[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1413
  • Last Modified:

NLB, DNS, DFS and Active Directory ... in the same box

Hi friends.

I have some weird need (It just came to me, not my choice). The customer want to set up two web servers with the following components in each box:

Windows 2003 Server Standard
Active Directory
DNS Server
NLB (Network Load Balancing)
DFS

Well, we need a DFS to replicate files from one "sites" folder between the two computers. To use DFS replication, we need a domain root and, hence, an Active Directory in place. This setup works just fine until I setup NLB. When NLB enters, Domain Controllers just get crazy and cant find each other. After that, DFS stops working too. It seem like the NLB setup is messing up with my DNS. When that happens, AD and DFS stop working. I tried unicast and multicast mode, with no luck.

Is it possible to have AD and NLB in the same box and in peace?

Also, is it possible to force the DFS replication to a dedicated network card (card2 with a cross cable) and keeping the web traffic on the mail network card (card1)?
0
Renato Montenegro Rustici
Asked:
Renato Montenegro Rustici
  • 5
  • 2
  • 2
1 Solution
 
mhequipitCommented:
You could just have the machines in the same workgroup and have a scheduled event to copy files, or setup an automatic FTP.  Would be a lot easier to administer, plus you should never run your DNS and web server on the same box.
0
 
Renato Montenegro RusticiIT SpecialistAuthor Commented:
1) The files must be replicate just in time. Thats why I need the replication service. The custumer really need this files in sync. The NLB will balance users among the two machines, so files must be up to date all the time.

2) This DNS server isnt the public DNS. Its set up just for the AD. We really dont need it. AD needs.
0
 
Renato Montenegro RusticiIT SpecialistAuthor Commented:
I my point of view, AD will not work with NLB (it doesnt seem to make sense), but I havent found that reference in any document. Im trying alternatives here, but I want to know if someone knows for sure (and point me that) that AD and NLB cant live together.
0
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

 
mhequipitCommented:
What about just using shadow copy?
0
 
LauraEHunterMVPCommented:
Multi-homed DCs are a bad idea even before you bring NLB into the equation.  I'm not finding a Microsoft URL to back me up, but I promise you that DCs cannot be Network Load Balanced - they're far too heavily reliant on stateful transactions.

Stand up a third box to act as your domain controller if DFS-R is that much of a need.  AD + IIS on the same box == "hacker's paradise."
0
 
Renato Montenegro RusticiIT SpecialistAuthor Commented:
Laura,

Glad to have you here.

This nightmare is even worst. They will use Apache and MySQL (Apache and MySQL? Why not use Linux then?). Well, I dont care about that. My work is just to put the file replication and NLB to work. I hope you can point me some document that says not to place the AD and NLB together. Maybe it doesnt exist just because this scenario doesnt make sense. But, you know ... they love to sell this kind of weird setup to poor little customers.

mhequipit: I dont think shadow copy can help here.
0
 
LauraEHunterMVPCommented:
I'll see if I can find an official document on it, but I'm afraid it might be one of those "I know this is a bad idea but I can't prove it" kinds of things.
0
 
Renato Montenegro RusticiIT SpecialistAuthor Commented:
I have a friend that swears it works. Im trying to connect to the machine to see if it really works. I will get back in a couple of minutes.
0
 
Renato Montenegro RusticiIT SpecialistAuthor Commented:
Hi pals. Sorry, but I couldnt find my friend yesterday, so I went to my vmware and tried some other options.

In fact, it does works. Well, AD cant share a nic with NLB, but you can have one nic for the AD and DFS services and a second nic for the NLB service. That fixed both problems. Now, the file replication traffic is segregated to the dedicated AD/DFS gigabit nic and the public web access is segregated to the NLB nic. I blocked all DNS registration the the public web nic, so the DNSs always points to the gigabit cross link.

Well, even though I solved the problem by myself, Laura is right. It isnt a nice idea to use NLB and AD in the same box. That is specially true when you have just one nic. So, Im giving her my points.

Thanks a lot.
0

Featured Post

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

  • 5
  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now