| Author |
Message |
Josh R. Andrews
Guest
|
 Posted:
Sat Jan 15, 2005 5:17 am Post subject:
Multi-homed Active Directory Domain Controller |
|
|
We currently have two domain controllers in our domain.
One of these domain controllers is multi-homed. It has two NICs, facing
on the same subnet. They each have their own IP address. Say for
argument's sake one is 192.168.1.15 and the other is 192.168.1.20. The
DC auto-registers both IPs in DNS.
My question is whether this is either "bad design" or just kind of
questionable -- i.e. leading to wierd slowness in the domain, NetBIOS
problems (I know it's supposed to be going away in W2K3 but we all know
it still pops up in the oddest places) or DNS name resolution issues.
I am thinking about getting rid of one of the NICs and just having one
IP address for the DC, but wanted to check first if the multi-homed
setup is a known boondoggle.
Thanks,
Josh |
|
| Back to top |
|
 |
Herb Martin
Guest
|
| Posted:
Sat Jan 15, 2005 5:19 am Post subject:
Re: Multi-homed Active Directory Domain Controller |
|
|
"Josh R. Andrews" <jra@kccllc.com> wrote in message
news:#sjRE9o#EHA.4028@TK2MSFTNGP15.phx.gbl...
| Quote: | We currently have two domain controllers in our domain.
One of these domain controllers is multi-homed. It has two NICs, facing
on the same subnet.
|
Well, that frequently doesn't work well and usually
accomplishes litte.
If you have some reason for two NICs on the same
subnet/segment then you really should buy a set with
a "teaming NIC driver" that allows them to function
correctly in tandem.
| Quote: | They each have their own IP address. Say for
argument's sake one is 192.168.1.15 and the other is 192.168.1.20. The
DC auto-registers both IPs in DNS.
|
Yes, and that may not be a great idea.
| Quote: | My question is whether this is either "bad design" or just kind of
|
Yes.
| Quote: | questionable -- i.e. leading to wierd slowness in the domain, NetBIOS
problems (I know it's supposed to be going away in W2K3 but we all know
it still pops up in the oddest places) or DNS name resolution issues.
|
Yes, it leads to problems in most cases.
| Quote: | I am thinking about getting rid of one of the NICs and just having one
IP address for the DC, but wanted to check first if the multi-homed
setup is a known boondoggle.
|
Do it.
(Or go the true teaming NIC route.)
BTW, what do you think the 2-NICs are doing for you?
(What's the real goal of having them this way?)
--
Herb Martin
|
|
| Back to top |
|
|
Kevin D. Goodknecht Sr. [
Guest
|
| Posted:
Sat Jan 15, 2005 5:25 am Post subject:
Re: Multi-homed Active Directory Domain Controller |
|
|
In news:%23sjRE9o%23EHA.4028@TK2MSFTNGP15.phx.gbl,
Josh R. Andrews <jra@kccllc.com> commented
Then Kevin replied below:
| Quote: | We currently have two domain controllers in our domain.
One of these domain controllers is multi-homed. It has
two NICs, facing on the same subnet. They each have their
own IP address. Say for argument's sake one is
192.168.1.15 and the other is 192.168.1.20. The DC
auto-registers both IPs in DNS.
My question is whether this is either "bad design" or
just kind of questionable -- i.e. leading to wierd
slowness in the domain, NetBIOS problems (I know it's
supposed to be going away in W2K3 but we all know it
still pops up in the oddest places) or DNS name
resolution issues.
I am thinking about getting rid of one of the NICs and
just having one IP address for the DC, but wanted to
check first if the multi-homed setup is a known
boondoggle.
|
You say this is Win2k3?
Bridge these connections, then it won't be multihomed, they will have one IP
address and act like one interface. Right click on either interface in
Network Properties and select Bridge connections.
--
Best regards,
Kevin D4 Dad Goodknecht Sr. [MVP]
Hope This Helps
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
=================================== |
|
| Back to top |
|
|
Steve Riley [MSFT]
Guest
|
| Posted:
Sat Jan 15, 2005 5:25 am Post subject:
Re: Multi-homed Active Directory Domain Controller |
|
|
It's a boondoggle. Although http://support.microsoft.com/default.aspx?scid=kb;en-us;272294
describes a workaround, it's best just to remove one of the NICs.
