How to set a Primary IP address on Windows Server 2012

By John Biswell on 12th June, 2013.

Setting the Primary IP

This article details how to set a primary IP address on windows Server 2012 (as well as Windows Server 2008 R2 and Windows 7). The primary IP address is the IP address windows uses as the source address for outbound traffic.

Background Scenario

Often our customers need to ensure that outgoing communications from a server that has more than a single public IPv4 address assigned to the publicly accessible network card to come from a certain IP address. For example sometimes they need to communicate with web services or indeed with external databases and the far end of the connection needs to put allow a certain IP through their firewall. This is especially important if they can only specify a single IP address.

How it used to work…

Back in the days of Windows 2000 & 2003 setting the primary IP (the IP used by the server for outgoing communications) was as simple as ensuring that it was the first one assigned to the interface in the control panel networking applet but since Windows 2008 R2 this has changed.

The Problem

  • Windows now selects the IP address based on the following behaviour:
  • Prefer same address: If the destination IP address is the same as one of the source IP addresses, use that same address.
  • Prefer outgoing interface: Prefer an IP address on the interface that sends the packet.
  • Use longest matching prefix with the next hop IP address: Use a source IP address together with the longest high order bit match to the next hop IP address.
  • Use longest matching prefix with the destination IP address: Use source IP with longest high order bit match to destination IP address.

In a nutshell this often means that Windows selects the lowest IP address for the source IP. For more information on IPv4 source address selection see this Knowledge base article:

The Solution

In many cases you don’t need to worry about which IPv4 address Windows is selecting as source but if you do there is unfortunately no GUI based checkbox next to the IP to say “Use this as Source” or “Don’t use this as source”. To force Windows to use a specific IP address you will need to manually remove all the IP addresses on the server, then add each one again with… netsh int ipv4 add address skipassource=true

For example to ensure that is selected as the source use…

<netsh int ipv4 add address "WAN">
<netsh int ipv4 add address "WAN" skipassource=true>
<netsh int ipv4 add address "WAN" skipassource=true>
<netsh int ipv4 add address "WAN" skipassource=true>

You should now have set as the primary IP address for your server.

Important note: If you are using the public IP address to communicate with your server then be careful not to remove the IP address you are using. If possible use a DRAC or other remote access connection. With any Secura Hosting Ltd dedicated or cloud server there are always other ways to access a server rather than using RDP via the public network.

For Windows 2008 R2

For Windows 2008 R2 (and Windows 7) Microsoft released a hotfix which may need applying… You will need to apply the hotfix, remove the additional IP addresses and add them back as detailed above.

John Biswell

Operations Director

John is Operations Director at Secura and a Windows Server expert. Before all things IIS related, he was also a champion powerlifter.

Tweet me at: