Solved

multi-homed domain controller help!!

Posted on 2010-08-26
16
373 Views
Last Modified: 2013-11-09
I am trying to determine the purpose for a multi-homed domain controller in our environment.

When I pull up the status of the two NIC's i see send/receive packets being transferred on both NIC's.

Is there any way to determine what exactly is going on. I've had reports of weird DNS issues and DHCP issues after disabling the second NIC but I can't grasp how these server features can be bound to one NIC or another.

Can anyone help ?
0
Comment
Question by:dirkdigs
  • 6
  • 5
  • 5
16 Comments
 
LVL 20

Expert Comment

by:woolnoir
ID: 33535744
Are the adaptors teamed ? are they on different networks (check the IP's), different VLANs (check the NIC properties ) - dual homing can caused issues, but it suggests that DHCP or DNS issues by disabling a NIC could effect a group of users if the cards are on separate networks.

Might be worth pasting the addressing information.
0
 
LVL 17

Expert Comment

by:Kvistofta
ID: 33535747
As a general rule of thumb you should make sure that multi-homed windows-computers are NOT configured with more than one default gateway. Verify this. Also make sure that your routing table is correct. run "route print" and have a look at it or post it here and describe your network settings.

/Kvistofta
0
 

Author Comment

by:dirkdigs
ID: 33535770
Windows IP Configuration



   Host Name . . . . . . . . . . . . : VANDCD301

   Primary Dns Suffix  . . . . . . . : PAC.AZA.NET

   Node Type . . . . . . . . . . . . : Unknown

   IP Routing Enabled. . . . . . . . : No

   WINS Proxy Enabled. . . . . . . . : No

   DNS Suffix Search List. . . . . . : PAC.AZA.NET

                                       AZA.NET



Ethernet adapter Local Area Connection:



   Connection-specific DNS Suffix  . :

   Description . . . . . . . . . . . : Broadcom BCM5708C NetXtreme II GigE (NDIS VBD Client)

   Physical Address. . . . . . . . . : 00-1C-23-D4-41-F8

   DHCP Enabled. . . . . . . . . . . : No

   IP Address. . . . . . . . . . . . : 172.20.0.126

   Subnet Mask . . . . . . . . . . . : 255.255.255.0

   Default Gateway . . . . . . . . . : 172.20.0.2

   DNS Servers . . . . . . . . . . . : 172.20.0.20

                                       172.20.0.26



Ethernet adapter Local Area Connection 2:



   Connection-specific DNS Suffix  . :

   Description . . . . . . . . . . . : Broadcom BCM5708C NetXtreme II GigE (NDIS VBD Client) #2

   Physical Address. . . . . . . . . : 00-1C-23-D4-41-FA

   DHCP Enabled. . . . . . . . . . . : No

   IP Address. . . . . . . . . . . . : 172.20.0.20

   Subnet Mask . . . . . . . . . . . : 255.255.255.0

   Default Gateway . . . . . . . . . : 172.20.0.2

   DNS Servers . . . . . . . . . . . : 172.20.0.20

                                       172.20.0.26
0
 

Author Comment

by:dirkdigs
ID: 33535781
FYI the IP 172.20.0.26 (secondary DNS) is a backup DC.
0
 
LVL 17

Expert Comment

by:Kvistofta
ID: 33535800
Hou shouldnt have 2 nic:s in the same ip subnet, that is what is giving you trouble. If you need multiple ip addresses put them on the same nic and disable the other nic.

/Kvistofta
0
 
LVL 20

Expert Comment

by:woolnoir
ID: 33535882
Agreed with kvisrofa , dont see any logic in that setup. Move one IP to the other NIC and make it a single NIC server.
0
 

Author Comment

by:dirkdigs
ID: 33535905
is there any way to determine what exactly that second ip is for ? or do i basically just disable it and see what breaks .
0
 
LVL 17

Expert Comment

by:Kvistofta
ID: 33535973
You might find in applications like IIS that a service can be bound to a specific ip address. If you want to not break anything, do as I said above and put the ip from the disabled nic onto the still running nic. Windows can (could earlier at least) have multiple ip addreses on the same nic. Then you probably wont brake anything.

/Kvistofta
0
Free camera licenses with purchase of My Cloud NAS

Milestone Arcus software is compatible with thousands of industry-leading cameras for added flexibility. Upon installation on your My Cloud NAS, you will receive two (2) camera licenses already enabled in the software. And for a limited time, get additional camera licenses FREE.

 

Author Comment

by:dirkdigs
ID: 33535998
this server is FILE, DC, DNS and DHCP only.
0
 
LVL 20

Expert Comment

by:woolnoir
ID: 33536088
i would check the DNS server and WINS (if you have it) for entries for your file server, check with IP they refer to and which NIC coresponds... hopfully it will be just one, and you can remove the other.
0
 
LVL 17

Expert Comment

by:Kvistofta
ID: 33536471
It wouldnt harm at all to have multiple ip:s on the same NIC.

/Kvistofta
0
 

Author Comment

by:dirkdigs
ID: 33545720
i think i figured out what this was setup for.

there are 2 sites. one in city a one in city b.

the site in city b had a dhcp scope set in regards to dns to resolve secondary dns to the second NIC of the dns server in city a.

i guess the second nic in city a was serving secondary dns requests for city b.

does this make sens? what do you guys think about it?

i still think i am going to get rid of it.
0
 
LVL 17

Accepted Solution

by:
Kvistofta earned 500 total points
ID: 33545875
Get rid of the NIC. Move the ip to the other nic if necessary.

/Kvistofta
0
 
LVL 20

Expert Comment

by:woolnoir
ID: 33548659
I agree with how the guy set it up in theory, i.e a secondary server for a remote site but having the server with two NICs seems like a waste. Its fine to have serverA running a secondary DHCP and DNS for city B.. but theres no need to confuse matters with a second nic. You can either migrate the NIC accross or maybe its time for a full re-evaluation how you do things. If all sites are on DHCP then then altering the DHCP servers should be easy :)

I'm assuming you have ip helpers on the local switches to allow DHCP broadcast helpers ? if you have cisco switches look for a 'ip helper-address' command in the VLAN or LAN config on the remote switches... you can simply change that to point at the primary IP on the server... there are ways to remove the need for the dual IP's.
0
 

Author Comment

by:dirkdigs
ID: 33549741
we are using sonicwall's.
0
 
LVL 20

Expert Comment

by:woolnoir
ID: 33549752
http://help.mysonicwall.com/sw/eng/705/ui2/23100/Network/IP_Helper.htm

this link should inform about IP HELPERS - you will probably find that the remote network has a IP HELPER for DHCP, pointing at one of the NIC addresses of the multihomed server, if you can find this you can alter it to the primary address and remove the need for the secondary... in theory :)
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

Even if you have implemented a Mobile Device Management solution company wide, it is a good idea to make sure you are taking into account all of the major risks to your electronic protected health information (ePHI).
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now