Multi-homed Active Directory Domain Controller

We currently have two domain controllers in our domain.

One of these domain controllers is multi-homed. It has two NICs, facing
on the same subnet. They each have their own IP address. Say for
argument's sake one is 192.168.1.15 and the other is 192.168.1.20. The
DC auto-registers both IPs in DNS.

My question is whether this is either "bad design" or just kind of
questionable -- i.e. leading to wierd slowness in the domain, NetBIOS
problems (I know it's supposed to be going away in W2K3 but we all know
it still pops up in the oddest places) or DNS name resolution issues.

I am thinking about getting rid of one of the NICs and just having one
IP address for the DC, but wanted to check first if the multi-homed
setup is a known boondoggle.

Thanks,

Josh

"Josh R. Andrews" <(E-Mail Removed)> wrote in message
news:#sjRE9o#(E-Mail Removed)...
> We currently have two domain controllers in our domain.
>
> One of these domain controllers is multi-homed. It has two NICs, facing
> on the same subnet.

Well, that frequently doesn't work well and usually
accomplishes litte.

If you have some reason for two NICs on the same
subnet/segment then you really should buy a set with
a "teaming NIC driver" that allows them to function
correctly in tandem.

> They each have their own IP address. Say for
> argument's sake one is 192.168.1.15 and the other is 192.168.1.20. The
> DC auto-registers both IPs in DNS.

Yes, and that may not be a great idea.

> My question is whether this is either "bad design" or just kind of

Yes.

> questionable -- i.e. leading to wierd slowness in the domain, NetBIOS
> problems (I know it's supposed to be going away in W2K3 but we all know
> it still pops up in the oddest places) or DNS name resolution issues.

Yes, it leads to problems in most cases.

> I am thinking about getting rid of one of the NICs and just having one
> IP address for the DC, but wanted to check first if the multi-homed
> setup is a known boondoggle.

Do it.
(Or go the true teaming NIC route.)

BTW, what do you think the 2-NICs are doing for you?
(What's the real goal of having them this way?)

--
Herb Martin


>
> Thanks,
>
> Josh

In news:%23sjRE9o%(E-Mail Removed),
Josh R. Andrews <(E-Mail Removed)> commented
Then Kevin replied below:
> We currently have two domain controllers in our domain.
>
> One of these domain controllers is multi-homed. It has
> two NICs, facing on the same subnet. They each have their
> own IP address. Say for argument's sake one is
> 192.168.1.15 and the other is 192.168.1.20. The DC
> auto-registers both IPs in DNS.
>
> My question is whether this is either "bad design" or
> just kind of questionable -- i.e. leading to wierd
> slowness in the domain, NetBIOS problems (I know it's
> supposed to be going away in W2K3 but we all know it
> still pops up in the oddest places) or DNS name
> resolution issues.
>
> I am thinking about getting rid of one of the NICs and
> just having one IP address for the DC, but wanted to
> check first if the multi-homed setup is a known
> boondoggle.

You say this is Win2k3?
Bridge these connections, then it won't be multihomed, they will have one IP
address and act like one interface. Right click on either interface in
Network Properties and select Bridge connections.



--
Best regards,
Kevin D4 Dad Goodknecht Sr. [MVP]
Hope This Helps
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================

It's a boondoggle. Although http://support.microsoft.com/default...b;en-us;272294
describes a workaround, it's best just to remove one of the NICs.

Steve Riley
(E-Mail Removed)



> We currently have two domain controllers in our domain.
>
> One of these domain controllers is multi-homed. It has two NICs,
> facing on the same subnet. They each have their own IP address. Say
> for argument's sake one is 192.168.1.15 and the other is 192.168.1.20.
> The DC auto-registers both IPs in DNS.
>
> My question is whether this is either "bad design" or just kind of
> questionable -- i.e. leading to wierd slowness in the domain, NetBIOS
> problems (I know it's supposed to be going away in W2K3 but we all
> know it still pops up in the oddest places) or DNS name resolution
> issues.
>
> I am thinking about getting rid of one of the NICs and just having one
> IP address for the DC, but wanted to check first if the multi-homed
> setup is a known boondoggle.
>
> Thanks,
>
> Josh
>

Agreed, if on the same subnet either team or remove one. If on separate subnets
you are ok. Either way, only one interface should have a default gateway configured.

