No announcement yet.

Routing and Remote Access

  • Filter
  • Time
  • Show
Clear All
new posts

  • Routing and Remote Access

    I inherited this AD environment at a school district.... The AD environment consist of 6 DC's and all of them are on Windows 2003. Each schools has its own IP address subnet as each of the DC's are running DHCP service.

    In one of the schools (lets call it Grizzly), its domain controller machine is having hardware issues. It basically shuts down by itself. Found out that the power back plane needs to be replaced. This DC is the only one that has Routing And Remote Access installed.

    I have experience with DNS and DHCP.. And none with Routing.. I googled and got lost in trying to understand what it does..

    Can someone please be kind enough to explain why would someone install it on a DC? Is it for VPN? or DHCP traslation? If there is any web page that explains it nicely that would help as well..

    When this machine goes down, a school (lets name it Eagle) fails to get any DHCP IP addresses. I looked at the DHCP mmc, I do not see any IP subnets of the Eagle's school at all. Could the Routing service being doing the translating? When I look at the DHCP IP address lease, I see students that attends Eagle, gets an ip address that belongs to Grizzly. Does that makes sense?

    New server has come in and has Windows 2008 R2. Is there an easy way of transferring that settings over?

    Thank you for any help..
    Last edited by Gremlin; 21st October 2010, 16:51.

  • #2
    Re: Routing and Remote Access

    Most common use is for VPN access, it also allows the server to act as a router the same way as any hardware router does. Needs 2 NICs for that though.

    Check for a DHCP relay agent on the failing server in the RRAS console, if there is one that would explain why the other server can't get DHCP when it's down and why the site has IPs from the failing server.

    No easy way that I know of to migrate RRAS settings unfortunately.
    BSc, MCSA: Server 2008, MCSE, MCSA: Messaging, MCTS
    Cruachan's Blog


    • #3
      Re: Routing and Remote Access

      Thanks for the reply..

      The failing server has only one nic and one lan cable to the machine

      The failing server ip range is

      Eagle school ip range is I do not see that ip range in the failing server's DHCP Console or in RRAS Console.

      But the DHCP range for ip's to be leased are from to I have no idea why he has assigned that amount???

      Thanks for any help..

      P.S. : Looked to google more.. Basically Routing and Remote access was set for VPN use and that is all

      So I am still lost how come one school does not get any DHCP addresses if this server goes down...
      Last edited by Gremlin; 25th October 2010, 15:10.


      • #4
        Re: Routing and Remote Access

        One question,
        What is the Eagle-School's DHCP Server? I mean, when the Grizzly DC is up...
        MCITP: EA


        • #5
          Re: Routing and Remote Access

          When an Eagle school client connects to the Grizzly server via the VPN connection, the RemoteAccess service gives it an address from a reserved pool from a local DHCP scope. This is how our VPN works. We have a 2003 DC with RRAS and IAS configured. The DC is not used as a gateway, our Draytek router performs that role. Because the Draytek is the gateway the DC does not need a second NIC.

          Open the system log on Grizzly and check the RemoteAccess and IAS events. You will see that clients authenticate on a virtual port e.g. VPN3-127. The IP address will be local because the client is effectively joining the Grizzly network, and not trying to get a dedicated address via a DHCP scope

          The Eagle client will have a local IP address and the second address for the PPP adaptor (for the the VPN connection) will a local Grizzly address. Run ipconfig /all on an Eagle client when it is connected to see this.

          Hope this helps.
          A recent poll suggests that 6 out of 7 dwarfs are not happy


          • #6
            Re: Routing and Remote Access

            Originally posted by Balkan View Post
            One question,
            What is the Eagle-School's DHCP Server? I mean, when the Grizzly DC is up...
            Eagle school uses Mac's, they do not have any window server/desktops at all.. They are a charter school...
            So I am guessing the previous guy, tried to make things cheap set the DHCP somewhere, since they do not use any Window clients..

            Grizzly ip range is

            Eagle school ip range is

            With some more research found out that a different company set RRAS for VPN access.. I disabled RRAS, Eagle school still got their ip's..

            Yes I know this is messed up.. Found this out the hard way.... If you guys want screen shots let me know...
            Last edited by Gremlin; 25th October 2010, 15:12.


            • #7
              Re: Routing and Remote Access

              Well post those screens

              But I guess it is the problem with the DHCP... RRAS has nothing to do with this problem.
              MCITP: EA