's Usenet account. OEx allows you
    to easily find, track threads, cross-post, sort by date, poster's name,
    watched threads or subject.
    It's easy:

    How to Configure OEx for Internet News
    http://support.microsoft.com/?id=171164

    Infinite Diversities in Infinite Combinations
    Assimilation Imminent. Resistance is Futile
    "Very funny Scotty. Now, beam down my clothes."

    The only constant in life is change...
     
    Ace Fekay [MVP], Aug 21, 2006
    #2
    1. Advertisements

  3. DukieDallas

    DukieDallas Guest

    Thanks for the reply.

    From Add/Remove Programs:
    Adobe Download Manager 2.0
    Adobe Reader 7.0.5
    ATI Display Driver
    Belarc Advisor 7.0
    LightningFAX 8.2.0.73
    LiveUpdate 2.6 (Symantec)
    Macromedia Flash Player 8.0
    Microsoft .NET Framework 2.0
    Microsoft Exchange (is really just the Exch System Tools for LightningFAX)
    Shadow Copy Client
    Synamtec AntiVirus
    Symantec Backup Exec Remote Agent for Windows Servers
    Symantec System Center
    VNC Free Edition 4.1.1
    WebEx (left over from a LightningFAX support session, after the IP subnet
    change)
    Windows 2000 Administration Tools (system was upgraded from Win2000Svr)
    Windows Server 2003 Service Pack 1
    Windows Support Tools

    Apart from Add/Remove Programs, the server also has
    DataPro (accounting application...really just the programs and data files,
    as a pure file server for them)
    Alarms (an old 16bit, "DOS" app for alarm companies)

    Aside from those apps and the DC role, this is purely a file server.

    Thanks,
    DD
     
    DukieDallas, Aug 22, 2006
    #3
  4. In
    Thanks for posting this stuff. Does Symantec System Center have any controls
    on server settings? How about Lightning Fax? The rest don't appear they
    would have anything to do with it. If you ran Belarc after you changed the
    settings, then ran it again, does it recognize the change in the gateway?

    Do these files exist anywhere on your system?
    VSMONAPI.DLL
    VSUTIL.DLL

    Ace
     
    Ace Fekay [MVP], Aug 22, 2006
    #4
  5. DukieDallas

    DukieDallas Guest

    Thanks for the further questions/ideas, Ace.

    No VS*.DLL anywhere on this system.

    LightningFAX was installed about 45 days after the IP network renumbering.
    I've also searched all LightningFAX folders & files for any file with
    192.168.0 in it. Nothing. Of course, if an IP address was in an encoded
    file, I wouldn't see it with that search. However, I believe LightningFAX
    does some license checking with home base when it was installed, so if the
    gateway was wrong at that time, it would have failed.

    Checked Symanted System Center content and documentation. The only thing
    that comes close caring about default gateway are the NetSpecs controls for
    Symantec Client Firewall. But this customerdoesn't have Symantec Client
    Firewall installed anywhere.

    Oddly enough, I think I may have inadvertently done something the day after
    my post that might have solved the problem. While combing through the
    network connections' properties for the zillionth time, I noticed that the
    Authentication tab for the active LANconnection had the "Enable IEEE 802.1x
    authentication" checkbox checked, with "Smart Car or other Certificate"
    selected in EAP type and the "Authenticate as computer when..." checkbox
    checked.

    Since we're not using any 802.1x port-based authentication for network
    access, I decided to turn that off. The gateway has remained correct for
    over 48 hours now, which is a record I'm sure. I can't yet explain why that
    would matter, but ..... don't look a gift horse in the mouth.

    DD
     
    DukieDallas, Aug 23, 2006
    #5
  6. In
    A *miracle* ? :)

    The IEEE and cert settings wouldn't really have anything to do with it, from
    what I see. Another thought was RRAS, which I forgot to ask about.

    Well, leave enough alone. Just don't forget to check it after your next
    update and restart.

    Ace
     
    Ace Fekay [MVP], Aug 23, 2006
    #6
  7. DukieDallas

    DukieDallas Guest

    Below.

    Nope, no RRAS. VPN & remote access are handled by a separate hardware
    firewall. I rebooted the server before my last post, and the correct
    gateway stuck and is still there. Don't worry, I'll continue to check.

    Thanks,
    DD
     
    DukieDallas, Aug 23, 2006
    #7
  8. In
    If it's still in there, then no worries!

    Post back if you have any other problems.

    Ace
     
    Ace Fekay [MVP], Aug 24, 2006
    #8
  9. In
    If it's an SBS script, (I'm trying to remember where it's indicated), go
    into the GPMC, and look under the domain level for all the GPOs. I can't
    remember which GPO it's in, but check them all. You'll also want to check
    the Small Business Serer OU (can't remember the exact name of the OU), and
    look in there. If you can't find it in a GPO, check the NETLOGON folder.

    Ace
     
    Ace Fekay [MVP], Aug 28, 2006
    #9
  10. DukieDallas

    DukieDallas Guest

    Ace and Kevin Miller,

    Well, I only thought I was out of the woods on the default gateway changing
    back. It held for just over a week but was back to the old, incorrect
    setting when I logged in yesterday to check. Damn!

    Turns out that your problem description, Kevin, and your response, Ace, have
    been very helpful. I've figured out what's running that causing the re-set
    and can stop it, but I still don't know exactly why.

