Solved

multi-homed domain controller help!!

Posted on 2010-08-26
16
383 Views
Last Modified: 2013-11-09
I am trying to determine the purpose for a multi-homed domain controller in our environment.

When I pull up the status of the two NIC's i see send/receive packets being transferred on both NIC's.

Is there any way to determine what exactly is going on. I've had reports of weird DNS issues and DHCP issues after disabling the second NIC but I can't grasp how these server features can be bound to one NIC or another.

Can anyone help ?
0
Comment
Question by:dirkdigs
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 5
  • 5
16 Comments
 
LVL 20

Expert Comment

by:woolnoir
ID: 33535744
Are the adaptors teamed ? are they on different networks (check the IP's), different VLANs (check the NIC properties ) - dual homing can caused issues, but it suggests that DHCP or DNS issues by disabling a NIC could effect a group of users if the cards are on separate networks.

Might be worth pasting the addressing information.
0
 
LVL 17

Expert Comment

by:Kvistofta
ID: 33535747
As a general rule of thumb you should make sure that multi-homed windows-computers are NOT configured with more than one default gateway. Verify this. Also make sure that your routing table is correct. run "route print" and have a look at it or post it here and describe your network settings.

/Kvistofta
0
 

Author Comment

by:dirkdigs
ID: 33535770
Windows IP Configuration



   Host Name . . . . . . . . . . . . : VANDCD301

   Primary Dns Suffix  . . . . . . . : PAC.AZA.NET

   Node Type . . . . . . . . . . . . : Unknown

   IP Routing Enabled. . . . . . . . : No

   WINS Proxy Enabled. . . . . . . . : No

   DNS Suffix Search List. . . . . . : PAC.AZA.NET

                                       AZA.NET



Ethernet adapter Local Area Connection:



   Connection-specific DNS Suffix  . :

   Description . . . . . . . . . . . : Broadcom BCM5708C NetXtreme II GigE (NDIS VBD Client)

   Physical Address. . . . . . . . . : 00-1C-23-D4-41-F8

   DHCP Enabled. . . . . . . . . . . : No

   IP Address. . . . . . . . . . . . : 172.20.0.126

   Subnet Mask . . . . . . . . . . . : 255.255.255.0

   Default Gateway . . . . . . . . . : 172.20.0.2

   DNS Servers . . . . . . . . . . . : 172.20.0.20

                                       172.20.0.26



Ethernet adapter Local Area Connection 2:



   Connection-specific DNS Suffix  . :

   Description . . . . . . . . . . . : Broadcom BCM5708C NetXtreme II GigE (NDIS VBD Client) #2

   Physical Address. . . . . . . . . : 00-1C-23-D4-41-FA

   DHCP Enabled. . . . . . . . . . . : No

   IP Address. . . . . . . . . . . . : 172.20.0.20

   Subnet Mask . . . . . . . . . . . : 255.255.255.0

   Default Gateway . . . . . . . . . : 172.20.0.2

   DNS Servers . . . . . . . . . . . : 172.20.0.20

                                       172.20.0.26
0
Secure Your WordPress Site: 5 Essential Approaches

WordPress is the web's most popular CMS, but its dominance also makes it a target for attackers. Our eBook will show you how to:

Prevent costly exploits of core and plugin vulnerabilities
Repel automated attacks
Lock down your dashboard, secure your code, and protect your users

 

Author Comment

by:dirkdigs
ID: 33535781
FYI the IP 172.20.0.26 (secondary DNS) is a backup DC.
0
 
LVL 17

Expert Comment

by:Kvistofta
ID: 33535800
Hou shouldnt have 2 nic:s in the same ip subnet, that is what is giving you trouble. If you need multiple ip addresses put them on the same nic and disable the other nic.

/Kvistofta
0
 
LVL 20

Expert Comment

by:woolnoir
ID: 33535882
Agreed with kvisrofa , dont see any logic in that setup. Move one IP to the other NIC and make it a single NIC server.
0
 

Author Comment

by:dirkdigs
ID: 33535905
is there any way to determine what exactly that second ip is for ? or do i basically just disable it and see what breaks .
0
 
LVL 17

Expert Comment

by:Kvistofta
ID: 33535973
You might find in applications like IIS that a service can be bound to a specific ip address. If you want to not break anything, do as I said above and put the ip from the disabled nic onto the still running nic. Windows can (could earlier at least) have multiple ip addreses on the same nic. Then you probably wont brake anything.

/Kvistofta
0
 

Author Comment

by:dirkdigs
ID: 33535998
this server is FILE, DC, DNS and DHCP only.
0
 
LVL 20

Expert Comment

by:woolnoir
ID: 33536088
i would check the DNS server and WINS (if you have it) for entries for your file server, check with IP they refer to and which NIC coresponds... hopfully it will be just one, and you can remove the other.
0
 
LVL 17

Expert Comment

by:Kvistofta
ID: 33536471
It wouldnt harm at all to have multiple ip:s on the same NIC.

/Kvistofta
0
 

Author Comment

by:dirkdigs
ID: 33545720
i think i figured out what this was setup for.

there are 2 sites. one in city a one in city b.

the site in city b had a dhcp scope set in regards to dns to resolve secondary dns to the second NIC of the dns server in city a.

i guess the second nic in city a was serving secondary dns requests for city b.

does this make sens? what do you guys think about it?

i still think i am going to get rid of it.
0
 
LVL 17

Accepted Solution

by:
Kvistofta earned 500 total points
ID: 33545875
Get rid of the NIC. Move the ip to the other nic if necessary.

/Kvistofta
0
 
LVL 20

Expert Comment

by:woolnoir
ID: 33548659
I agree with how the guy set it up in theory, i.e a secondary server for a remote site but having the server with two NICs seems like a waste. Its fine to have serverA running a secondary DHCP and DNS for city B.. but theres no need to confuse matters with a second nic. You can either migrate the NIC accross or maybe its time for a full re-evaluation how you do things. If all sites are on DHCP then then altering the DHCP servers should be easy :)

I'm assuming you have ip helpers on the local switches to allow DHCP broadcast helpers ? if you have cisco switches look for a 'ip helper-address' command in the VLAN or LAN config on the remote switches... you can simply change that to point at the primary IP on the server... there are ways to remove the need for the dual IP's.
0
 

Author Comment

by:dirkdigs
ID: 33549741
we are using sonicwall's.
0
 
LVL 20

Expert Comment

by:woolnoir
ID: 33549752
http://help.mysonicwall.com/sw/eng/705/ui2/23100/Network/IP_Helper.htm

this link should inform about IP HELPERS - you will probably find that the remote network has a IP HELPER for DHCP, pointing at one of the NIC addresses of the multihomed server, if you can find this you can alter it to the primary address and remove the need for the secondary... in theory :)
0

Featured Post

Online Training Solution

Drastically shorten your training time with WalkMe's advanced online training solution that Guides your trainees to action. Forget about retraining and skyrocket knowledge retention rates.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
When it comes to security, there are always trade-offs between security and convenience/ease of administration. This article examines some of the main pros and cons of using key authentication vs password authentication for hosting an SFTP server.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question