Adding Routes on Windows Servers

I’ll preface this post by saying I HATE host routes (not often that I capitalize words so you know how serious this is…) Lets face it, sometimes you need to add one to make an old and a new environment work, testing, VPN, B2B networks, etc. etc.

Windows has a basic, but in my opinion, a somewhat lousy command tool called “route” to add host routes. In it’s most basic form and under most circumstances you can use it right out of the box without any issues.

There are, however, those times when a server has three NIC’s, you need to add routes for different subnet masks, specific hosts, etc. That’s where things can get tricky.

I recently encountered an issue where even though we added a host route, it did not work. I knew something was wrong because when I captured traffic on the firewall that was the gateway for the route, I just didn’t see anything. Here’s the scenario; I am on the subnet with as my default server gateway. I need to talk to but through a different gateway.

The first thing I did was add a one-to-one host route:

route add -p mask

Ok, so that’s it right? Nope. By default it assigns interface 1 to the route, which is the loopback interface. When I tried to ping that host I never saw the traffic.

I had to run a route print to see what my interfaces were numbered as:

C:\Users\me>route print
Interface List
 17...00 50 46 84 00 13 ......vmxnet3 Ethernet Adapter #2
 14...00 0c c9 0d d2 da ......vmxnet3 Ethernet Adapter #1
 1...........................Software Loopback Interface 1

Ok, so ethernet Adapter 1 is the one I want to use, which is interface 14, so I need to adjust my route statement.

route add -p mask if 14

Nice! My traffic works now.

Why do I think the route command is lousy? Well, because when I add a route for a /24 subnet, it works 90% of the time, but when I add a specific host (/32) route, I have to specify the interface. For example:

route add -p mask

This command normally would work without specifying any interfaces. Why? I have no idea, maybe some Microsoft employees can fill me in.

The other issue I have is the inability to ping using a different gateway. I can ping using a different IP on that host with the ping -S command, but there is no way for me to test a ping without messing about with routes until I see what I need on my firewall. I would love it if I could ping -G and use a gateway IP to send traffic. Alas, I am getting off topic…

Adding Routes on Windows Servers

WSUS Trouble?

Sometimes when I build a new server it can take a few days for it to show up in WSUS or it may not even show up at all. If I’m having trouble I use this batch file. I only use this after the group policy settings have been created and the server is sitting in that OU. 99% of the time this fixes my issues with the server showing up in the WSUS console.

reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate /v AccountDomainSid /f
reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate /v PingID /f
reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate /v SusClientId /f
gpupdate /force
@echo Triggering detection after resetting WSUS client identity
net stop wuauserv
net start wuauserv
wuauclt /resetauthorization /detectnow
WSUS Trouble?

Autodelete Files by Age



In my last post I covered how to back-up files based on age. This is a nice script to supplement it, this will auto-delete files based on their age. It’s an easy way to clean up old files from an automated task that saves files to disk. No third-party software needed!!

This example is for a Windows host, to delete a file older than 3 days.

1. Create a batch file with the following:

echo on
 rem Delete files older than 3 days
 FORFILES /P C:\Admin\Test\ /S /M 1*.bmp /D -3 /c " CMD /c del /q @FILE "

2. Modify the following flags:

/p = The path to search for the files you want to check the date of and remove
/s = Recurse subdirectories contained within the path specified using /p and check them as well
/m = The search mask to be used for the file type you want to check the date on (*.* being all files)
/d = The date to compare the files against. A standard date type can also be used (dd/mm/yyyy)
/c = The command to be used on a file that matches the /m and /d criteria
/q = Used within /c to instruct the del command to delete files quietly

3. Add the batch file to run with task scheduler based on your needs.

Autodelete Files by Age