Friday, May 16, 2008 3:18 PM
Can a Windows 2008 Domain Controller be multihomed or does it still have the restriction of a single NIC as in Windows 2003 server and earlier?
Friday, May 16, 2008 9:22 PM
Not sure I understand the issue, as any NT> DCs can be multi-homed. What is the issue ? Sure, you have to be careful on which interface DNS is registered, how clients access it etc...but there is no "restriction". Have you some docs that say there is ?
I am not saying it is a smart idea to multihome a DC though
- Stuart Hudman
Friday, May 16, 2008 9:25 PMI've been told many times on different support calls with Microsoft that a multihomed DC is unsupported. This is all the way back to NT4 server.
Friday, May 16, 2008 9:37 PM
Hopefully one of the MS guys can jump in here, but I don't believe that to be the case. Whilst it may not be good practice, I cannot see how it is not supported.
http://support.microsoft.com/kb/272294 talks about failing comms
http://support.microsoft.com/kb/832478 talks about DNS
but you would assume that if it wasn't supported these KBs would say so, rather than giving a solution, workaround or "this is fixed in the next SP"
- Stuart Hudman
Friday, May 16, 2008 9:44 PMI do know that some of the issues were related to WINS and NetBT, but I don't think that was all of them. Further, there still may be some things that depend on these services.
Monday, May 19, 2008 5:38 AMModerator
Technically speaking, multihomed domain controller is supported. However it’s not recommended as numerous issues can occur in such an environment, such as name resolving (DNS, WINS). Though some general configuration change can be performed to avoid the issues that result from the multihomed domain controller, considering the different network environments (default gateway, route table and reason for multihome) and different application usage, you may need to perform some additional operation and troubleshooting to make it work. If it is possible, we strongly suggest that you do not configure domain controller as multihomed.
Here I listed the following known issues of multihomed domain controller for your reference:
- Browsing Service is much affected by multihomed computers. Because the browser service does not merge networks. Each browser service bound to each interface operates independently, and the DC maintains a "separate" cumulative list on each interface that are not merged.
Symptoms of multihomed browsers
Troubleshooting browser Event ID 8021 and 8032 on master browsers
- Influence on the name resolve.
Active Directory communication fails on multihomed domain controllers
Name resolution and connectivity issues occur on Windows 2000 domain controllers that have the Routing and Remote Access service and DNS installed
Delay in NetBIOS connections from a multi-homed computer
Hope it helps.
Monday, May 19, 2008 12:49 PM
Do all these issues still apply to Server 2008?
I guess I wasn't speaking of be supported/unsupported in the technical sense of the word but more in the practical sense.
Monday, May 19, 2008 8:02 PM
Yes, "issues" like name resolution and browsing have been around since NT3.5 and continue all the way through all OSes to 2008. Obviously complicated are added when you bring AD into the fold, but like we have re-iterated, "it is supported, but not best practice".
Hope it helps
- Stuart Hudman
Monday, August 16, 2010 8:42 PM
I dont think this is all of it, says nothing of the risks of multihomed domain controller.
Why would this not help some.
1. Using a proxy server?
2: Firewall outside domain?
3: what research has been done on a multihomed domain controller