For a while now I've been using the Netsh SkipAsSource Flag to allow multiple IPs on a server and only the primary IP registers in DNS. The previous series of articles in this series are here:
- Fine Grained Control When Registering Multiple IP Addresses On a Network Card
- Fine Grained Control When Registering Multiple IP Addresses–Part Deux
- Fine Grained Control When Registering Multiple IP Addresses–Part Trois
Update 19-9-2013; Tried this out on the RTM build of Windows Server 2012 R2. Same issue.
Life was good until Shawn Martin added a comment asking about a hotfix for Windows Server 2012 to fix a previous issue from Windows Server 2008 R2. Hotfix 2554859 was noted in the original article, but I had not experienced the behaviour on Server 2012 as I was not using the GUI.
This is an excerpt from KB 2554859 describing the issue:
- You install hotfix 2386184 on the computer to enable the skipassource flag of the netsh command.
- You assign many IP addresses to a network adapter on the computer by using the netsh command together with the skipassource flag.
- You update some IP settings for the network adapter in the Network and Sharing Center graphical user interface (GUI). For example, you edit the subnet mask of an IP address that has the skipassource flag set to true.
- In this scenario, the skipassource flag of the IP address and of all IP addresses that are listed under that address in the GUI are cleared incorrectly.
Unfortunately, this issue also manifests itself in Windows Server 2012, though the last bullet is slightly different.
Let's run through the behaviour you will see and then what to do about it
This is our starting configuration. A simple setup with a single IPv4 address bound to one NIC.
Let's use PowerShell's New-NetIPAddress cmdlet to add an additional IP 192.168.10.121 and specify the –SkipAsSource parameter.
New-NetIPAddress –IPAddress 192.168.10.121 –InterfaceAlias "Ethernet 2" –SkipAsSource $True
Looks OK, but we shall verify…
Get-NetAdapter | Get-NetIPAddress | Select IPAddress, SkipAsSource
So far so good! Time to change it up!
Enter the GUI
To replicate the issue, let's now make a change to the IP we just added through the GUI, and change the subnet mask:
And when we check the SkipAsSource settings after saving the change in the GUI, we can see that the SkipAsSource flag has been lost for the IP address of 192.168.10.121
Interestingly enough if we add multiple additional IPs, each of which is set to SkipAsSource $True, and we only edit IP 192.168.10.121 in the GUI; only that specific IP loses it's SkipAsSource flag.
We can see this below, IPs 192.168.10.121 to .125 were added all of which have SkipAsSource set to $True.
GUI is then used to edit just 192.168.10.121, and afterwards only that IP has lost its SkipAsSource flag.
At this time to please do not edit the IP configuration of a machine where SkipAsSource is used via the GUI. PowerShell can be used to configure IPs where this feature is used. If the GUI is used the SkipAsSource will be set changed for the IP(s) that were modified.
This is an example of using Set-NetIPAddress to change the PrefixLength (Subnet Mask) to /24. Note that even through SkipAsSource was not explicitly used in the Set-NetIPAddress cmdlet, the original setting was honoured