IP address unreachable from 2nd site

Customer has two sites linked by VPN. The exchange server at the first site has two NICs with IP addresses of 192.168.2.8 and 192.168.2.98.  When logged onto the server at the second site (subnet 192.168.4.0/24), we can not ping or tracert the ‘2.8 address but can do both to the ‘2.98 address. I was also able to ping a half dozen addresses on servers between ‘2.2 and ‘2.10 and a few workstations in a higher range. We logged onto the router/firewall and could see in its logs that Outlook would fail to connect to ‘2.8, then successfully connect to ‘2.98. Can’t find anything on the firewall blocking traffic to ‘2.8. I checked the DNS server and both addresses are present.
Can anyone venture a theory on why ‘2.8 address is unreachable from the second site?
LVL 2
YMartinAsked:
Who is Participating?
 
Steve KnightConnect With a Mentor IT ConsultancyCommented:
Silly Q perhaps but have you got the subnet mask or default gateway set wrongly on the ".8" NIC? Could you post the results from ipconfig /all and route print please:
e.g.
ipconfig /all > file.txt
route print >> file.txt
0
 
SouljaCommented:
Why are both nic on the same subnet? They should not be. It basically sounds like the .98 is the server's preferred network interface. You can change the order of preference in advanced setting under network properties.
0
 
YMartinAuthor Commented:
I can't find "preferred network interface" anywhere. I tried to google it, in hopes of finding a step-by-step, but every hit is referring to clusters or Hyper-V. We aren't running any of that. It is just server 2008 R2 hosting Exchange Server. The hardware came with 4 NICs, we decided to plug 2 of them into the network and let DNS' round-robin function provide the load balancing.
0
Managing Security Policy in a Changing Environment

The enterprise network environment is evolving rapidly as companies extend their physical data centers to embrace cloud computing and software-defined networking. This new reality means that the challenge of managing the security policy is much more dynamic and complex.

 
SouljaCommented:
Here you go:

http://theregime.wordpress.com/2008/03/04/how-to-setview-the-nic-bind-order-in-windows/

I meant to say binding order, just couldn't think of the term at that moment.
0
 
YMartinAuthor Commented:
I changed the binding order yesterday (and since I learned something new - I went home). This afternoon, I logged onto the server at the second site and pinged the exchange server by name; it returned the .8 address but timed out 4 times. I pinged the .8 address - same result. Tracert 192.168.3.8 times out after 30 hops.  I am able to ping the .98 address and tracert completes in 1 hop. Tracert to the name also times out.
Prior to changing the bind order, ping or tracert to the server by name would have gone to the .98 address. No one at the site is complaining of not getting their emails, so I imagine that they are still connecting to the .98 address.
Still a mystery.
0
 
SouljaCommented:
Not really, you should not have both interfaces on the same subnet in the first place. Change the subnet of the second nic and put it on a different  network. Otherwise, just disable it, or set up a nic team if the option is available.
0
 
YMartinAuthor Commented:
At the 1st site we have another server, named vserver, with 2 NICs on the same subnet. From the 2nd site I can ping vserver by name and by both of its IP addresses - .4 and .6. Doesn't seem to be a problem with that server having 2 NICs and 2 IP addresses on the same subnet.
I also logged onto 2 servers at the 1st site - the TS and DC servers. I pinged exchange and vserver by name from each and got a different IP address each time - indicating that DNS round robin function is working within the site and no problem with the NIC with the .8 address.
Only problem that we are having is reaching the .8 address from the 2nd site.
0
 
SouljaCommented:
Hmmm, weird.
0
 
Steve KnightIT ConsultancyCommented:
Presumably if you disable the second (.98) nic on the exchange box you can't then ping anything on the 4.x network either?
0
 
Steve JenningsIT ManagerCommented:
Agree with dragon-it .  .  .verify gateway , mask, next hop
0
 
YMartinAuthor Commented:
Dragon-it,
Brilliant! The gateway was missing. Don't know how many sets of eyes looked at that how many times without catching it.
I added the gateway, logged into the second site and am able to ping both IP addresses. Hate when I miss something that simple.
thank you, thank you, thank you.
0
 
YMartinAuthor Commented:
Missing gateway.
0
 
Steve KnightIT ConsultancyCommented:
no problem.... Firewalls excepting tcip is  pretty simple beast so best to start with the basics :-)  easy to miss to be fair as only issue from outside subnet of course and you already had another route to the internet..

Steve
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.