Steve Riley
steriley@microsoft.com
| Quote: | We currently have two domain controllers in our domain.
One of these domain controllers is multi-homed. It has two NICs,
facing on the same subnet. They each have their own IP address. Say
for argument's sake one is 192.168.1.15 and the other is 192.168.1.20.
The DC auto-registers both IPs in DNS.
My question is whether this is either "bad design" or just kind of
questionable -- i.e. leading to wierd slowness in the domain, NetBIOS
problems (I know it's supposed to be going away in W2K3 but we all
know it still pops up in the oddest places) or DNS name resolution
issues.
I am thinking about getting rid of one of the NICs and just having one
IP address for the DC, but wanted to check first if the multi-homed
setup is a known boondoggle.
Thanks,
Josh
|
|
|
| Back to top |
|
|
Joe Richards [MVP]
Guest
|
| Posted:
Sat Jan 15, 2005 6:34 am Post subject:
Re: Multi-homed Active Directory Domain Controller |
|
|
Agreed, if on the same subnet either team or remove one. If on separate subnets
you are ok. Either way, only one interface should have a default gateway configured.
If WINS is involved, no multihoming period.
joe
--
Joe Richards Microsoft MVP Windows Server Directory Services
www.joeware.net
Herb Martin wrote:
| Quote: | "Josh R. Andrews" <jra@kccllc.com> wrote in message
news:#sjRE9o#EHA.4028@TK2MSFTNGP15.phx.gbl...
We currently have two domain controllers in our domain.
One of these domain controllers is multi-homed. It has two NICs, facing
on the same subnet.
Well, that frequently doesn't work well and usually
accomplishes litte.
If you have some reason for two NICs on the same
subnet/segment then you really should buy a set with
a "teaming NIC driver" that allows them to function
correctly in tandem.
They each have their own IP address. Say for
argument's sake one is 192.168.1.15 and the other is 192.168.1.20. The
DC auto-registers both IPs in DNS.
Yes, and that may not be a great idea.
My question is whether this is either "bad design" or just kind of
Yes.
questionable -- i.e. leading to wierd slowness in the domain, NetBIOS
problems (I know it's supposed to be going away in W2K3 but we all know
it still pops up in the oddest places) or DNS name resolution issues.
Yes, it leads to problems in most cases.
I am thinking about getting rid of one of the NICs and just having one
IP address for the DC, but wanted to check first if the multi-homed
setup is a known boondoggle.
Do it.
(Or go the true teaming NIC route.)
BTW, what do you think the 2-NICs are doing for you?
(What's the real goal of having them this way?)
|
|
|
| Back to top |
|
|
Herb Martin
Guest
|
| Posted:
Sat Jan 15, 2005 7:27 am Post subject:
Re: Multi-homed Active Directory Domain Controller |
|
|
"Joe Richards [MVP]" <humorexpress@hotmail.com> wrote in message
news:OZhNrnp#EHA.3616@TK2MSFTNGP11.phx.gbl...
| Quote: | Agreed, if on the same subnet either team or remove one. If on separate
subnets
you are ok. Either way, only one interface should have a default gateway
configured. |
Actually it is even ok, to have multiple default
gateways IF he does it correctly, making sure
the preferred is on the first bound NIC, and that
it has the lowest cost associated with it.
It makes not sense for most people to this though,
and you were probably talking about those who
put something in naively and don't understand the
issues.
| Quote: | If WINS is involved, no multihoming period.
|
--
Herb Martin
| Quote: |
joe
--
Joe Richards Microsoft MVP Windows Server Directory Services
www.joeware.net
Herb Martin wrote:
"Josh R. Andrews" <jra@kccllc.com> wrote in message
news:#sjRE9o#EHA.4028@TK2MSFTNGP15.phx.gbl...
We currently have two domain controllers in our domain.
One of these domain controllers is multi-homed. It has two NICs, facing
on the same subnet.
Well, that frequently doesn't work well and usually
accomplishes litte.
If you have some reason for two NICs on the same
subnet/segment then you really should buy a set with
a "teaming NIC driver" that allows them to function
correctly in tandem.
