1

I have an odd issue with a freshly installed Win2012R2 server (Actually a VM running on VMWare).

The server has 2 nics (Both enabled), one on VLAN101 the other on vlan102. The configuration:

Nic0
IP 10.1.101.123
Mask 255.255.255.0
Gateway 10.1.101.1

DNS1: 10.1.105.11
DNS2: 10.1.105.12

NIC1
IP 10.1.102.54
Mask 255.255.255.0
No gateway configured
No DNS configured

When I try to join our AD Domain, I get an error that the domaincontroller DNS lookup fails.

Pinging the domain controller with PING PDC.Some.Domain fails indeed. PING PDC succeeds...

When I disable the 2nd NIC (The one without gateway and without DNS servers configured) the PING to PDC.Some.Domain succeeds!

Why is the 2nd NIC (That has no DNS/gateway configured) get used for nameresolution?!?

I have tried changing metrics, giving NIC0 a metric of 10 and NIC1 a metric of 20, but that doesn't help...

I have also changed the provider order in advanced settings so that NIC0 is listed before NIC1: STill no joy...

Any idea why this is happening and how I can fix this?

Mike Sherrill 'Cat Recall'
  • 467
  • 2
  • 19
Fredster
  • 11
  • 4
  • Another relevant piece of information would be the IP of the domain controller. Would it happen to be on the 10.1.102.0/24 LAN? I would guess that it may be the same as DNS. Can you try opening a command prompt, and doing a "nslookup google.com"? – Cory Knutson Mar 28 '17 at 21:09
  • @CoryKnutson Hi Cory, I do think we might have gotten further with solving this issue: As a matter of fact the DNS servers are on the SAME vlan (102, not 105 as in my example) as the second NIC. We found that any requests to the DNS servers would go over the 2nd nic without gateway, as it also happens to be on 102 (preferring not having to route). That causes imo the DNS queries to fail (as answers can't be returned?) – Fredster Mar 28 '17 at 21:23

1 Answers1

0

If the second NIC is on the same subnet as the DC, then it should work just fine to communicate with that subnet directly from that NIC (even without a gateway set). Then the common things to check would be the Windows Firewall settings for the secondary NIC, or sometimes dual homed servers can have complications with firewalls. It is hard to know if the firewall issue is possible without a network layout.

Also, can you ping the DC via IP from the new server with and without the 2nd NIC? Trying a public DNS lookup may also give you some insight.

Cory Knutson
  • 1,866
  • 12
  • 20
  • Actually the server is not part of the domain yet (joining the domain fails because of the DNS issues). The issue gets circumvented if I change the vlan on nic2 to anything else than 102... So it definitely seems to be related to the fact that nic2 and DNS are on tbe same vlan. Firewalls are off, so not influencing here... – Fredster Mar 28 '17 at 22:12
  • I am not sure how I implied that it was part of the domain. The second NIC being on that subnet would add a route for that network to the computers routing table as a connected route. That would explain why changing it away from that changes the issue. That tells me that there is a windows firewall, other firewall, or routing issue. Are all three windows firewall profiles disabled (Domain, Private, and public)? Can you confirm if pinging the DC IP works? – Cory Knutson Mar 29 '17 at 21:09
  • The firewall is off on all profiles and PINGing the DNS servers by IP is no issue... Possibly the DNS request goes out on nic2 but answers get routed to nic1? – Fredster Mar 29 '17 at 21:13
  • I think I just put this together. If the DC/DNS is on the same subnet as the second NIC, try configuring the IP/GW on the first NIC, and the IP, no GW, and DNS on the 2nd NIC. That should allow DNS requests to come from the second NIC through the local common subnet, and come back to the new server on the same interface. – Cory Knutson Mar 29 '17 at 21:23