    The client setup process that's invoked by the standard SBS_LOGIN_SCRIPT.bat
    in the SBS server's NETLOGON is the culprit. When setup.exe is run via the
    statement
    \\SBSSERVERNAME\Clients\Setup\setup.exe /s SBSSERVERNAME
    the default gateway gets changed back. If I prevent that from running, it
    doesn't. Like I said, I haven't found the GPO or whatever that's actually
    causing it.

    There's a file named SBSClientApps.log on the server that was reverting that
    shows has these lines in it when the gateway is re-set:
    -- Starting AppLnch.exe --
    -- calling DwWaitForShell( 45000 )
    - CreateMutex() returned valid and didn't already exist -
    DoAlwaysRun() -- Detected second server
    DoAlwaysRun() -- Refcounts for DG config do not match
    DoAlwaysRun() -- GetEnabledOnlyNICGuid succeeded
    DoAlwaysRun() -- Found NIC with static IP
    DoAlwaysRun() -- GetDefaultGateway returned 0
    DoAlwaysRun() -- Default Gateway is 192.168.0.1
    The 192.168.0.1 is the old, incorrect gateway.

    Also, the reason that the correct gateway held for a week is apparent from
    that same file. I had left two NICs enabled but only one configured and
    with a network cable attached. That was so LightningFAX would run since
    it's configured to a MAC address. The SBSClientApps.log file during those
    times said:
    -- Starting AppLnch.exe --
    -- calling DwWaitForShell( 45000 )
    - CreateMutex() returned valid and didn't already exist -
    DoAlwaysRun() -- Detected second server
    DoAlwaysRun() -- Refcounts for DG config do not match
    DoAlwaysRun() -- Server has more than 1 skipping DG config

    So when two NICs were active, whatever process that was resetting the
    gateway was skipped. I installed an updated LightningFAX license file last
    Friday. When I next logged in, yesterday, the process ran.

    Ace, with your insight, any idea where the configuration is that's causing
    this?

    Thanks,
    DD
     
    DukieDallas, Aug 29, 2006
    #10
  11. In
    Honestly, with any new clients we get that already have SBS, or if we have
    to reconfigure/setup, we remove those scripts. SBS does a bunch of things
    for the layman administrator to help them setup clients, the server, etc.
    We, and I, prefer to do it manually as we would any non-SBS server. For any
    new clients that are ready to upgrade or move on to new things, we recommend
    Windows Server (not SBS), and if they want Exchange, we recommend to
    separately purchase Exchange Std Edition. Most clients don't want to use ISA
    if they have Exchange, but I would rather set it up in conjunction with a
    recommended PIX or a Watchguard Edge series (not a Linksys). You get the
    drift...

    If you want to continue using those default scripts, you could change the IP
    specified in the script, or just remove it and do it the old fashion way.

    Ace
     
    Ace Fekay [MVP], Aug 30, 2006
    #11
  12. DukieDallas

    DukieDallas Guest

    Ace, I agree; I don't use those canned functions either. I guess I
    neglected to mention it, but I've removed the call to SBS_LOGIN_SCRIPT.bat
    from the logon scripts that are used. The correct default gateway is
    holding.

    Do you have any ides where the content that gets run by those scripts is?

    Thanks,
    DD
     
    DukieDallas, Sep 1, 2006
    #12
  13. In
    Honestly, I can't remember, but whenever I have to work on an SBS machine
    and that comes into question, the help files are pretty good these days.
    Sorry to be so evasive on it, but I don't have an SBS in front of me at the
    moment to look it up.

    Ace
     
    Ace Fekay [MVP], Sep 5, 2006
    #13
  14. DukieDallas

    DukieDallas Guest

    No problem. Thanks for all your advice.

     
    DukieDallas, Sep 6, 2006
    #14
  15. In

    Sorry for so late of a response. Busy week.

    No prob for the attempt to help. DId you ever find it?

    Ace
     
    Ace Fekay [MVP], Sep 12, 2006
    #15
  16. DukieDallas

    DukieDallas Guest

    Well, I wasn't looking too hard since I had identified where it happened and
    could easily avoid it. But, spurred on by your question, I just took
    another look and believe I've found it.

    In SBS, at least 2003, the clientapps setup is run from the Clients share on
    the SBS server, which is normally <drive>:\Program Files\Microsoft Windows
    Small Business Server\ClientSetup\Clients. Under there is a Setup folder
    with the setup.exe program file and other pertinent files. One of them is
    config.dat, which looks like it's actually an XML file and which is where I
    found the old default gateway.

    It looks like config.dat is written/updated by the stupid "Configure E-mail
    and Internet Connection" Wizard which you're prompted to run during SBS2003
    setup, is on the SBS "To Do List," and is listed as "Connect to the
    Internet" in the Server Management program under Administrative Tools.

    I ran the stupid wizard and sure enough, it updated the config.dat file with
    what is now the correct gateway. Of course, I had to go back and fix things
    like DNS servers in the LAN connection's TCP/IP properties afterward.

    Like you said in a previous post, a lot of those "layman administrator"
    setup scripts & tools are better ignored & left out if you know what you're
    doing.

    Thanks again for your help & advice.

    DD
     
    DukieDallas, Sep 12, 2006
    #16
  17. In
    See, I knew I hated those scripts for some reason! :) Yea, they can cause
    headaches, especially if you are used to doing it the manual way.

    Cheers!

    Aec
     
    Ace Fekay [MVP], Sep 15, 2006
    #17
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.