They each have their own IP address. Say for
argument's sake one is 192.168.1.15 and the other is 192.168.1.20. The
DC auto-registers both IPs in DNS.
Yes, and that may not be a great idea.
My question is whether this is either "bad design" or just kind of
Yes.
questionable -- i.e. leading to wierd slowness in the domain, NetBIOS
problems (I know it's supposed to be going away in W2K3 but we all know
it still pops up in the oddest places) or DNS name resolution issues.
Yes, it leads to problems in most cases.
I am thinking about getting rid of one of the NICs and just having one
IP address for the DC, but wanted to check first if the multi-homed
setup is a known boondoggle.
Do it.
(Or go the true teaming NIC route.)
BTW, what do you think the 2-NICs are doing for you?
(What's the real goal of having them this way?)
|
|
|
| Back to top |
|
|
Josh R. Andrews
Guest
|
| Posted:
Sat Jan 15, 2005 7:54 am Post subject:
Re: Multi-homed Active Directory Domain Controller |
|
|
Thanks guys, this just confirms my suspicions.
I inherited this setup; the original intention was for some sort of
network redundancy, but the issues of AD DC multihoming weren't really
understood at that point.
I think I will strip one NIC and IP from the network and then bring the
second NIC on as a member of a team again later on.
Herb Martin wrote:
| Quote: | "Joe Richards [MVP]" <humorexpress@hotmail.com> wrote in message
news:OZhNrnp#EHA.3616@TK2MSFTNGP11.phx.gbl...
Agreed, if on the same subnet either team or remove one. If on separate
subnets
you are ok. Either way, only one interface should have a default gateway
configured.
Actually it is even ok, to have multiple default
gateways IF he does it correctly, making sure
the preferred is on the first bound NIC, and that
it has the lowest cost associated with it.
It makes not sense for most people to this though,
and you were probably talking about those who
put something in naively and don't understand the
issues.
If WINS is involved, no multihoming period.
|
|
|
| Back to top |
|
|
Joe Richards [MVP]
Guest
|
| Posted:
Sat Jan 15, 2005 11:50 am Post subject:
Re: Multi-homed Active Directory Domain Controller |
|
|
The problem comes up if for some reason one NIC gets close to saturation or
times out on something and the server starts failing over for its default
routing to the other NIC. You get dropped connections and I have also seen it
blue screen. Multiple default gateways on NICS in separate subnets is almost
guaranteed to blow you up.
--
Joe Richards Microsoft MVP Windows Server Directory Services
www.joeware.net
Herb Martin wrote:
| Quote: | "Joe Richards [MVP]" <humorexpress@hotmail.com> wrote in message
news:OZhNrnp#EHA.3616@TK2MSFTNGP11.phx.gbl...
Agreed, if on the same subnet either team or remove one. If on separate
subnets
you are ok. Either way, only one interface should have a default gateway
configured.
Actually it is even ok, to have multiple default
gateways IF he does it correctly, making sure
the preferred is on the first bound NIC, and that
it has the lowest cost associated with it.
It makes not sense for most people to this though,
and you were probably talking about those who
put something in naively and don't understand the
issues.
If WINS is involved, no multihoming period.
|
|
|
| Back to top |
|
|
Herb Martin
Guest
|
| Posted:
Sat Jan 15, 2005 8:33 pm Post subject:
Re: Multi-homed Active Directory Domain Controller |
|
|
"Joe Richards [MVP]" <humorexpress@hotmail.com> wrote in message
news:eJVhtYs#EHA.2568@TK2MSFTNGP10.phx.gbl...
| Quote: | The problem comes up if for some reason one NIC gets close to saturation
or
times out on something and the server starts failing over for its default
routing to the other NIC. You get dropped connections and I have also seen
it
blue screen. Multiple default gateways on NICS in separate subnets is
almost
guaranteed to blow you up.
|
That's odd and would be a true bug not a
misconfiguration.
One can readily use NIC 1 to point the
expected router (off the local net or even to
the Internet) and another NIC 2 to point to
a backup.
