How can I stop a Windows 2003 server from building dynamic routes to client PCs?
Posted on 2008-10-29
I have an Exchange server running on Windows 2003 that is adding dynamic routes to every (or almost every) client computer that connects to it. The default router for the server is X.X.X.1, this is a Cisco 6500 switch. I have client PCs connecting (using Outlook) via two sources: some connect over T1 circuits through our corporate router X.X.X.2 while others connect through a VPN tunnel that terminates on a Cisco ASA X.X.X.253. The Exchange server IP is X.X.X.172.
When clients connect to the Exchange server it adds a dynamic route for each client. If they connect via the T1 it adds a route using X.X.X.2 as the gateway and if they connect via the VPN the route added uses X.X.X.253 as the gateway. In both cases it bypasses the servers default route of X.X.X.1.
This creates a problem for us because some of the remote sites that connect via T1 also have a cable backup circuit that connects over the VPN. These backup circuits are up all the time, they are not "dial on demand" like an ISDN backup. Routing policies on the remote routers keep the traffic flowing over the T1 until it fails and then switch over to the cable circuit.
When a T1 fails the Exchange server can no longer reach the client PC using the dynamic route that it has added and it creates a new dynamic route using the VPN (X.X.X.253) as the gateway. This works fine and users are still able to work. The problem starts when the T1 comes back up. Because the Exchange server can still reach the clients via the VPN connection it does not delete the route. The client PCs start to send traffic over the T1 again but the Exchange server sends the response back over the cable circuit.
I need the Exchange server to stop trying to "out think" our network equipment and just use it's default gateway (X.X.X.1) all the time. How can I stop it from adding all these dynamic routes?
Routing and Remote Access is not configured on the Exchange server.
Other 2003 servers on the same subnet also add these same dynamic routes, so the problem is not with Exchange but with the operating system itself.