[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1040
  • Last Modified:

Client Loses Domain Controller Connection with Multiple NICs on Seperate Networks

Hello,

I have a machine on our network running Windows Server 2008 R2 (client). The machine serves as RD Gateway and backup file server. The network Active Directory domain controller is a separate machine also running Windows Server 2008 R2 (server).

The client is connected to the server via it's primary NIC and a single ethernet switch. Both are on the same subnet and when only the client's primary NIC is used, can connect to each other and authenticate AD objects without a problem. Connection to the internet from the internal network is via a single NAT gateway connected between the internal switch and a public network. RD Gateway traffic is port forwarded through this gateway to the client. This all functions as expected.

I would like, however, to connect the client machine directly to the public internet via a separate NIC. This would allow me to handle the incoming RD gateway connections without having to route extra traffic through our the internal network via the NAT gateway or do any port forwarding.

Whenever I connect the client's second NIC directly to the public network (internet), however, the machine loses it's ability to authenticate to the AD server. It's as though it's trying to lookup the AD server on the internet instead of on the local network where it resides. The local network and internet are on completely different subnets, so there should be no confusion. The domain name (xyz.local) is not even resolvable on the public internet. When I open the Network and Sharing center, it recognizes two connection, one domain connection to xyz.local and one public connection to the internet. Disconnecting the direct connection (or disabling the second NIC) resolves the problem at the expense of a direct connection.

How do I get the client to continue to authenticate to and communicate with the AD server on the local domain network via the primary NIC while still allowing it a separate direct connection to the internet via a secondary NIC?

Any ideas would be appreciated.

Thanks,
Andy
0
adroid
Asked:
adroid
  • 2
  • 2
1 Solution
 
Chris DentPowerShell DeveloperCommented:

Hi Andy,

Does your public NIC end up with DNS servers configured? You should remove them or override them (by manually setting DNS servers if it's using DHCP) so they either match the DNS servers used by the internal NIC, or are blank.

I guess your existing DNS servers are also on the same subnet as its internal NIC? Which would rule out the need for static routes to deal with internal traffic?

Chris
0
 
adroidAuthor Commented:
Hi Chris,

The public NIC is currently being configured via DHCP and thus has acquired it's own set of DNS servers. You are correct in assuming the internal/local NIC has it's own static address and points to an internal DNS server (the AD server). I will try clearing the public DNS config and getting back to you.

Thanks,
Andy
0
 
Chris DentPowerShell DeveloperCommented:

Makes a lot of sense. If you can override those (and you should be able to) it should clear up the problem. Good luck!

Chris
0
 
adroidAuthor Commented:
I set the external NIC to a static IP address and used the internal DNS host and gateway. This seems to have cleared up the problem and insures that all outgoing traffic initiated form the server travels over the internal network and through our gateway while still allowing direct external connections from the internet.

Thanks!
0

Featured Post

Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now