Allow two subnets to talk

I have a network with two subnets being used with a windows 2003 Ent as a
PDC. Since the PDC has two NIC cards both subnets can log into the domain
without a problem. The issue is that PCs from different subnets
(255.255.255.248 & 255.255.255.0) cannot "talk" with each other. What do I
need to do to get them to see each other when they browse the network?

Thanks

Dan

Dan Reber wrote:
> I have a network with two subnets being used with a windows 2003 Ent
> as a PDC. Since the PDC has two NIC cards both subnets can log into
> the domain without a problem. The issue is that PCs from different
> subnets (255.255.255.248 & 255.255.255.0) cannot "talk" with each
> other. What do I need to do to get them to see each other when they
> browse the network?
>
> Thanks
>
> Dan

Have you configured the RRAS?
Anyway I suggest to not use double NIC on DC........
--
---
Giuseppe Nacci
Microsoft Certified System Engineer
Microsoft Certified Trainer
Security Manager

The DC should run with only one Nic and exist on only one subnet (doesn't
matter which one). A LAN Router should be placed between the Subnets. SBS
being the exception, there are a lot of potential networking issues that
arise from multi-homing a DC.

Here are some examples.

272294 - Active Directory Communication Fails on Multihomed Domain
Controllers
http://support.microsoft.com/default...b;en-us;272294

191611 - Symptoms of Multihomed Browsers
http://support.microsoft.com/default...b;EN-US;191611

It doesn't mean it can't be done (it is done with SBS), but it can just be
troublesome and is recommended that you avoid that situation.

--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/IS...cessRules.html

Microsoft Internet Security & Acceleration Server: Guidance
http://www.microsoft.com/isaserver/t...dance/2004.asp
http://www.microsoft.com/isaserver/t...dance/2000.asp

Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.asp
-----------------------------------------------------



"Dan Reber" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> I have a network with two subnets being used with a windows 2003 Ent as a
> PDC. Since the PDC has two NIC cards both subnets can log into the domain
> without a problem. The issue is that PCs from different subnets
> (255.255.255.248 & 255.255.255.0) cannot "talk" with each other. What do I
> need to do to get them to see each other when they browse the network?
>
> Thanks
>
> Dan
>
>

I installed it on the server but I am not sure how to configure it.

"Giuseppe Nacci" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Dan Reber wrote:
> > I have a network with two subnets being used with a windows 2003 Ent
> > as a PDC. Since the PDC has two NIC cards both subnets can log into
> > the domain without a problem. The issue is that PCs from different
> > subnets (255.255.255.248 & 255.255.255.0) cannot "talk" with each
> > other. What do I need to do to get them to see each other when they
> > browse the network?
> >
> > Thanks
> >
> > Dan
>
> Have you configured the RRAS?
> Anyway I suggest to not use double NIC on DC........
> --
> ---
> Giuseppe Nacci
> Microsoft Certified System Engineer
> Microsoft Certified Trainer
> Security Manager
>
>
>

This is not required, DC can have network interfaces in as many subnets as
needed, and act as a router at the same time.

All the issues with multihomed DCs are related to network browsing, i.e. to
building the computer list in "My Network Places" - which is absolutely not
required (and, in my opinion, even MUST be avoided in corporate
environments) and does not affect users' ability to access network resources
in any way.

--
Dmitry Korolyov [(E-Mail Removed)]
MVP: Windows Server - Directory Services


"Phillip Windell" <@.> wrote in message
news:%(E-Mail Removed)...
> The DC should run with only one Nic and exist on only one subnet (doesn't
> matter which one). A LAN Router should be placed between the Subnets. SBS
> being the exception, there are a lot of potential networking issues that
> arise from multi-homing a DC.
>
> Here are some examples.
>
> 272294 - Active Directory Communication Fails on Multihomed Domain
> Controllers
> http://support.microsoft.com/default...b;en-us;272294
>
> 191611 - Symptoms of Multihomed Browsers
> http://support.microsoft.com/default...b;EN-US;191611
>
> It doesn't mean it can't be done (it is done with SBS), but it can just be
> troublesome and is recommended that you avoid that situation.
>
> --
> Phillip Windell [MCP, MVP, CCNA]
> www.wandtv.com
> -----------------------------------------------------
> Understanding the ISA 2004 Access Rule Processing
> http://www.isaserver.org/articles/IS...cessRules.html
>
> Microsoft Internet Security & Acceleration Server: Guidance
> http://www.microsoft.com/isaserver/t...dance/2004.asp
> http://www.microsoft.com/isaserver/t...dance/2000.asp
>
> Microsoft Internet Security & Acceleration Server: Partners
> http://www.microsoft.com/isaserver/partners/default.asp
> -----------------------------------------------------
>
>
>
> "Dan Reber" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
>> I have a network with two subnets being used with a windows 2003 Ent as a
>> PDC. Since the PDC has two NIC cards both subnets can log into the
>> domain
>> without a problem. The issue is that PCs from different subnets
>> (255.255.255.248 & 255.255.255.0) cannot "talk" with each other. What do
>> I
>> need to do to get them to see each other when they browse the network?
>>
>> Thanks
>>
>> Dan
>>
>>
>
>

