On our windows 2003 domain, with XP clients, we have started seeing routes appearing in the routing tables on both the servers and the clients. The route is a /32 for another computer on the domain. The route gets added when one windows computer connects to another computer and needs to authenticate.

For example, if computer A with ip 10.0.1.5/24 browses the c: drive of computer B with ip 10.0.2.5/24, a static route will get added on computer B like so:

dest     netmask         gateway  interface
10.0.1.5 255.255.255.255 10.0.2.1 10.0.2.5 

This also happens on windows authenticated SQL server connections. It does not happen when computers A and B are on the same subnet.

None of the servers have RIP or any other routing protocols enabled, and there are no batch files etc setting routes automatically.

There is another windows domain that we manage with a near identical configuration that is not exhibiting this behaviour. The only difference with this domain is that it is not up to date with its patches.

Is this meant to be happening? Has anyone else seen this? Why is it needed when I have perfectly good default gateways set on all the computers on the domain?!