If WINS is involved, no multihoming period.

joe

--
Joe Richards Microsoft MVP Windows Server Directory Services
www.joeware.net


Herb Martin wrote:
> "Josh R. Andrews" <(E-Mail Removed)> wrote in message
> news:#sjRE9o#(E-Mail Removed)...
>
>>We currently have two domain controllers in our domain.
>>
>>One of these domain controllers is multi-homed. It has two NICs, facing
>>on the same subnet.
>
>
> Well, that frequently doesn't work well and usually
> accomplishes litte.
>
> If you have some reason for two NICs on the same
> subnet/segment then you really should buy a set with
> a "teaming NIC driver" that allows them to function
> correctly in tandem.
>
>
>>They each have their own IP address. Say for
>>argument's sake one is 192.168.1.15 and the other is 192.168.1.20. The
>>DC auto-registers both IPs in DNS.
>
>
> Yes, and that may not be a great idea.
>
>
>>My question is whether this is either "bad design" or just kind of
>
>
> Yes.
>
>
>>questionable -- i.e. leading to wierd slowness in the domain, NetBIOS
>>problems (I know it's supposed to be going away in W2K3 but we all know
>>it still pops up in the oddest places) or DNS name resolution issues.
>
>
> Yes, it leads to problems in most cases.
>
>
>>I am thinking about getting rid of one of the NICs and just having one
>>IP address for the DC, but wanted to check first if the multi-homed
>>setup is a known boondoggle.
>
>
> Do it.
> (Or go the true teaming NIC route.)
>
> BTW, what do you think the 2-NICs are doing for you?
> (What's the real goal of having them this way?)
>

"Joe Richards [MVP]" <(E-Mail Removed)> wrote in message
news:OZhNrnp#(E-Mail Removed)...
> Agreed, if on the same subnet either team or remove one. If on separate
subnets
> you are ok. Either way, only one interface should have a default gateway
configured.

Actually it is even ok, to have multiple default
gateways IF he does it correctly, making sure
the preferred is on the first bound NIC, and that
it has the lowest cost associated with it.

It makes not sense for most people to this though,
and you were probably talking about those who
put something in naively and don't understand the
issues.

> If WINS is involved, no multihoming period.


--
Herb Martin


>
> joe
>
> --
> Joe Richards Microsoft MVP Windows Server Directory Services
> www.joeware.net
>
>
> Herb Martin wrote:
> > "Josh R. Andrews" <(E-Mail Removed)> wrote in message
> > news:#sjRE9o#(E-Mail Removed)...
> >
> >>We currently have two domain controllers in our domain.
> >>
> >>One of these domain controllers is multi-homed. It has two NICs, facing
> >>on the same subnet.
> >
> >
> > Well, that frequently doesn't work well and usually
> > accomplishes litte.
> >
> > If you have some reason for two NICs on the same
> > subnet/segment then you really should buy a set with
> > a "teaming NIC driver" that allows them to function
> > correctly in tandem.
> >
> >
> >>They each have their own IP address. Say for
> >>argument's sake one is 192.168.1.15 and the other is 192.168.1.20. The
> >>DC auto-registers both IPs in DNS.
> >
> >
> > Yes, and that may not be a great idea.
> >
> >
> >>My question is whether this is either "bad design" or just kind of
> >
> >
> > Yes.
> >
> >
> >>questionable -- i.e. leading to wierd slowness in the domain, NetBIOS
> >>problems (I know it's supposed to be going away in W2K3 but we all know
> >>it still pops up in the oddest places) or DNS name resolution issues.
> >
> >
> > Yes, it leads to problems in most cases.
> >
> >
> >>I am thinking about getting rid of one of the NICs and just having one
> >>IP address for the DC, but wanted to check first if the multi-homed
> >>setup is a known boondoggle.
> >
> >
> > Do it.
> > (Or go the true teaming NIC route.)
> >
> > BTW, what do you think the 2-NICs are doing for you?
> > (What's the real goal of having them this way?)
> >

Thanks guys, this just confirms my suspicions.

I inherited this setup; the original intention was for some sort of
network redundancy, but the issues of AD DC multihoming weren't really
understood at that point.

I think I will strip one NIC and IP from the network and then bring the
second NIC on as a member of a team again later on.

