Microsoft KB Archive/282528

= RAS Client Obtains Wrong IP Address from Multihomed RAS Server =

PSS ID Number: 282528

Article Last Modified on 12/19/2003

-

The information in this article applies to:


 * Microsoft Windows Server 2003, Standard Edition
 * Microsoft Windows Server 2003, Enterprise Edition
 * Microsoft Windows Server 2003, Datacenter Edition
 * Microsoft Windows Small Business Server 2003, Premium Edition
 * Microsoft Windows Small Business Server 2003, Standard Edition

-



This article was previously published under Q282528



SYMPTOMS
RAS clients could unexpectedly obtain an IP address from another DHCP resource if the first resource on the RAS server is unavailable.



CAUSE
RAS servers have a preferred network adapter facility that is used to determine the network segment from which dynamically-assigned IP addresses are requested from a DHCP server. This facility determines which network packets will be routed from remote clients. For example, a RAS server has two network adapters (A and B) and a modem. If the RAS server is configured for preferred adapter A, then a person that dials in with the modem will receive an IP address from network A and will be able to obtain access to resources on network A.

When a DHCP server on network A fails or network conditions do not allow a RAS server to obtain appropriate addresses from the DHCP server on network A, the RAS server seeks an alternate interface from which DHCP addresses may be acquired. This could result in the RAS clients obtaining IP addresses on networks other than the intended network. This behavior causes two problems:
 * The IP addresses that are supplied to dial-in users are invalid, and users may not be able to obtain access to the resources they want to use such as e-mail servers, network shares, and so on.
 * This is a security problem because users now have access to a network that would otherwise be inaccessible. This is a configuration that the administrator may not expect.



RESOLUTION
To resolve this issue, use any of the following methods.

Method 1
Resolve the connectivity issue that exists on the primary network adapter so that the RAS clients can utilize the RAS server's primary network adapter instead of forcing them to fail over to a second connection.

Method 2
Reconfigure the RAS Server with one network adapter. In many cases, this is the best alternative, as it decreases the potential for problems that exist primarily on RAS servers with multiple network adapters.

Method 3
Change the RRAS properties from DHCP to a static address pool. In this manner you can force RAS clients to use a specific range of address, rather than using the RAS server's network adapter to obtain DHCP addresses. To do so:
 * 1) Open the Routing and Remote Access MMC.
 * 2) Right-click Server, and then click Properties.
 * 3) Click the IP tab, and view the IP address assignment section.
 * 4) Click Static address pool, and then click Add to provide an IP address range.



STATUS
Microsoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article.

Keywords: kbenv kbnetwork kbprb KB282528

Technology: kbSBServ2003Pre kbSBServ2003Search kbSBServ2003St kbSBServSearch kbWinServ2003Data kbWinServ2003DataSearch kbWinServ2003Ent kbWinServ2003EntSearch kbWinServ2003Search kbWinServ2003St

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© 2004 Microsoft Corporation. All rights reserved.