Re: [ActiveDir] Multihomed Domain Controllers

[Paul Williams]

Title: Multihomed Domain Controllers

Couple of points.  Most have probably been covered, or read by you: Clearly label the NICs, e.g. LAN00 and BACKUP00. Adjust the binding order so that LAN00 is above BACKUP00. If you don't require NetBT, disable it on BACKUP00 (BackupExec will most likely not like you if you disable this). Forget about the Advanced TCP/IP DNS option "Don't register in DNS".  There is a hotfix, and it's supposed to be in SP1, but I'm still seeing A records registered in DNS in my lab when I don't want them in there, so use the necessary registry key DisableDynamicUpdate on the NIC BACKUP00. Only have a gateway on LAN00 Bind the BackupExec agent to BACKUP00 only. If the backup LAN is routed, define persistent routes in the routing table. Brower operations won't affect AD.  If you have bad entries in DNS, that will cause issues so check DNS. OS Shouldn't matter.  I've implemented multi-homed systems many times in the past, and have been messing around with NLB and LDAP on DCs (in Unicast mode -requires a second NIC) over the last couple of days without any issues.  DNS is the main issue.  There can be some issues with NetBT/ WINS, but I personally wouldn't use LMHOSTS or WINS on the BACKUP00 NIC.   That's a few points based on what I'm doing in the lab.  Main thing is to test your configuration.  In the last place I worked we used a dedicated backup LAN.  No issues worth noting (in other words it worked and I don't remember any issues), and that was a mixed NT 4, 2k and k3 environment.   Dedicated systems management LANs are also a good idea, e.g. iLO, etc.     --Paul   ----- Original Message ----- From: Jeff Green To: ActiveDir@mail.activedir.org Sent: Wednesday, July 12, 2006 1:03 PM Subject: RE: [ActiveDir] Multihomed Domain Controllers Hi Guys,                     Many thanks to all that have responded (and so quickly !)   Points / clarifications / additional Qs       a)    DNS multihomed issues               Yes, found that in the MS KB about not "registering this connection in DNS" on the second NIC.               Also leave the gateway / DNS TCP/IP settings blank on the second NIC.       b)    Browser Issues               Several things in MS KB about this and fixes (including hacking a registry if I remember correctly)                     But would Browser issues affect AD operations - I'm talking about replication issues here ?       c)    Currently running W2K SP4 + rollups on all DCs - but moving to W2K3.              Sorry should have stated this.         d)    Backup              Using BackupExec, which allows binding of remote agents to specific NICs     Have I got everything covered - I can't believe this is an unusual configuration ?                                             Many Thanks                                         From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jeff Green Sent: 12 July 2006 11:43 To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Multihomed Domain Controllers Hi,      First posting to this list but I've lurked quite a while and I've been very impressed by the quality of replies by the gurus. My question is regarding the advisability of having multihomed DCs. Basically I want to run backups over a separate GbE and as my servers have dual inbuilt NICs this seems an obvious route to take. I know there are some issues with DNS (I have a DNS integrated AD). Would this cause replication problems, etc ? Any other "gotchas" ?                         Many Thanks, --- Jeff Green Network Support Manager SAPIENS (UK) Ltd t: +44 (0)1895 464228 f: +44 (0)1895 463098 "I dream of hover cars and old transistor radios ... She dreams of flowers in a field of sunny bungalows" ------------------------------------------------------------------------ Confidentiality Note: The information contained in this email and document(s) attached are for the exclusive use of the addressee and may contain confidential, privileged and non-disclosable information. If the recipient of this email is not the addressee, such recipient is strictly prohibited from reading, photocopying, distribution or otherwise using this email or its contents in any way. Please notify the Sapiens (UK) Ltd. Systems Administrator via e-mail immediately at [EMAIL PROTECTED], if you have received this email in error. Disclaimer: The views, opinions and guidelines contained in this confidential e-mail are those of the originating author and may not be representative of Sapiens (UK) Ltd. ------------------------------------------------------------------------ ------------------------------------------------------------------------ Confidentiality Note: The information contained in this email and document(s) attached are for the exclusive use of the addressee and may contain confidential, privileged and non-disclosable information. If the recipient of this email is not the addressee, such recipient is strictly prohibited from reading, photocopying, distribution or otherwise using this email or its contents in any way. Please notify the Sapiens (UK) Ltd. Systems Administrator via e-mail immediately at [EMAIL PROTECTED], if you have received this email in error. Disclaimer: The views, opinions and guidelines contained in this confidential e-mail are those of the originating author and may not be representative of Sapiens (UK) Ltd. ------------------------------------------------------------------------