Note the above will not load balance in general
and will NOT perform as expect (hoped?) if the
NIC 1 route goes down BEYOND the adjacent
router -- the adjacent router connected to NIC 1
must fail completely (to answer) for the second
one to be used (unless there is a bug) -- then
sending through NIC 2 must be sensible for the
machine (reach the same or at least some useful
places.)
--
Herb Martin
| Quote: | --
Joe Richards Microsoft MVP Windows Server Directory Services
www.joeware.net
Herb Martin wrote:
"Joe Richards [MVP]" <humorexpress@hotmail.com> wrote in message
news:OZhNrnp#EHA.3616@TK2MSFTNGP11.phx.gbl...
Agreed, if on the same subnet either team or remove one. If on separate
subnets
you are ok. Either way, only one interface should have a default gateway
configured.
Actually it is even ok, to have multiple default
gateways IF he does it correctly, making sure
the preferred is on the first bound NIC, and that
it has the lowest cost associated with it.
It makes not sense for most people to this though,
and you were probably talking about those who
put something in naively and don't understand the
issues.
If WINS is involved, no multihoming period.
|
|
|
| Back to top |
|
|
Joe Richards [MVP]
Guest
|
| Posted:
Sat Jan 15, 2005 10:59 pm Post subject:
Re: Multi-homed Active Directory Domain Controller |
|
|
http://support.microsoft.com/default.aspx?scid=kb;en-us;157025
--
Joe Richards Microsoft MVP Windows Server Directory Services
www.joeware.net
Herb Martin wrote:
| Quote: | That's odd and would be a true bug not a
misconfiguration.
One can readily use NIC 1 to point the
expected router (off the local net or even to
the Internet) and another NIC 2 to point to
a backup.
Note the above will not load balance in general
and will NOT perform as expect (hoped?) if the
NIC 1 route goes down BEYOND the adjacent
router -- the adjacent router connected to NIC 1
must fail completely (to answer) for the second
one to be used (unless there is a bug) -- then
sending through NIC 2 must be sensible for the
machine (reach the same or at least some useful
places.)
|
|
|
| Back to top |
|
|
Herb Martin
Guest
|
| Posted:
Sat Jan 15, 2005 11:39 pm Post subject:
Re: Multi-homed Active Directory Domain Controller |
|
|
"Joe Richards [MVP]" <humorexpress@hotmail.com> wrote in message
news:uL7eYOy#EHA.1188@tk2msftngp13.phx.gbl...
That article is terribly written but it agrees with what
I indicated when read carefully.
If there remain bugs in the operation system (Win2000 &
and Win2003 with current service packs) to cause the
misbehavior you described when the network inteface(s)
are overloaded then those should just be reported and fixed.
Back to the article:
When the recommendations for disjoint (unrouted) networks
are removed there is no recommendation against, but rather
a (weak) recommendations for, using a second default gateway
even if it is on another subnet/segment. (I also indicated
that the two default gateways must lead to the SAME networks
to make sense in most cases.)
The warnings were against the typical mistake made by
neophytes to routing where there are disjoint networks and
the attempt is made to route to both of the them using the
(incorrect) default method.
Rather those networks much be routing by adding specific
routes -- either manually or through dynamic protocols.
In all it is written (probably) to address beginners concerns,
or written by a beginner who didn't fully understand the
implications. (I would say it is greatly oversimplified were
it not for the obvious confusion and apparent contradictions
it offers.)
--
Herb Martin
| Quote: |
--
Joe Richards Microsoft MVP Windows Server Directory Services
www.joeware.net
Herb Martin wrote:
That's odd and would be a true bug not a
misconfiguration.
One can readily use NIC 1 to point the
expected router (off the local net or even to
the Internet) and another NIC 2 to point to
a backup.
Note the above will not load balance in general
and will NOT perform as expect (hoped?) if the
NIC 1 route goes down BEYOND the adjacent
router -- the adjacent router connected to NIC 1
must fail completely (to answer) for the second
one to be used (unless there is a bug) -- then
sending through NIC 2 must be sensible for the
machine (reach the same or at least some useful
places.)
|
|
|
| Back to top |
|
|
|
|
|
|
FAQ
Memberlist
Register
Profile
Log in to check your private messages
Log in