Domain Controller with 2 NICs

Hi,

I have a Win2000 Domain (Ex. domain.local) setup with 2 DCs, and each one
with 2 Nic cards. The first card will be assigned a public address with
gateway, and the 2nd card with a private address with no gateway. It's been
working fine for more than 3 yrs. One of the DC is setup as a NAT router
using RRAS for internet access on the private network. Recently I am setting
up a new DC with Windows 2003 R2 also with 2 Nic cards with the same setup,
but the problem is when I tried to promo the server into a DC using dcpromo,
it failed to find the domain. If I disable the NIC with public IP, then the
dcpromo went smoothly. After the server becomes the 3rd DC of a Windows 2000
domain still with only a Nic with private IP, I was able to browse the
domain and look at which DC is the Operation Master. I enable the Nic with a
public IP address and reboot the new DC, I tried to see which DC is the
Operation Master again and it failed.

The question I want to ask is how come the same setup works on Windows 2000
server but not Windows 2003? Was anything changed in Windows 2003, so that
it no longer works in this setup? Should I setup my Domain this way with 2
Nics? The main reason is to have one DC serve also as a NAT router to
provide users with internet access. I know I could simply get a cheap DSL
router to do the job, but if the DC can serve this function, then I don't
want to add anything extra.

--
Thanks,
Alan

It is not a good idea to multihome DCs. It never was, even back in NT
days. In NT it caused problems with Netbios name resolution and browsing.
With W2k/W2k3 that is still a problem, and you also now have problems with
DNS names because of dynamic DNS. The basic reason for the problems is that
you have two IP addresses associated with one machine name. If a name
resolves to the "wrong" IP you don't get what you expect.

The only OS which runs correctly "out of the box" in this config is SBS
(because it is designed as a one server does everything system). There are
ways to get it to work on Windows Server standard edition, but it is easier
to avoid the problem by not using a DC as a router. Similar warnings apply
to using a DC as a remote access server, because they also become multihomed
when a remote user connects.

Why not run two servers as single homed DCs and run the third as a
standalone NAT router?

"Alan" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Hi,
>
> I have a Win2000 Domain (Ex. domain.local) setup with 2 DCs, and each one
> with 2 Nic cards. The first card will be assigned a public address with
> gateway, and the 2nd card with a private address with no gateway. It's
> been working fine for more than 3 yrs. One of the DC is setup as a NAT
> router using RRAS for internet access on the private network. Recently I
> am setting up a new DC with Windows 2003 R2 also with 2 Nic cards with the
> same setup, but the problem is when I tried to promo the server into a DC
> using dcpromo, it failed to find the domain. If I disable the NIC with
> public IP, then the dcpromo went smoothly. After the server becomes the
> 3rd DC of a Windows 2000 domain still with only a Nic with private IP, I
> was able to browse the domain and look at which DC is the Operation
> Master. I enable the Nic with a public IP address and reboot the new DC, I
> tried to see which DC is the Operation Master again and it failed.
>
> The question I want to ask is how come the same setup works on Windows
> 2000 server but not Windows 2003? Was anything changed in Windows 2003,
> so that it no longer works in this setup? Should I setup my Domain this
> way with 2 Nics? The main reason is to have one DC serve also as a NAT
> router to provide users with internet access. I know I could simply get a
> cheap DSL router to do the job, but if the DC can serve this function,
> then I don't want to add anything extra.
>
> --
> Thanks,
> Alan
>