🟠 High   ⏱ 5–30 min  Last verified: 19 May 2026
Affected versions: Windows Server 2025

πŸ“– ~3 min read

Table of contents
  1. Symptom & Impact
  2. Environment & Reproduction
  3. Root Cause Analysis
  4. Quick Triage
  5. Step-by-Step Diagnosis
  6. Solution β€” Primary Fix
  7. Solution β€” Alternative Approaches
  8. Verification & Acceptance Criteria
  9. Rollback Plan
  10. Prevention & Hardening
  11. Related Errors & Cross-Refs
  12. References & Further Reading

Symptom & Impact

Windows Server 2025 experiences intermittent network connection drops that are difficult to reproduce β€” connections drop seemingly at random, TCP sessions time out mid-transfer, and some services appear to connect but receive no response. The root cause is asymmetric routing: outbound packets leave via one network interface while return traffic arrives on a different interface, and Windows drops the returning packets because they do not match any connection tracking state on the interface they arrived on. This is particularly common on servers with multiple NICs used for different purposes (management, data, storage, cluster heartbeat) where gateway configuration is imprecise.

Environment & Reproduction

Affects Windows Server 2025 with two or more network adapters that have default gateways configured on multiple adapters simultaneously. Also common in Hyper-V hosts with both a physical NIC and a virtual switch adapter having default routes, and in failover cluster configurations where multiple adapters have gateways.

# Check for multiple default gateways
Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Select InterfaceAlias,NextHop,RouteMetric
Route print | Select-String '0.0.0.0'
ipconfig /all | Select-String 'Gateway'

Root Cause Analysis

Windows uses the routing table to determine which interface to send traffic from. When two interfaces both have a default gateway (0.0.0.0/0 route), Windows selects based on interface metric. However, the remote server always sends return packets to the source IP it sees β€” which may be from the interface that sent the request. If the response arrives on a different interface (different gateway, different routing path), Windows’s TCP stack on the original interface has no knowledge of the connection and drops or resets it. This is asymmetric routing and is fundamentally incompatible with stateful TCP.

Quick Triage

Confirm multiple default gateways exist on the server before proceeding with tracert analysis.

# Quick check for routing asymmetry
Get-NetRoute -DestinationPrefix '0.0.0.0/0'
# More than one result = potential asymmetric routing
ipconfig /all | findstr /i 'Default Gateway'
# Test: tracert from server to a remote host
# Does each hop appear consistent or do you see different paths?

Step-by-Step Diagnosis

Confirm multiple default gateways. Use tracert to a test destination from each interface to confirm asymmetry. Use Wireshark or Windows packet capture to observe if SYN-ACK packets arrive on an interface that did not send the SYN.

Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Select InterfaceAlias,NextHop,RouteMetric,ifIndex
# Test connectivity per interface
Test-NetConnection -ComputerName 8.8.8.8 -InformationLevel Detailed
# Check ARP table for gateway resolution
arp -a
Illustrative mockup for windows-server-2025 β€” network_config
Route table showing multiple default gateways β€” Illustrative mockup β€” Progressive Robot

Solution β€” Primary Fix

Remove default gateways from all interfaces except the primary data NIC. For management and storage NICs, add only specific host routes or network routes, never a default route.

Still having issues? Our Network Design team can diagnose and resolve this for you. Get in touch for a free consultation.

# Remove default gateway from secondary adapters
# First, identify which interfaces have unwanted gateways
Get-NetIPConfiguration | Select InterfaceAlias,IPv4DefaultGateway

# Remove gateway from management NIC (replace 'Management' with actual alias)
$nic = 'Management'
Remove-NetRoute -InterfaceAlias $nic -DestinationPrefix '0.0.0.0/0' -Confirm:$false

# Add specific routes for management network only
New-NetRoute -InterfaceAlias $nic -DestinationPrefix '10.10.0.0/24' -NextHop '10.10.0.1'

# Verify only one default route remains
Get-NetRoute -DestinationPrefix '0.0.0.0/0'
Illustrative mockup for windows-server-2025 β€” terminal_or_powershell
netstat showing half-open connections β€” Illustrative mockup β€” Progressive Robot

Solution β€” Alternative Approaches

Alternative 1: Configure weak host send/receive model for specific interfaces using netsh, allowing the OS to use any interface for packets matching any local IP β€” but this has security implications. Alternative 2: Implement policy-based routing (PBR) using Windows route metrics and source address-based routing with multiple routing tables via the ‘route add’ command with interface specification.

# Policy-based routing: force interface for specific source IP
route add 0.0.0.0 mask 0.0.0.0  metric 1 if 
route add 10.20.0.0 mask 255.255.0.0  if

Verification & Acceptance Criteria

Connection drops cease. Tracert shows consistent routing path. TCP sessions (RDP, SMB, SQL) remain stable under load. Wireshark capture shows SYN and SYN-ACK on the same interface.

# Verify single default route
Get-NetRoute -DestinationPrefix '0.0.0.0/0'
# Test long-running connection stability
Test-NetConnection -ComputerName fileserver.corp.local -Port 445 -InformationLevel Detailed
# Monitor for drops
Get-NetAdapterStatistics | Select Name,ReceivedDiscardedPackets,OutboundDiscardedPackets

Rollback Plan

To restore removed routes: `New-NetRoute -InterfaceAlias ‘Management’ -DestinationPrefix ‘0.0.0.0/0’ -NextHop ”`. Document all route changes before making them. Use `route print` output as baseline documentation.

# Restore default route
New-NetRoute -InterfaceAlias 'Management' -DestinationPrefix '0.0.0.0/0' -NextHop '10.10.0.254' -RouteMetric 100

Prevention & Hardening

Server network design best practice: only the primary data NIC should have a default gateway. All other NICs should have only specific subnet routes for their intended function (management subnet, storage subnet, heartbeat subnet). Document and enforce this in your server build runbook. Use NIC teaming for redundancy on the primary NIC rather than multiple independent NICs with gateways.

# Document and enforce with DSC
# Validate: only one default route
$defaultRoutes = Get-NetRoute -DestinationPrefix '0.0.0.0/0'
if ($defaultRoutes.Count -gt 1) { throw 'Multiple default gateways detected β€” check NIC configuration' }

Related: Intermittent SMB share disconnects (symptom of asymmetric routing, especially in Hyper-V cluster networks), TCP RST storms in Wireshark capture (signature of asymmetric routing), iSCSI connection drops causing disk offline events (most commonly asymmetric routing on storage NICs).

Related tutorial: View the step-by-step tutorial for Windows Server 2025.

View all Windows Server 2025 tutorials on the Tutorials Hub β†’

Browse all common problems & solutions on the Tutorials Hub.

References & Further Reading

Microsoft documentation: ‘IP routing’ at learn.microsoft.com. RFC 1812 (Router requirements, covers asymmetric routing impact). NIC teaming guide for Windows Server at learn.microsoft.com. Wireshark TCP analysis documentation at wireshark.org/docs.

Need Expert Help?

If you cannot resolve this yourself, our team offers hands-on Server Management, Managed IT Services, and flexible Support Plans. Contact us today β€” we respond within one business day.