But it seem not link to ADDS configuration.
Scenario of my issue :
We have a lot of servers, so I give you an example for one server. But issue concern my whole platform.
SERVER01 has 2 NIC :
- Ethernet1 : x.x.229.140
- Ethernet2 : x.x.227.140
Default gateway is on Ethernet1 : x.x.229.1
Network Address Netmask Gateway Address Metric
x.x.223.0 255.255.255.0 x.x.227.1 1
0.0.0.0 0.0.0.0 x.x.229.1 Default
So, regarding this route table, SERVER01 must use Ethernet2 NIC (x.x.227.140) to reach x.x.223.0 network and so DC01
But randomly, SERVER01 use Ethernet1 NIC (x.x.229.140) to reach DC01. My firewall rule drop packet on this lan (not on 227.0 of course).
So SERVER01 has some latency to reach DC01.
I don't how I can force SERVER01 to use Ethernet2. It's very strange issue.
If you have any idea, you're welcome :)
That is an odd setup. Normally the DC would not be reachable from the "outer" NIC of the router because the router would be running NAT.
Is there any reason why you could not run NAT? Do you really need you DC to be reachable from other subnets?
We have spread "web servers" on x.x.229.0/24 network (production LAN). Each of them have a second NIC on x.x.227.0/24 for admin traffic (and so Active Directory traffic).
DB servers are in another LAN, with similar configuration (2 NIC, one for production, one for administration).
All servers for "services" NTP, AD, LDAP, DNS, vCenter, etc... are in services LAN.
Do you think there is an issue with DC if we don't use NAT ?
Also, if I disable Automatic metric on "Admin NIC" (x.x.227.140/24) and set value to "1". Do you think this change can solve my issue ?
@Vegan Fanatic: because my firewall drop this some packets, I guess my platform could have some latency.
Is the issue resolved?
I noticed that you have a private in your route table. I guess the IP of DC you provided is a public IP, and I wonder if it has an internal private IP. If so, that means the DC is multi homed and this is not recommended.
I would appreciate if you can also provide your physical network topology.
Issue is not solved :/
IP of DC is an local IP: 10.7.223.39 (and all servers are on this range 10.7.x.x)
NAT will be a "patch" for this issue. Here, servers should be use only one NIC : Ethernet2 (on 10.7.227.0/24).
There is maybe an issue on network stack for Windows Server ? I don't have this behavior with Linux server (Suse are all linked with Active Directory with Samba)
Thanks for your help.