Solved

Server with two nics reporting to different clients under different NICs. DC, HyperV, RDP roles.

Posted on 2014-12-16
11
95 Views
Last Modified: 2014-12-22
Dear All,

Come across a server with the following setup.

Server has 2x NICs.

It is a DC for a site and runs VM's.
One of the those VM's is an rdp box etc...

The deal is that one of the IP's has been used as a Virtual Network Switch for the VM(s).

The other NIC is meant for the network as its a DC, fileshare etc...

This is a small site.

Some clients when pinged are getting back IP 192.168.1.15 instead of lets say 192.168.1.20.

As one NIC is for HyperV and the other is Usual Network stuff.

This is causing some issues with FQDN of servers etc... for example the mail server cannot be located under the fqdn of mailserver.dom.lan only its netbios name of mailserver.

Please advise where I should start. Network has had a 2003 box demoted, Other servers are 2008r2 and 2012r2. 2003 DC has just been demoted so the domain functional level is still 2003 at present.

Many thanks in advance.


R
0
Comment
Question by:roycasella
  • 8
  • 2
11 Comments
 
LVL 57

Expert Comment

by:giltjr
Comment Utility
Did somebody create a A record on the DNS server for the host name mailserver.dom.lan?

Is "dom.lan" your AD integrated domain name?  If so, is the host "mailserver" setup to register it host name with the DNS server?
0
 
LVL 7

Author Comment

by:roycasella
Comment Utility
To add some more..

if I ping mailserver ... i get back mailserver.dom.lan... but if I ping mailserver.dom.lan I get no reply!!!

R
0
 
LVL 7

Author Comment

by:roycasella
Comment Utility
There is an a record for mailserver on the dns server to point to its IP.

The other servers have the same issues. i.e. msdynamics.dom.lan ... replies when msdynamics is pinged with fqdn... but you cannot ping the fqdn.

R
0
 
LVL 56

Assisted Solution

by:Cliff Galiher
Cliff Galiher earned 500 total points
Comment Utility
There are multiple problems with your current deployment. Among the most glaring is running ADDS and Hyper-V together. That's never a good idea. For such deployments, running ADDS as a guest is far preferable.

The big one causing you problems though is this:

"The deal is that one of the IP's has been used as a Virtual Network Switch for the VM(s)."

Like any switch, hyper-V's virtual switch operates at layer 2 of the OSI model. The physical NIC does not get an IP address at all. Nor does the switch. When a NIC is associated with a v-switch, IPv4 and IPv6 are inbound from the NIC. That is by design. Manually re-enabling them actually breaks things.
0
 
LVL 7

Author Comment

by:roycasella
Comment Utility
In DNS the DC has got both IP addresses listed under dahv01, so there are two A records.

R
0
Control application downtime with dependency maps

Visualize the interdependencies between application components better with Applications Manager's automated application discovery and dependency mapping feature. Resolve performance issues faster by quickly isolating problematic components.

 
LVL 7

Author Comment

by:roycasella
Comment Utility
Thanks Cliff.... What do you suggest as a way forward to straighten this server out?

Thanks

R
0
 
LVL 7

Author Comment

by:roycasella
Comment Utility
Short Term and Long Term please.

i.e. Short Term .. Do X with NIC config and DNS maybe.
Long Term, create a VM for DC, demote the physical server once all roles have been transferred across etc...

Thanks

R
0
 
LVL 56

Accepted Solution

by:
Cliff Galiher earned 500 total points
Comment Utility
If it were me? When multiple misconfigurarions are easily identified in a short paragraph, the chances of more unidentified issues is exponentially higher. As a consultant who specializes in cleaning up previous I.T. disasters (often outsourced or low-bid MSP shops) I say that from experience. The server is untrustworthy. The changes that ADDS makes, primarily in that local accounts don't really exist on a DC, whereas hyper-v relies on local machine accounts, makes the security model fundamentally broken. I consider the host untrusted.

I would stand up a new properly configured host. Full stop. Then move the existing VMs to the new host. Then, if you want to virtualized your DC, create a new VM on the new host and make it an additional DC. From there you can demote the old DC, and if that breaks hyper-V (which it likely will), no loss as no VMs are left on the machine.

It solves your immediate odd ping issue as you have a known new configuration. You have no risk to your VMs. And you have a graceful path in removing the misconfigured environment. That is all good both short and long term.
0
 
LVL 7

Author Comment

by:roycasella
Comment Utility
Fair enough.... I thought that would be the road I would need to go down from what was being said.
No immediate MUCH shorter solution though???

I can get all of that going as a I have another server that I can turn into a DC and dedicate that as physical DC.
Dont have anything else that I could utilise as another host though, this is the best box in the gaff.
So I would need to do the following:

Create a new DC on spare server and transfer all roles over and create as DNS server and make DNS for site etc...
Demote DC on Original Server. Ensure HyperV is working by fixing it if its knackered.
Create secondary DC and DNS as VM on original box which is not a hyperv host only and file store for site. Cannot avoid that as its the box with the most space. Longer term project will organise this Im sure.

Dont have any other options.

Was hoping to have a sticky plaster solution while I organise all of this though. Its doable.. just not instant....:)

Many thanks in advance.

R
0
 
LVL 7

Author Comment

by:roycasella
Comment Utility
OK.

Got a 2nd DC and DNS server as VM.
Will create a second DC on another VM on the other box and demote the original 2x NIC server.
Thanks for your help.
Will report back

R
0
 
LVL 7

Author Closing Comment

by:roycasella
Comment Utility
Thanks to all.

Looks like a straighten out is needed.
R
0

Featured Post

Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

Join & Write a Comment

New Windows 7 Installations take days for Windows-Updates to show up and install. This can easily be fixed. I have finally decided to write an article because this seems to get asked several times a day lately. This Article and the Links apply to…
A procedure for exporting installed hotfix details of remote computers using powershell
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now