Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 292
  • Last Modified:

Exchange 2010 - Secondary NIC preference and DNS Registration problem

Hello All,

I have a Windows 2008R2 64bit server running Exchange 2010 utilizing two NICs. NIC1 is on the inside and NIC2 receives Mapi and OWA connections from the outside. I've had a terrible time with the server and clients preferring the outside NIC over the inside NIC.

When I first setup the server I was getting two internal DNS entries for my exchange server. My clients seemed to prefer connecting to the entry for NIC2 and because of a static route in my firewall would time out, and only then connect to NIC1. Which obviously slowed down access time and generated lots of calls.

Things I've tried:
-changed the Interface Metric to 10 on NIC2
-took the check out of "Register this connection's addresses in DNS"

NIC2 was still registering in DNS and my workstations were still preferring to use it.

Next I tried:
-disabling NIC2 and adding a second IP to NIC1

Same problem, My outside address was still registering and my workstation preferred to try it first.

So I removed the second address on NIC one, went back to NIC2 and ran:
-Netsh int ipv4 add address <Interface Name> <ip address> skipassource=true

Now this finally put a stop to NIC2 registering in DNS, and after I flushed everybody's cache and deleted NIC2 from all my DNS servers, all seemed fine.

However, now I seem to be having a new problem. My exchange server cannot ping several WAN DC servers unless I disable NIC2,(obviously because NIC2 does not have a DNS entry due to the Netsh command above) which is kicking up errors like the one below in Application Event viewer.

Process MSEXCHANGEADTOPOLOGYSERVICE.EXE (PID=1852). Exchange Active Directory Provider is unable to connect to the Domain Controller server.domain.com although its service location (SRV) resource record was found in the DNS
 The query was for the SRV record for _ldap._tcp.dc._msdcs.domain.com
 The following domain controllers were identified by the query:
server1.domain.com
server2.domain.com
server3.domain.com
server4.domain.com
server5.domain.com
server6.domain.com

 Common causes of this error include:
 - Host (A) records that map the name of the domain controller to its IP addresses are missing or contain incorrect addresses.
 - Domain controllers registered in DNS are not connected to the network or are not running.
 For information about correcting this problem,  Type in the command line:
hh tcpip.chm::/sag_DNS_tro_dcLocator_messageHa.htm    

I can't ping them either.
     
If I disable NIC2 communications immediately function fine. I can't seem to figure out why at every turn NIC2, or its address seems to be preferred.

Any help would be great
Thanks
Eric
0
bwask
Asked:
bwask
  • 4
  • 2
1 Solution
 
James HIT DirectorCommented:
Have you set your adapters and bindings correctly?
If you go into Network and Internet --> Change adapter setttings
On the top menu bar, click on Advanced and Advanced Settings
Under the Adapters and Bindings, ensure that your preferred nic is listed first.
0
 
bwaskAuthor Commented:
Thanks Spartan,

I had to Google how to get the advanced function menu to pop up (why Microsoft decided to hide it is beyond me.) Anyway, yes, the binding order had NIC2 at the top of the list. I changed it. Is it immediate, or do I need to reboot the mail server? It still can't ping those servers unless I disable NIC2

Thanks
Eric
0
 
James HIT DirectorCommented:
I would reboot.
What was the reason behind setting up two NIC's? The NAT of the firewall should be enough to handle external access to an internal IP.
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
bwaskAuthor Commented:
Hello,

I rebooted the server last night, unfortunately it is still preferring to use NIC2 for 3 of my WAN sights. And again, as soon as I disable NIC2 it functions properly. If I re-enable it mid ping I'll get:
PING: transmit failed. General Failure.
And of course when I run ping again I get:
Ping request could not find host computername. Please check the name and try again.
It won't even try to use NIC1.

Thanks
Eric
0
 
bwaskAuthor Commented:
I think I fixed it,

The command that I mentioned above:
-Netsh int ipv4 add address <Interface Name> <ip address> skipassource=true
gave NIC2  a subnet of 255.255.0.0. NIC1 has a subnet of 255.255.255.0. As soon as I changed NIC2 to be like NIC1 all started working.

Thanks
Eric
0
 
bwaskAuthor Commented:
I'm accepting my solution because that's what fixed it. Thanks for the help everybody.
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

  • 4
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now