Client Loses Domain Controller Connection with Multiple NICs on Seperate Networks

Posted on 2010-01-02
Last Modified: 2013-11-21

I have a machine on our network running Windows Server 2008 R2 (client). The machine serves as RD Gateway and backup file server. The network Active Directory domain controller is a separate machine also running Windows Server 2008 R2 (server).

The client is connected to the server via it's primary NIC and a single ethernet switch. Both are on the same subnet and when only the client's primary NIC is used, can connect to each other and authenticate AD objects without a problem. Connection to the internet from the internal network is via a single NAT gateway connected between the internal switch and a public network. RD Gateway traffic is port forwarded through this gateway to the client. This all functions as expected.

I would like, however, to connect the client machine directly to the public internet via a separate NIC. This would allow me to handle the incoming RD gateway connections without having to route extra traffic through our the internal network via the NAT gateway or do any port forwarding.

Whenever I connect the client's second NIC directly to the public network (internet), however, the machine loses it's ability to authenticate to the AD server. It's as though it's trying to lookup the AD server on the internet instead of on the local network where it resides. The local network and internet are on completely different subnets, so there should be no confusion. The domain name (xyz.local) is not even resolvable on the public internet. When I open the Network and Sharing center, it recognizes two connection, one domain connection to xyz.local and one public connection to the internet. Disconnecting the direct connection (or disabling the second NIC) resolves the problem at the expense of a direct connection.

How do I get the client to continue to authenticate to and communicate with the AD server on the local domain network via the primary NIC while still allowing it a separate direct connection to the internet via a secondary NIC?

Any ideas would be appreciated.

Question by:adroid
    LVL 70

    Expert Comment

    by:Chris Dent

    Hi Andy,

    Does your public NIC end up with DNS servers configured? You should remove them or override them (by manually setting DNS servers if it's using DHCP) so they either match the DNS servers used by the internal NIC, or are blank.

    I guess your existing DNS servers are also on the same subnet as its internal NIC? Which would rule out the need for static routes to deal with internal traffic?


    Author Comment

    Hi Chris,

    The public NIC is currently being configured via DHCP and thus has acquired it's own set of DNS servers. You are correct in assuming the internal/local NIC has it's own static address and points to an internal DNS server (the AD server). I will try clearing the public DNS config and getting back to you.

    LVL 70

    Accepted Solution


    Makes a lot of sense. If you can override those (and you should be able to) it should clear up the problem. Good luck!


    Author Comment

    I set the external NIC to a static IP address and used the internal DNS host and gateway. This seems to have cleared up the problem and insures that all outgoing traffic initiated form the server travels over the internal network and through our gateway while still allowing direct external connections from the internet.


    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Threat Intelligence Starter Resources

    Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

    Suggested Solutions

    Title # Comments Views Activity
    ntp settings vcenter 4 45
    active directory 6 40
    scripting, exchange 35 25
    Microsoft Remote app to an application server slow 3 12
    This article is a step by step guide on how to create a basic PTP link using Ubiquiti airOS devices. This guide can be used on the following Ubiquiti AirMAX devices. Nanostation, Bullets, AirBridge, Nanobeam, NanoBridge to name a few. Please review …
    Introduction This article explores the design of a cache system that can improve the performance of a web site or web application.  The assumption is that the web site has many more “read” operations than “write” operations (this is commonly the ca…
    This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

    737 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    17 Experts available now in Live!

    Get 1:1 Help Now