TMG ISP Redundancy and DNS

Hello,

I have installed TMG with 3 NICs such as ISP1, ISP2 and Internal

I configured the ISP1 and ISP2 interfaces with IP addresses and default gateways and

configured internal NIC with IP address, but Default Gateway.

I installed DNS service on TMG and configured the forwarders pointing to ISP DNS servers.

Finally Internal NIC DNS configuration

Primary : 127.0.0.1

Alternative: Internal AD DNS servers

Configured persistent routes

=============================================================
Persistent Routes:
  Network Address          Netmask             Gateway Address  Metric
         10.0.0.0               255.0.0.0                      10.1.2.1            1                  ( Internal LAN)
          1.1.1.1            255.255.255.255             192.168.5.1       2                   ( ISP1 DNS Server)
           2.2.2.2           255.255.255.255             192.168.4.2       3                    ( ISP2 DNS Server)
           0.0.0.0                 0.0.0.0                       192.168.4.2    Default
           0.0.0.0                 0.0.0.0                       192.168.5.1  Default

Now I am trying to join the TMG server to domain but failed. Error saying that cannot resolve domain name

I would highly appreciate any help.

Thanks

January 13th, 2014 9:42am

Hi,

the first DNS entry will always be used until the first DNS Server doesn't repsond:
http://technet.microsoft.com/en-us/library/cc302550.aspx
Change the IP address of the DNS Server on your TMG network card to first listen to the internal DNS Server which is responsible for Active Directory or
create a conditional Forwarder on your DNS Server on the TMG Server to forward DNS request to your internal DNS Server which is responsible for your Actice Directory DNS:
http://technet.microsoft.com/en-us/library/cc782142(v=ws.10).aspx

Free Windows Admin Tool Kit Click here and download it now
January 13th, 2014 12:50pm

Hi,

Please check if your internal dns has relevant SRV record.

http://technet.microsoft.com/en-us/library/cc758647(v=ws.10).aspx

http://support.microsoft.com/kb/241515

In addtion, Firewall may be the reason for your issue.

http://social.technet.microsoft.com/Forums/windowsserver/en-US/bba5ca7a-d6d0-4c49-a11f-99787f65028c/cant-join-a-2008-server-to-active-directory-domain?forum=winserverDS

http://social.msdn.microsoft.com/Forums/windowsazure/en-US/e8cd09de-d333-4fb0-afe2-ee5df16b9b86/cannot-join-domain?forum=windowsazureconnectivity

Best Regards

Quan Gu

January 14th, 2014 2:30am

So far now everything is working.

Just a summary

- Installed the DNS service on TMG.
- Configured the forwarders pointing to ISP 1 & 2 DNS servers.
- Configured the conditional forwarder to forward DNS request to internal DNS server for AD authentication.
- Internai NIC DNS

Primary : 127.0.0.1 ( local host TMG )
Alternative: Internal DNS servers.
Free Windows Admin Tool Kit Click here and download it now
January 14th, 2014 5:44am

So far now everything is working.

Just a summary

- Installed the DNS service on TMG.
- Configured the forwarders pointing to ISP 1 & 2 DNS servers.
- Configured the conditional forwarder to forward DNS request to internal DNS server for AD authentication.
- Internai NIC DNS

Primary : 127.0.0.1 ( local host TMG )
Alternative: Internal DNS servers.
January 14th, 2014 1:41pm

So far now everything is working.

Just a summary

- Installed the DNS service on TMG.
- Configured the forwarders pointing to ISP 1 & 2 DNS servers.
- Configured the conditional forwarder to forward DNS request to internal DNS server for AD authentication.
- Internai NIC DNS

Primary : 127.0.0.1 ( local host TMG )
Alternative: Internal DNS servers.
Free Windows Admin Tool Kit Click here and download it now
January 14th, 2014 1:41pm

Hi,

I am glad hear that.

Also thank you for your sharing.

Best Regards

Quan Gu

January 14th, 2014 8:53pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics