Set Up Win2k8 with 2 NICS for DNS/DHCP/AD
Hello everyone, I'm trying to understand the basics of something that's always been a crapshoot, and that's setting up what I believe is referred to as a multi-homed box. At times this is a requirement so I want to learn how to do. As an example, theres some old devices that will only take 192.168.XXX.XXX IP's, but the main network is 168.18.223.XXX. So I need a good guide of what to do.
Setup:
Citrix Xenserver 5.6
Windows Server 2008 installed as a VM (not R2)
W2k8 is set with one virtual card bridged to eth0 (network 0), so that it receives an IP via DHCP from the work network. This IP is a 168.18.223.xx, netmask 255.255.255.0, and a gateway of 168.18.223.1
DNS and DCHP and Active Directory need to be installed. I went with AD first, and let it install DNS. DNS was pointed to eth2 (network2), which is a 3rd physical card in the machine that is connected to a switch. The goal is for this switch to be connected with W2k8. This network2 is assigned a static IP of 192.168.25.1, netmask 255.255.255.0, no gateway, and a primary dns of 127.0.0.1. DNS was set to only listen to this interface.
I then installed DHCP. DHCP was set to a scope of 192.168.25.100-200, netmask 255.255.255.0. DNS was assigned two forwarders, my works main DNS servers, the same ones the w2k8 server uses to browse the web, which are 168.18.216.211, and 168.18.216.222. With all that set up, when I plug in a computer, the system gives me an IP (192.168.0.100), and I can resolve locally, but I can't get on the internet. So I know something with DNS is screwy. The plugged in system shows the DNS server is 192.168.25.1, which seems correct to me, as everything should go local first, then be forwarded if necessary. DHCP (under its scope) shows 003 Router as the networks gateway (168.18.223.1), 006 DNS as 192.168.25.1, and 015 as DNS Domain Name, which is my AD domain.
So can anyone finally put together the pieces of the puzzle and tell me what I'm missing? Because it all seems correct.
Setup:
Citrix Xenserver 5.6
Windows Server 2008 installed as a VM (not R2)
W2k8 is set with one virtual card bridged to eth0 (network 0), so that it receives an IP via DHCP from the work network. This IP is a 168.18.223.xx, netmask 255.255.255.0, and a gateway of 168.18.223.1
DNS and DCHP and Active Directory need to be installed. I went with AD first, and let it install DNS. DNS was pointed to eth2 (network2), which is a 3rd physical card in the machine that is connected to a switch. The goal is for this switch to be connected with W2k8. This network2 is assigned a static IP of 192.168.25.1, netmask 255.255.255.0, no gateway, and a primary dns of 127.0.0.1. DNS was set to only listen to this interface.
I then installed DHCP. DHCP was set to a scope of 192.168.25.100-200, netmask 255.255.255.0. DNS was assigned two forwarders, my works main DNS servers, the same ones the w2k8 server uses to browse the web, which are 168.18.216.211, and 168.18.216.222. With all that set up, when I plug in a computer, the system gives me an IP (192.168.0.100), and I can resolve locally, but I can't get on the internet. So I know something with DNS is screwy. The plugged in system shows the DNS server is 192.168.25.1, which seems correct to me, as everything should go local first, then be forwarded if necessary. DHCP (under its scope) shows 003 Router as the networks gateway (168.18.223.1), 006 DNS as 192.168.25.1, and 015 as DNS Domain Name, which is my AD domain.
So can anyone finally put together the pieces of the puzzle and tell me what I'm missing? Because it all seems correct.
ASKER
I'll try changing to the same subnet and report back. Thank you.
ASKER
Still haven't gotten anywhere. It ranges from the computers not seeing any dhcp server, to just the same fact they got an IP, but see no internet.
Post ipconfig /all please from a problem system.
ASKER
Here's a screen capture after a fresh win2k8 setup with both nics using RRAS. There's plenty of examples of this on the internet and even this simply wouln't work, it makes no sense to me why it wouldn't. This is a client computer:
The server is set up to receive DHCP on the WAN nic, and with 192.168.25.1 netmask 255.255.255.0 no gateway or dns on the LAN nic. fresh setup with just that configuration and RRAS installed. I was just trying to get that to work, though I doubt it will because I need the full DNS control so I can have BOOTTP option and PXE booting.
The server is set up to receive DHCP on the WAN nic, and with 192.168.25.1 netmask 255.255.255.0 no gateway or dns on the LAN nic. fresh setup with just that configuration and RRAS installed. I was just trying to get that to work, though I doubt it will because I need the full DNS control so I can have BOOTTP option and PXE booting.
Here is the problem you should NOT have your DNS server running on a multihome computer.
Either way you don't need to setup your system to have an external NIC you can keep the one NIC enabled then within your router you can port forward to the internal IP address this at least gives you some security and allows everything to work properly
Either way you don't need to setup your system to have an external NIC you can keep the one NIC enabled then within your router you can port forward to the internal IP address this at least gives you some security and allows everything to work properly
ASKER
I need an external NIC because network 1 (external WAN) is a work network, delivering internet and access to the Xen Management Console. Network 2 (internal LAN) is a virtual nic to which all the VM's connect. It's to set up a virtualized setup for Active Directory, Windows Deployment Services, and Distributed File System.
Is there a recommendation to make this work?
Is there a recommendation to make this work?
No there is not a recommended way to get this to work.
What exactly do you want to get to work? Again your Hyper-v Host should NOT have any services except for Hyper-v.
You can then install VMs within the Hyper-v systems. The Hyper-v VMs will not connect to the other network unless it is routered to that side with an actual router.
Hyper-v should be running on at least 2 NICs one for management and another for virtual networks
You should not run any services on the Hyper-v host
What exactly do you want to get to work? Again your Hyper-v Host should NOT have any services except for Hyper-v.
You can then install VMs within the Hyper-v systems. The Hyper-v VMs will not connect to the other network unless it is routered to that side with an actual router.
Hyper-v should be running on at least 2 NICs one for management and another for virtual networks
You should not run any services on the Hyper-v host
ASKER
This isn't on Hyper-V, this is on Xenserver. I have to get the VM's to communicate with the server while nothing else on the work network does (that's the only way Active Directory can set hostnames). Guess I'll have to keep working at a solution.
If they are on different subnets you need a router or a switch that is configured for VLANs so the two subnets can communicate
ASKER
I could just use one nic in the server. The problem would then be internet. The server gets IP's and DNS information from a cisco router, which the rest of the work place uses along with their own AD system. So I need internet to get to both the server and the vm's, while using the server for DNS/DHCP/AD just for the vm's. If I put the server on the main network, things would be in chaos because there's already a server on the work network doing that. So unless the vm's get internet through the server I honestly don't see any other way of this working. But there has to be a way to make it work. You can't tell me that MS didn't allow a way for the server to act as a gateway for the work environment.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Not the solution I wanted but it works for now, at the waste of another 64MB of ram and another system to maintain. Still don't know why an easier system to support this setup isn't in place for Win2k8.
Multihomed DCs are recommend or supported by MS for Domain Controllers or DNS.
Go to the TCP\IP properties to go the DNS tab uncheck the regsiter with DNS option on one of your NICs