Hello! I have two Windows 2008 R2 servers in different physical location, connected via VPN (currently PPTP) over ADSL. The "caller" server is Forefront TMG configured via Site-to-Site snap-in to call RRAS (VPN+NAT). I also added persistent static route for RRAS, while Forefront adds them automatically. There is no problem with them, until the connection is temporarily dropped for some reason. When the connection is dropped AFAIK the "dead gateway detection" mechanism kills my static route and RRAS tries to route private network addresses via real default gateway intended for internet connection. Is there any way to force RRAS to route private network via correct gateway or interface? p.s. Googled a lot prior to posting, no luck.Valeriy Shevtsov, MCT

Plenty of time I was dancing with the tambourine, but luckily some automatic solution was found. Well, it's a crutch, but it works as expected. Enable full logging in RRAS properties (not debug logging, just "log all events"). Initiate a connection to RRAS and wait for the Event ID 20274 (http://technet.microsoft.com/en-us/library/dd315916(WS.10).aspx) OR import the following code as Event Viewer Task <?xml version="1.0" encoding="UTF-16"?> <Task version="1.3" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task"> <RegistrationInfo> <Date>2010-06-04T01:59:23.6381579</Date> <Author>DOMAIN\Administrator</Author> </RegistrationInfo> <Triggers> <EventTrigger> <Enabled>true</Enabled> <Subscription>&lt;QueryList&gt;&lt;Query Id="0" Path="System"&gt;&lt;Select Path="System"&gt;*[System[Provider[@Name='RemoteAccess'] and EventID=20274]]&lt;/Select&gt;&lt;/Query&gt;&lt;/QueryList&gt;</Subscription> </EventTrigger> </Triggers> <Principals> <Principal id="Author"> <UserId>DOMAIN\Administrator</UserId> <LogonType>Password</LogonType> <RunLevel>LeastPrivilege</RunLevel> </Principal> </Principals> <Settings> <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy> <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries> <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries> <AllowHardTerminate>true</AllowHardTerminate> <StartWhenAvailable>false</StartWhenAvailable> <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable> <IdleSettings> <StopOnIdleEnd>true</StopOnIdleEnd> <RestartOnIdle>false</RestartOnIdle> </IdleSettings> <AllowStartOnDemand>true</AllowStartOnDemand> <Enabled>true</Enabled> <Hidden>false</Hidden> <RunOnlyIfIdle>false</RunOnlyIfIdle> <DisallowStartOnRemoteAppSession>false</DisallowStartOnRemoteAppSession> <UseUnifiedSchedulingEngine>false</UseUnifiedSchedulingEngine> <WakeToRun>false</WakeToRun> <ExecutionTimeLimit>PT1H</ExecutionTimeLimit> <Priority>7</Priority> </Settings> <Actions Context="Author"> <Exec> <Command>D:\tools\route_add.bat</Command> <WorkingDirectory>D:\tools\</WorkingDirectory> </Exec> </Actions> </Task> The route_add.bat obviously adds new route by following code: route delete 192.168.1.0 route -p add 192.168.1.0 MASK 255.255.255.0 192.168.0.101 metric 1 192.168.1.0 - VPN client (=Forefront TMG server) network 192.168.0.101 - VPN client IP 192.168.0.100 - RRAS server IP Now when a VPN connection is initiated the task is triggered by event and the RRAS has proper route to VPN client network. Valeriy Shevtsov, MCT

Just to add, 2008 machine is capable of fall-back for DGD. Meaning, it will use the low metric gateway again once it is successfully able to communicate thru it. Its an automated process. Also, if the gateway is dead, I cannot think of any use to keep the routes to go thru it. You can also disable dead gateway detection from registry TCPIP/Parameters Regards, Amit Saxena