none
Routing and Remote Multicast Traffic

    Question

  • Hello,

    I've just installed Windows 2008 server R2 to function as a Symantec Ghost Solution Server.

    On this server I have installed several Roles:

    -DHCP
    -Active Directory (Global Catalog & DNS)
    -WDS (to be able to load a boot image without the use of FTP)
    -Routing and Remote services

    ---

    The server contains 2 NIC's, both in different LAN's.
    This is required because I need internet access on LAN 1,  and I don't want my clients on LAN2, simply because LAN1 is a LAN which has to be separate from the entire network, due to customer files e.t.c.
    I However now need internet Access, so that's why this server comes in.

    The following settings are used:

    DHCP scope enabled on LAN 1: 192.168.120.1 - 192.168.120.254  / 24 (255.255.255.0) (where 192.168.120.1 is the IP of NIC 1)
    LAN 2 get's it's IP from DHCP on the other LAN, which is configured to give it 192.168.190.1/24 (255.255.255.0)

    The gateway of LAN 1 is empty, because it get's routed to NIC, which has a gateway of 192.168.190.252
    The preferred DNS of NIC 1 is 127.0.0.1, because it is it's own DNS server etc.

    I've configured Routing and Remote to create a NAT, where LAN 2 has the internet Access and LAN 1 needs it.
    RAR completed without any errors, and I have indeed internet access on the server (and clients also)

    Since this is a setup without any routers, the Windows 2008 server has to fungate as one. My network only consists of Switches, this server, and clients:

    [client LAN] - 192.168.120.x --> 192.168.120.1 (gateway) [] <---- 192.168.190.1 (NIC 2) ---> internet

    I hope this all makes sense..

    This gets me towards my actual question:
    Symantec Ghost is on it's best when it uses Mulitcast or even Directed Broadcast.
    However, both traffic doesn't reach the clients.
    The clients can connect to the GhostCast Server (I can see them in their respected IGMP- Multicast groups on RAR), the server actually 'starts the process', but nothing happens.

    Unicast traffic works like  a charm, without a problem, so I have a feeling that something in RAR isn't working as it should.
    I have tried enableing IGMP on LAN 1, both as a Router and as a proxy, but it refuses to send any mulicast traffic towards the clients.

    is there something that I do overlook?, maybe even any directions to look at..

    I have tried disableing WDS when the clients booted towards PXE, (and no longer need WDS), in case these multicast  adresses interfere with the multicast of Symantec Ghost, but to no avail..

    Monday, August 19, 2013 6:04 PM

Answers

  • Only the firewall could block you. The network stack on the server can't block you if it receive the packet.

    If the initial handshake can't occur, run a wireshark and check to be sure the packet get sent where

    A bad NIC onfiguration can on the other side block you (jumbo frame, etc...)


    MCP | MCTS - Exchange 2007, Configuring | Member of TechNet Wiki Community Council | French Moderator on TechNet Wiki (Translation Widget)

    Tuesday, August 20, 2013 1:03 PM
    Moderator

All replies

  • Hi, I REALLY not suggest to use 2 NIC on a Domain controller, it will bring you headache and other problem.

    The ghostcast server is a simple .exe, why not running it from a simple workstation ? I always done that in the past and it work great.

    For better support please check symantec forum. but like I told, multihoming a DC is really not a good option.

    Thanks


    MCP | MCTS - Exchange 2007, Configuring | Member of TechNet Wiki Community Council | French Moderator on TechNet Wiki (Translation Widget)

    Tuesday, August 20, 2013 4:26 AM
    Moderator
  • The problem is that I need to clone multiple devices at once (100+), and a simple workstation will almost explode by then..

    The dual-NIC setup is sadly required because my network admin does not allow me directly onto the internet-LAN.

    I know that my question involves Ghost, but it also involves Multicasting on a Microsoft Windows 2008 server Product, due to the fact that somehow the multicast traffic also does not arrive when I use WDS.., so there should be something (and I suspect RAR) which keeps the traffic 'on hold' or something?

    By the way: AD is only installed because I thought it was required for DHCP, DNS and WDS. It has no other function, due to the fact that the server logs on locally and all systems are cloned for use on a totally different network, on a totally different customer, so we don't do any form of AD authentication....
    Tuesday, August 20, 2013 5:47 AM
  • Only the firewall could block you. The network stack on the server can't block you if it receive the packet.

    If the initial handshake can't occur, run a wireshark and check to be sure the packet get sent where

    A bad NIC onfiguration can on the other side block you (jumbo frame, etc...)


    MCP | MCTS - Exchange 2007, Configuring | Member of TechNet Wiki Community Council | French Moderator on TechNet Wiki (Translation Widget)

    Tuesday, August 20, 2013 1:03 PM
    Moderator
  • DC with Multihoming is the baddest option.

    Try to look the below article : 

    http://support.microsoft.com/kb/272294

    For your issue, As said by Yogmoth, please analyse the packet flow.


    Devaraj G | Technical solution architect

    Tuesday, August 20, 2013 1:56 PM
  • Hi,

    Firstly, please note the following:

    1.Multihoming a DC would cause many problems unexpected.

    2.Broadcast won’t be relayed by NAT by default.

    In addition, would you please provide your network diagram for further research.

    Thanks.

    Wednesday, August 21, 2013 1:52 AM
    Moderator
  • Only the firewall could block you. The network stack on the server can't block you if it receive the packet.

    If the initial handshake can't occur, run a wireshark and check to be sure the packet get sent where

    A bad NIC onfiguration can on the other side block you (jumbo frame, etc...)


    MCP | MCTS - Exchange 2007, Configuring | Member of TechNet Wiki Community Council | French Moderator on TechNet Wiki (Translation Widget)

    And that was indeed the problem.
    The Firewall on PXE Clients refused to be turned off during startnet.cmd (wpeutil disablefirewall), I was sure of the fact that I put in startnet.cmd, but somehow it did not actually commit and I assumed that is was disableing the firewall but because it ran directly after WPEinit and miliseceonds before closing the initial dosbox, I did not see any confirmation or errors.

    Due to the fact that a little vocie inside me doubted myself, I disabled the firewall by hand, and boom, the clients started deploying.

    to all: Thanks for your help!

    Wednesday, August 21, 2013 5:37 AM