OK, here's an example:

NIC 1, ip: 192.168.0.1, attached to subnet 192.168.0.0/24
NIC 2, ip: 192.168.1.1, attached to subnet 192.168.1.0/24

In this case you configure 2 static routes in RRAS:

1) route to 192.168.0.0/24, through interface NIC 1
2) route to 192.168.1.0/24, through interface NIC 2

This way clients from the same network as NIC 1 will be able to access other
network segment (related to 192.168.1.0/24) through this router, but:
1. They must have configured with 192.168.0.1 as the default gateway (or
some other gateway that also has the route to 192.168.1.0/24 subnet)
2. The clients in the other subnet (where NIC 2 is) should use 192.168.1.1
as the gateway (or, similary, some other gateway that also has the route to
192.168.0.0/24 subnet)

--
Dmitry Korolyov [(E-Mail Removed)]
MVP: Windows Server - Directory Services


"Dan Reber" <(E-Mail Removed)> wrote in message
news:%(E-Mail Removed)...
>I installed it on the server but I am not sure how to configure it.
>
> "Giuseppe Nacci" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
>> Dan Reber wrote:
>> > I have a network with two subnets being used with a windows 2003 Ent
>> > as a PDC. Since the PDC has two NIC cards both subnets can log into
>> > the domain without a problem. The issue is that PCs from different
>> > subnets (255.255.255.248 & 255.255.255.0) cannot "talk" with each
>> > other. What do I need to do to get them to see each other when they
>> > browse the network?
>> >
>> > Thanks
>> >
>> > Dan
>>
>> Have you configured the RRAS?
>> Anyway I suggest to not use double NIC on DC........
>> --
>> ---
>> Giuseppe Nacci
>> Microsoft Certified System Engineer
>> Microsoft Certified Trainer
>> Security Manager
>>
>>
>>
>
>

Thanks, I will look into this but I have a question first. The IPs for the
255.255.255.248 subnet are 70.x.x.65 thru 70.x.x.69 and the IPs for the
255.255.255.0 subnet are 192.168.0.1 thru 192.168.0.50. Can these still
talk to each other?

Thanks

Dan


"Dmitry Korolyov [MVP]" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> OK, here's an example:
>
> NIC 1, ip: 192.168.0.1, attached to subnet 192.168.0.0/24
> NIC 2, ip: 192.168.1.1, attached to subnet 192.168.1.0/24
>
> In this case you configure 2 static routes in RRAS:
>
> 1) route to 192.168.0.0/24, through interface NIC 1
> 2) route to 192.168.1.0/24, through interface NIC 2
>
> This way clients from the same network as NIC 1 will be able to access
other
> network segment (related to 192.168.1.0/24) through this router, but:
> 1. They must have configured with 192.168.0.1 as the default gateway (or
> some other gateway that also has the route to 192.168.1.0/24 subnet)
> 2. The clients in the other subnet (where NIC 2 is) should use 192.168.1.1
> as the gateway (or, similary, some other gateway that also has the route
to
> 192.168.0.0/24 subnet)
>
> --
> Dmitry Korolyov [(E-Mail Removed)]
> MVP: Windows Server - Directory Services
>
>
> "Dan Reber" <(E-Mail Removed)> wrote in message
> news:%(E-Mail Removed)...
> >I installed it on the server but I am not sure how to configure it.
> >
> > "Giuseppe Nacci" <(E-Mail Removed)> wrote in message
> > news:(E-Mail Removed)...
> >> Dan Reber wrote:
> >> > I have a network with two subnets being used with a windows 2003 Ent
> >> > as a PDC. Since the PDC has two NIC cards both subnets can log into
> >> > the domain without a problem. The issue is that PCs from different
> >> > subnets (255.255.255.248 & 255.255.255.0) cannot "talk" with each
> >> > other. What do I need to do to get them to see each other when they
> >> > browse the network?
> >> >
> >> > Thanks
> >> >
> >> > Dan
> >>
> >> Have you configured the RRAS?
> >> Anyway I suggest to not use double NIC on DC........
> >> --
> >> ---
> >> Giuseppe Nacci
> >> Microsoft Certified System Engineer
> >> Microsoft Certified Trainer
> >> Security Manager
> >>
> >>
> >>
> >
> >
>
>

