ISP:T1 Modem ISP :Fios | | | | | | ASA Firewall(192.168.1.1) ASA Firewall (192.168.3.1) | | | | Swith Swith | | | | | | Client1 Client2 |-------Domain Server--------| Client3 Client4 (Network Card 1: 192.168.1.8 255.255.255.0 Gateway 192.168.1.1 DNS 192.168.1.8 (Network Card2: 192.168.3.8 255.255.255.0 Gateway (Did Not input) DNS (Did not input) Domain: michael123.local Domain Server Name : Server1.michael123.local DNS Server : Installed on Domain Server as Primary I separated network into two (192.168.1.x and 192.168.3.x Network) by using two network cards. There is an Active Directory Domain Sever (One connected to 192.168.1.0 network and 192.168.3.0) Users can logon with their ID and Password on client computer both of network. However, client from 192.168.1.0 and 192.168.3.0 can not communicate each other which was my purpose. ***Here is my question.*** We have a child domain server in la Child Domain Name : la.michael123.local Server name : server2.la.michael123.local DNS: Install on Server2.la.michael123.local as Primary Router : 192.168.20.1 IP Address : 192.168.20.8 Subnet mask: 255.255.255.0 Gateway : 192.168.20.1 DNS : 192.168.20.8 We have two way VPN connection between our remote (la.michael123.local) site (or Child Domain) and our T1. When I ping from parent domain (server1.michael123.local) to server2.la.michael123.local(Child Domain) works fine for booth of ip address and netbios name. When I ping from my remote site(la.michael123.local) to Parent Site (michael123.local), only ping by ip address works. (ping 192.168.1.8 => this works fine) However, if I ping with net bios(Server1.michael123.local), it ping 192.168.3.8 which is Network Card #2 that I installed on Server1 And gave me timeout error message What I need is when I ping server1.michael123.local from my child domain, I should get response from 192.168.1.8 (Network Card #1) rather than 192.168.3.8 (Network card #2) I will be really appreciated for your advice and support. Thank you

You should never multihome a DC. It can cause all sorts of odd problems with name resolution. Use some other device as a router between the subnets, not the DC.Bill

You should never multihome a DC. It can cause all sorts of odd problems with name resolution. Use some other device as a router between the subnets, not the DC.Bill

Hi, Thank you for the post. Agree with Bill, it's not recommended to multihomed DC with DNS and install RRAS on DC server. http://msmvps.com/blogs/acefekay/archive/2009/08/17/multihomed-dcs-with-dns-rras-and-or-pppoe-adapters.aspx If there are more inquiries on this issue, please feel free to let us know. RegardsRick Tan TechNet Community Support

I do not see any problem to put two network card on one DC and do authentication for both network. 192.168.1.x network and 192.168.3.x network never had trouble to connect to DC. Physically 192.168.1.x network and 192.168.3.x network located on same building and just need to block to communicate each other but do not put want two DC for each network. (One DC with two network card works fine and running without any problems) I did not also put RRAS on DC for 192.168.1.x and 192.168.3.x network connection All internet (HTTP,HTTPS,SMTP, Pop and Etc) go out through proxy server and proxy server goes out to FiOS. Only VPN is working for T1 My question is if there is any solution to get response when I ping from my child domain to server1.michael123.local(Parent), I should get response from 192.168.1.8 (Network Card #1) rather than 192.168.3.8 (Network card #2) ?

Hi, Thank you for the post. Agree with Bill, it's not recommended to multihomed DC with DNS and install RRAS on DC server. http://msmvps.com/blogs/acefekay/archive/2009/08/17/multihomed-dcs-with-dns-rras-and-or-pppoe-adapters.aspx If there are more inquiries on this issue, please feel free to let us know. RegardsRick Tan TechNet Community Support

Check to see which ip address/nic netbios and dns are binded to. Thank You, Andrew M. Morgan Microsoft Solutions Engineer 304-841-5766 or 304-581-4919

Dear Mysterchr.... What do you want me to do? Followings are what I did... On Parent DNS Server .... I saw 192.168.1.8 server1.michael123.com 192.168.3.8 server1.michael123.com On Child DNS Server.... I saw 192.168.1.8 server1.michael123.com I saw 192.168.3.8 sever1.michael123.com Therefore, I deleted 192.168.3.8 server1.michael123.com Then if I restart then when i ping server1.michael123.com , It pings 192.168.1.8 however, later on I think DNS updated and it show 192.168.3.8 server1.michael123.com again then when i ping server1.michael123... it ping 192.168.3.8 and time out..... I really Need help.. from Parent to CHild always works.. but from CHild to Parent Domain, it ping 192.168.3.8 .. i want it to ping 192.168.1.8

Do it properly and use some other device to connect the networks. You will always have problems while you have a multihomed DC. I admit it is worse if you also run RRAS on the DC, but it is a problem is any case. Bill

Do it properly and use some other device to connect the networks. You will always have problems while you have a multihomed DC. I admit it is worse if you also run RRAS on the DC, but it is a problem is any case. Bill

Hello, as others already mentioned, multihoming DCs result in multiple problems, as each NIC will register in the DNS forward lookup zone and clients will run into trouble if a request is answered with a different ip address as before so they cannot verify it. PLease assure that your netwroks are connected with a router or Layer3 switch and do NOT use the DC for routing.Best regards Meinolf Weber MVP, MCP, MCTS Microsoft MVP - Directory Services My Blog: http://msmvps.com/blogs/mweber/ Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.