?
Solved

Server with two nics reporting to different clients under different NICs. DC, HyperV, RDP roles.

Posted on 2014-12-16
11
Medium Priority
?
103 Views
Last Modified: 2014-12-22
Dear All,

Come across a server with the following setup.

Server has 2x NICs.

It is a DC for a site and runs VM's.
One of the those VM's is an rdp box etc...

The deal is that one of the IP's has been used as a Virtual Network Switch for the VM(s).

The other NIC is meant for the network as its a DC, fileshare etc...

This is a small site.

Some clients when pinged are getting back IP 192.168.1.15 instead of lets say 192.168.1.20.

As one NIC is for HyperV and the other is Usual Network stuff.

This is causing some issues with FQDN of servers etc... for example the mail server cannot be located under the fqdn of mailserver.dom.lan only its netbios name of mailserver.

Please advise where I should start. Network has had a 2003 box demoted, Other servers are 2008r2 and 2012r2. 2003 DC has just been demoted so the domain functional level is still 2003 at present.

Many thanks in advance.


R
0
Comment
Question by:roycasella
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 8
  • 2
11 Comments
 
LVL 57

Expert Comment

by:giltjr
ID: 40503130
Did somebody create a A record on the DNS server for the host name mailserver.dom.lan?

Is "dom.lan" your AD integrated domain name?  If so, is the host "mailserver" setup to register it host name with the DNS server?
0
 
LVL 7

Author Comment

by:roycasella
ID: 40503139
To add some more..

if I ping mailserver ... i get back mailserver.dom.lan... but if I ping mailserver.dom.lan I get no reply!!!

R
0
 
LVL 7

Author Comment

by:roycasella
ID: 40503147
There is an a record for mailserver on the dns server to point to its IP.

The other servers have the same issues. i.e. msdynamics.dom.lan ... replies when msdynamics is pinged with fqdn... but you cannot ping the fqdn.

R
0
Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

 
LVL 59

Assisted Solution

by:Cliff Galiher
Cliff Galiher earned 2000 total points
ID: 40503148
There are multiple problems with your current deployment. Among the most glaring is running ADDS and Hyper-V together. That's never a good idea. For such deployments, running ADDS as a guest is far preferable.

The big one causing you problems though is this:

"The deal is that one of the IP's has been used as a Virtual Network Switch for the VM(s)."

Like any switch, hyper-V's virtual switch operates at layer 2 of the OSI model. The physical NIC does not get an IP address at all. Nor does the switch. When a NIC is associated with a v-switch, IPv4 and IPv6 are inbound from the NIC. That is by design. Manually re-enabling them actually breaks things.
0
 
LVL 7

Author Comment

by:roycasella
ID: 40503150
In DNS the DC has got both IP addresses listed under dahv01, so there are two A records.

R
0
 
LVL 7

Author Comment

by:roycasella
ID: 40503158
Thanks Cliff.... What do you suggest as a way forward to straighten this server out?

Thanks

R
0
 
LVL 7

Author Comment

by:roycasella
ID: 40503163
Short Term and Long Term please.

i.e. Short Term .. Do X with NIC config and DNS maybe.
Long Term, create a VM for DC, demote the physical server once all roles have been transferred across etc...

Thanks

R
0
 
LVL 59

Accepted Solution

by:
Cliff Galiher earned 2000 total points
ID: 40503185
If it were me? When multiple misconfigurarions are easily identified in a short paragraph, the chances of more unidentified issues is exponentially higher. As a consultant who specializes in cleaning up previous I.T. disasters (often outsourced or low-bid MSP shops) I say that from experience. The server is untrustworthy. The changes that ADDS makes, primarily in that local accounts don't really exist on a DC, whereas hyper-v relies on local machine accounts, makes the security model fundamentally broken. I consider the host untrusted.

I would stand up a new properly configured host. Full stop. Then move the existing VMs to the new host. Then, if you want to virtualized your DC, create a new VM on the new host and make it an additional DC. From there you can demote the old DC, and if that breaks hyper-V (which it likely will), no loss as no VMs are left on the machine.

It solves your immediate odd ping issue as you have a known new configuration. You have no risk to your VMs. And you have a graceful path in removing the misconfigured environment. That is all good both short and long term.
0
 
LVL 7

Author Comment

by:roycasella
ID: 40503229
Fair enough.... I thought that would be the road I would need to go down from what was being said.
No immediate MUCH shorter solution though???

I can get all of that going as a I have another server that I can turn into a DC and dedicate that as physical DC.
Dont have anything else that I could utilise as another host though, this is the best box in the gaff.
So I would need to do the following:

Create a new DC on spare server and transfer all roles over and create as DNS server and make DNS for site etc...
Demote DC on Original Server. Ensure HyperV is working by fixing it if its knackered.
Create secondary DC and DNS as VM on original box which is not a hyperv host only and file store for site. Cannot avoid that as its the box with the most space. Longer term project will organise this Im sure.

Dont have any other options.

Was hoping to have a sticky plaster solution while I organise all of this though. Its doable.. just not instant....:)

Many thanks in advance.

R
0
 
LVL 7

Author Comment

by:roycasella
ID: 40509501
OK.

Got a 2nd DC and DNS server as VM.
Will create a second DC on another VM on the other box and demote the original 2x NIC server.
Thanks for your help.
Will report back

R
0
 
LVL 7

Author Closing Comment

by:roycasella
ID: 40512730
Thanks to all.

Looks like a straighten out is needed.
R
0

Featured Post

Back Up Your Microsoft Windows Server®

Back up all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Background Information Recently I have fixed file server permission issues for one of my client. The client has 1800 users and one Windows Server 2008 R2 domain joined file server with 12 TB of data, 250+ shared folders and the folder structure i…
This program is used to assist in finding and resolving common problems with wireless connections.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
Suggested Courses

801 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question