I want to test but I am not sure what the different settings are (I am a
programmer and networking is not my forte). WhI click "New Statis Route..."
the dialog box asks for:

Interface: This is the NIC I assume.
Destination: Not sure what to put here.
Network mask: Not sure what to put here.
Gateway: Not sure what to put here.
Metric: Not sure what to put here.

Thanks for you help.

Dan


"Dmitry Korolyov [MVP]" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> OK, here's an example:
>
> NIC 1, ip: 192.168.0.1, attached to subnet 192.168.0.0/24
> NIC 2, ip: 192.168.1.1, attached to subnet 192.168.1.0/24
>
> In this case you configure 2 static routes in RRAS:
>
> 1) route to 192.168.0.0/24, through interface NIC 1
> 2) route to 192.168.1.0/24, through interface NIC 2
>
> This way clients from the same network as NIC 1 will be able to access
other
> network segment (related to 192.168.1.0/24) through this router, but:
> 1. They must have configured with 192.168.0.1 as the default gateway (or
> some other gateway that also has the route to 192.168.1.0/24 subnet)
> 2. The clients in the other subnet (where NIC 2 is) should use 192.168.1.1
> as the gateway (or, similary, some other gateway that also has the route
to
> 192.168.0.0/24 subnet)
>
> --
> Dmitry Korolyov [(E-Mail Removed)]
> MVP: Windows Server - Directory Services
>
>
> "Dan Reber" <(E-Mail Removed)> wrote in message
> news:%(E-Mail Removed)...
> >I installed it on the server but I am not sure how to configure it.
> >
> > "Giuseppe Nacci" <(E-Mail Removed)> wrote in message
> > news:(E-Mail Removed)...
> >> Dan Reber wrote:
> >> > I have a network with two subnets being used with a windows 2003 Ent
> >> > as a PDC. Since the PDC has two NIC cards both subnets can log into
> >> > the domain without a problem. The issue is that PCs from different
> >> > subnets (255.255.255.248 & 255.255.255.0) cannot "talk" with each
> >> > other. What do I need to do to get them to see each other when they
> >> > browse the network?
> >> >
> >> > Thanks
> >> >
> >> > Dan
> >>
> >> Have you configured the RRAS?
> >> Anyway I suggest to not use double NIC on DC........
> >> --
> >> ---
> >> Giuseppe Nacci
> >> Microsoft Certified System Engineer
> >> Microsoft Certified Trainer
> >> Security Manager
> >>
> >>
> >>
> >
> >
>
>

Problem with that is a mutlihomed DC will register SRV records for every
interface in DNS, complicating the environment. A myriad of troubleshooting
issues often arise as a result of this, such as clients trying to reach DC
on IP interface to which it has no route. I've seen some of this in the
field.

--
Todd J Heron, MCSE
Windows Server 2003/2000/NT; CCA
----------------------------------------------------------------------------
This posting is provided "as is" with no warranties and confers no rights

"Dmitry Korolyov [MVP]" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
This is not required, DC can have network interfaces in as many subnets as
needed, and act as a router at the same time.

All the issues with multihomed DCs are related to network browsing, i.e. to
building the computer list in "My Network Places" - which is absolutely not
required (and, in my opinion, even MUST be avoided in corporate
environments) and does not affect users' ability to access network resources
in any way.

