To Lanwench

I do have a router supplied by the isp, but that's not the question per se.
Windows website mentions of 2003 server as having modifications suggested by
users themselves. This is a burning question, why can't we isolate the isp
connection? When ".local" exists to suggest that this is an internal
network, why do we get windows tell us yours is not the only server? The
".local" suffix should isolate the isp's settings. Windows documentation
also accepts two nic configuration, then why talk of making life easier by
unplugging one nic?

I would say that this is still a bug in how Windows Server handles
multiple NICs and the registration of domain names. Something similar
happens when you have a DC that is also a VPN server.

--
Jeffrey Randow
(E-Mail Removed)
Windows Networking MVP 2001-2006

http://www.networkblog.net

..On Sun, 1 Oct 2006 23:02:13 +0530, "dindigul" <(E-Mail Removed)>
wrote:

>I do have a router supplied by the isp, but that's not the question per se.
>Windows website mentions of 2003 server as having modifications suggested by
>users themselves. This is a burning question, why can't we isolate the isp
>connection? When ".local" exists to suggest that this is an internal
>network, why do we get windows tell us yours is not the only server? The
>".local" suffix should isolate the isp's settings. Windows documentation
>also accepts two nic configuration, then why talk of making life easier by
>unplugging one nic?
>

It is not a matter of isolating the connection to the ISP. It is a matter
of name resolution. If a server has two NICs, some forms of name resolution
will give you the private NIC IP and some will give you the public one. That
is why Microsoft recommends that you do not run multihomed DCs. The only
exception is sbs, which does take care of the problem automatically.

Even if it is not a DC, a multihomed server can give you name resolution
problems. This was a problem with Netbios names in NT, and that is still a
problem. In addition, you now get similar problems with DNS names because of
dynamic DNS registration. The solution is to make sure that, in your local
DNS, only the server's private IP address is registered for the server's
name. If the local machines use your local DNS (as they should) they will
always get the correct IP for the server.

As Jeffrey mentioned this problem also crops up with remote access
servers. A remote access server has an additional IP address for its
internal interface and this causes the same sort of name resolution problem.

"dindigul" <(E-Mail Removed)> wrote in message
news:OcZJJ%(E-Mail Removed)...
>I do have a router supplied by the isp, but that's not the question per se.
>Windows website mentions of 2003 server as having modifications suggested
>by users themselves. This is a burning question, why can't we isolate the
>isp connection? When ".local" exists to suggest that this is an internal
>network, why do we get windows tell us yours is not the only server? The
>".local" suffix should isolate the isp's settings. Windows documentation
>also accepts two nic configuration, then why talk of making life easier by
>unplugging one nic?
>
>

In news:OcZJJ%(E-Mail Removed),
dindigul <(E-Mail Removed)> typed:
> I do have a router supplied by the isp, but that's not the question
> per se. Windows website mentions of 2003 server as having
> modifications suggested by users themselves. This is a burning
> question, why can't we isolate the isp connection? When ".local"
> exists to suggest that this is an internal network, why do we get
> windows tell us yours is not the only server? The ".local" suffix
> should isolate the isp's settings. Windows documentation also accepts
> two nic configuration, then why talk of making life easier by
> unplugging one nic?

Hi - why are you starting a new thread? It's a lot easier for everyone else
if you keep replies in the same one, until it gets so old and stale you
wouldn't even use it for French toast.

That said, you certainly *can* use two NICs. I just find it overly
complicated for what most people need - and it introduces all sorts of other
potential errors, in addition to potential security problems. As you saw, it
isn't just a matter of installing a second NIC and expecting it to work. I
don't know your exact config, or your goals here, but it doesn't sound like
you installed & configured RRAS/NAT, for one thing.

Frankly, I don't see much value in turning a perfectly good Windows box into
an ersatz router nowadays, when hardware appliances have become so
affordable.

In news:OcZJJ%(E-Mail Removed),
dindigul <(E-Mail Removed)> stated, which I commented on below:
> I do have a router supplied by the isp, but that's not the question
> per se. Windows website mentions of 2003 server as having
> modifications suggested by users themselves. This is a burning
> question, why can't we isolate the isp connection? When ".local"
> exists to suggest that this is an internal network, why do we get
> windows tell us yours is not the only server? The ".local" suffix
> should isolate the isp's settings. Windows documentation also accepts
> two nic configuration, then why talk of making life easier by
> unplugging one nic?

If you like, I have a whole series of steps that has been proven over the
years by many in the community, to configure a multihomed DC (especially if
it is a RRAS server running NAT and VPNs). If you like, I can post it.

BUT >>>> It is *NOT* recommended to run multiple NICs on any DC, whether or
not is is also a RRAS server. This is because as stated, it messes with
resolution and the required AD DNS records that all clients (including the
DC itself) need to *find* AD. Stick to ONE NIC and use a hardware solution.

--
Ace
Innovative IT Concepts, Inc (IITCI)
Willow Grove, PA

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft MVP - Directory Services
Microsoft Certified Trainer

Having difficulty reading or finding responses to your post?
Instead of the website you're using, I suggest to use OEx (Outlook Express
or any other newsreader), and configure a news account, pointing to
news.microsoft.com. This is a direct link to the Microsoft Public
Newsgroups. It is FREE and requires NO ISP's Usenet account. OEx allows you
to easily find, track threads, cross-post, sort by date, poster's name,
watched threads or subject.
It's easy:

How to Configure OEx for Internet News
http://support.microsoft.com/?id=171164

Infinite Diversities in Infinite Combinations
Assimilation Imminent. Resistance is Futile
"Very funny Scotty. Now, beam down my clothes."

The only constant in life is change...