We help IT Professionals succeed at work.

NLB, DNS, DFS and Active Directory ... in the same box

1,468 Views
Last Modified: 2008-05-31
Hi friends.

I have some weird need (It just came to me, not my choice). The customer want to set up two web servers with the following components in each box:

Windows 2003 Server Standard
Active Directory
DNS Server
NLB (Network Load Balancing)
DFS

Well, we need a DFS to replicate files from one "sites" folder between the two computers. To use DFS replication, we need a domain root and, hence, an Active Directory in place. This setup works just fine until I setup NLB. When NLB enters, Domain Controllers just get crazy and cant find each other. After that, DFS stops working too. It seem like the NLB setup is messing up with my DNS. When that happens, AD and DFS stop working. I tried unicast and multicast mode, with no luck.

Is it possible to have AD and NLB in the same box and in peace?

Also, is it possible to force the DFS replication to a dedicated network card (card2 with a cross cable) and keeping the web traffic on the mail network card (card1)?
Comment
Watch Question

mhequipitMH IT Dept

Commented:
You could just have the machines in the same workgroup and have a scheduled event to copy files, or setup an automatic FTP.  Would be a lot easier to administer, plus you should never run your DNS and web server on the same box.

Author

Commented:
1) The files must be replicate just in time. Thats why I need the replication service. The custumer really need this files in sync. The NLB will balance users among the two machines, so files must be up to date all the time.

2) This DNS server isnt the public DNS. Its set up just for the AD. We really dont need it. AD needs.

Author

Commented:
I my point of view, AD will not work with NLB (it doesnt seem to make sense), but I havent found that reference in any document. Im trying alternatives here, but I want to know if someone knows for sure (and point me that) that AD and NLB cant live together.
mhequipitMH IT Dept

Commented:
What about just using shadow copy?
Multi-homed DCs are a bad idea even before you bring NLB into the equation.  I'm not finding a Microsoft URL to back me up, but I promise you that DCs cannot be Network Load Balanced - they're far too heavily reliant on stateful transactions.

Stand up a third box to act as your domain controller if DFS-R is that much of a need.  AD + IIS on the same box == "hacker's paradise."

Author

Commented:
Laura,

Glad to have you here.

This nightmare is even worst. They will use Apache and MySQL (Apache and MySQL? Why not use Linux then?). Well, I dont care about that. My work is just to put the file replication and NLB to work. I hope you can point me some document that says not to place the AD and NLB together. Maybe it doesnt exist just because this scenario doesnt make sense. But, you know ... they love to sell this kind of weird setup to poor little customers.

mhequipit: I dont think shadow copy can help here.
Unlock this solution and get a sample of our free trial.
(No credit card required)
UNLOCK SOLUTION

Author

Commented:
I have a friend that swears it works. Im trying to connect to the machine to see if it really works. I will get back in a couple of minutes.

Author

Commented:
Hi pals. Sorry, but I couldnt find my friend yesterday, so I went to my vmware and tried some other options.

In fact, it does works. Well, AD cant share a nic with NLB, but you can have one nic for the AD and DFS services and a second nic for the NLB service. That fixed both problems. Now, the file replication traffic is segregated to the dedicated AD/DFS gigabit nic and the public web access is segregated to the NLB nic. I blocked all DNS registration the the public web nic, so the DNSs always points to the gigabit cross link.

Well, even though I solved the problem by myself, Laura is right. It isnt a nice idea to use NLB and AD in the same box. That is specially true when you have just one nic. So, Im giving her my points.

Thanks a lot.
Unlock the solution to this question.
Thanks for using Experts Exchange.

Please provide your email to receive a sample view!

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.