--
Dmitry Korolyov [(E-Mail Removed)]
MVP: Windows Server - Directory Services


"Phillip Windell" <@.> wrote in message
news:%(E-Mail Removed)...
> The DC should run with only one Nic and exist on only one subnet (doesn't
> matter which one). A LAN Router should be placed between the Subnets. SBS
> being the exception, there are a lot of potential networking issues that
> arise from multi-homing a DC.
>
> Here are some examples.
>
> 272294 - Active Directory Communication Fails on Multihomed Domain
> Controllers
> http://support.microsoft.com/default...b;en-us;272294
>
> 191611 - Symptoms of Multihomed Browsers
> http://support.microsoft.com/default...b;EN-US;191611
>
> It doesn't mean it can't be done (it is done with SBS), but it can just be
> troublesome and is recommended that you avoid that situation.
>
> --
> Phillip Windell [MCP, MVP, CCNA]
> www.wandtv.com
> -----------------------------------------------------
> Understanding the ISA 2004 Access Rule Processing
> http://www.isaserver.org/articles/IS...cessRules.html
>
> Microsoft Internet Security & Acceleration Server: Guidance
> http://www.microsoft.com/isaserver/t...dance/2004.asp
> http://www.microsoft.com/isaserver/t...dance/2000.asp
>
> Microsoft Internet Security & Acceleration Server: Partners
> http://www.microsoft.com/isaserver/partners/default.asp
> -----------------------------------------------------
>
>
>
> "Dan Reber" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
>> I have a network with two subnets being used with a windows 2003 Ent as a
>> PDC. Since the PDC has two NIC cards both subnets can log into the
>> domain
>> without a problem. The issue is that PCs from different subnets
>> (255.255.255.248 & 255.255.255.0) cannot "talk" with each other. What do
>> I
>> need to do to get them to see each other when they browse the network?
>>
>> Thanks
>>
>> Dan
>>
>>
>
>

I aggree with that, Todd. If you are using DDNS you get the same sorts
of name resolution problems with multihomed DCs (and remote access servers
which become multihomed as soon as anyone connects) as you used to get with
Netbios names. As with Netbios there are workarounds, but it is easier to
avoid them in the first place if you can.

Todd J Heron wrote:
> Problem with that is a mutlihomed DC will register SRV records for
> every interface in DNS, complicating the environment. A myriad of
> troubleshooting issues often arise as a result of this, such as
> clients trying to reach DC on IP interface to which it has no route.
> I've seen some of this in the field.
>
> --
> Todd J Heron, MCSE
> Windows Server 2003/2000/NT; CCA
> ----------------------------------------------------------------------------
> This posting is provided "as is" with no warranties and confers no
> rights
>
> "Dmitry Korolyov [MVP]" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
> This is not required, DC can have network interfaces in as many
> subnets as needed, and act as a router at the same time.
>
> All the issues with multihomed DCs are related to network browsing,
> i.e. to building the computer list in "My Network Places" - which is
> absolutely not required (and, in my opinion, even MUST be avoided in
> corporate environments) and does not affect users' ability to access
> network resources in any way.
>
>
> "Phillip Windell" <@.> wrote in message
> news:%(E-Mail Removed)...
>> The DC should run with only one Nic and exist on only one subnet
>> (doesn't matter which one). A LAN Router should be placed between
>> the Subnets. SBS being the exception, there are a lot of potential
>> networking issues that arise from multi-homing a DC.
>>
>> Here are some examples.
>>
>> 272294 - Active Directory Communication Fails on Multihomed Domain
>> Controllers
>> http://support.microsoft.com/default...b;en-us;272294
>>
>> 191611 - Symptoms of Multihomed Browsers
>> http://support.microsoft.com/default...b;EN-US;191611
>>
>> It doesn't mean it can't be done (it is done with SBS), but it can
>> just be troublesome and is recommended that you avoid that situation.
>>
>> --
>> Phillip Windell [MCP, MVP, CCNA]
>> www.wandtv.com
>> -----------------------------------------------------
>> Understanding the ISA 2004 Access Rule Processing
>> http://www.isaserver.org/articles/IS...cessRules.html
>>
>> Microsoft Internet Security & Acceleration Server: Guidance
>> http://www.microsoft.com/isaserver/t...dance/2004.asp
>> http://www.microsoft.com/isaserver/t...dance/2000.asp
>>
>> Microsoft Internet Security & Acceleration Server: Partners
>> http://www.microsoft.com/isaserver/partners/default.asp
>> -----------------------------------------------------
>>
>>
>>
>> "Dan Reber" <(E-Mail Removed)> wrote in message
>> news:(E-Mail Removed)...
>>> I have a network with two subnets being used with a windows 2003
>>> Ent as a PDC. Since the PDC has two NIC cards both subnets can log
>>> into the domain
>>> without a problem. The issue is that PCs from different subnets
>>> (255.255.255.248 & 255.255.255.0) cannot "talk" with each other.
>>> What do I
>>> need to do to get them to see each other when they browse the
>>> network?
>>>
>>> Thanks
>>>
>>> Dan