Herb Martin wrote:
> "Joe Richards [MVP]" <(E-Mail Removed)> wrote in message
> news:OZhNrnp#(E-Mail Removed)...
>
>>Agreed, if on the same subnet either team or remove one. If on separate
>
> subnets
>
>>you are ok. Either way, only one interface should have a default gateway
>
> configured.
>
> Actually it is even ok, to have multiple default
> gateways IF he does it correctly, making sure
> the preferred is on the first bound NIC, and that
> it has the lowest cost associated with it.
>
> It makes not sense for most people to this though,
> and you were probably talking about those who
> put something in naively and don't understand the
> issues.
>
>
>>If WINS is involved, no multihoming period.
>
>
>

The problem comes up if for some reason one NIC gets close to saturation or
times out on something and the server starts failing over for its default
routing to the other NIC. You get dropped connections and I have also seen it
blue screen. Multiple default gateways on NICS in separate subnets is almost
guaranteed to blow you up.

--
Joe Richards Microsoft MVP Windows Server Directory Services
www.joeware.net


Herb Martin wrote:
> "Joe Richards [MVP]" <(E-Mail Removed)> wrote in message
> news:OZhNrnp#(E-Mail Removed)...
>
>>Agreed, if on the same subnet either team or remove one. If on separate
>
> subnets
>
>>you are ok. Either way, only one interface should have a default gateway
>
> configured.
>
> Actually it is even ok, to have multiple default
> gateways IF he does it correctly, making sure
> the preferred is on the first bound NIC, and that
> it has the lowest cost associated with it.
>
> It makes not sense for most people to this though,
> and you were probably talking about those who
> put something in naively and don't understand the
> issues.
>
>
>>If WINS is involved, no multihoming period.
>
>
>

"Joe Richards [MVP]" <(E-Mail Removed)> wrote in message
news:eJVhtYs#(E-Mail Removed)...
> The problem comes up if for some reason one NIC gets close to saturation
or
> times out on something and the server starts failing over for its default
> routing to the other NIC. You get dropped connections and I have also seen
it
> blue screen. Multiple default gateways on NICS in separate subnets is
almost
> guaranteed to blow you up.
>

That's odd and would be a true bug not a
misconfiguration.

One can readily use NIC 1 to point the
expected router (off the local net or even to
the Internet) and another NIC 2 to point to
a backup.

Note the above will not load balance in general
and will NOT perform as expect (hoped?) if the
NIC 1 route goes down BEYOND the adjacent
router -- the adjacent router connected to NIC 1
must fail completely (to answer) for the second
one to be used (unless there is a bug) -- then
sending through NIC 2 must be sensible for the
machine (reach the same or at least some useful
places.)

--
Herb Martin


> --
> Joe Richards Microsoft MVP Windows Server Directory Services
> www.joeware.net
>
>
> Herb Martin wrote:
> > "Joe Richards [MVP]" <(E-Mail Removed)> wrote in message
> > news:OZhNrnp#(E-Mail Removed)...
> >
> >>Agreed, if on the same subnet either team or remove one. If on separate
> >
> > subnets
> >
> >>you are ok. Either way, only one interface should have a default gateway
> >
> > configured.
> >
> > Actually it is even ok, to have multiple default
> > gateways IF he does it correctly, making sure
> > the preferred is on the first bound NIC, and that
> > it has the lowest cost associated with it.
> >
> > It makes not sense for most people to this though,
> > and you were probably talking about those who
> > put something in naively and don't understand the
> > issues.
> >
> >
> >>If WINS is involved, no multihoming period.
> >
> >
> >

http://support.microsoft.com/default...b;en-us;157025


--
Joe Richards Microsoft MVP Windows Server Directory Services
www.joeware.net


Herb Martin wrote:
> That's odd and would be a true bug not a
> misconfiguration.
>
> One can readily use NIC 1 to point the
> expected router (off the local net or even to
> the Internet) and another NIC 2 to point to
> a backup.
>
> Note the above will not load balance in general
> and will NOT perform as expect (hoped?) if the
> NIC 1 route goes down BEYOND the adjacent
> router -- the adjacent router connected to NIC 1
> must fail completely (to answer) for the second
> one to be used (unless there is a bug) -- then
> sending through NIC 2 must be sensible for the
> machine (reach the same or at least some useful
> places.)
>