none
Can DC be multihomed in Windows 2008 Server?

    Question

  • Can a Windows 2008 Domain Controller be multihomed or does it still have the restriction of a single NIC as in Windows 2003 server and earlier?

    Friday, May 16, 2008 3:18 PM

Answers

  • Hopefully one of the MS guys can jump in here, but I don't believe that to be the case.  Whilst it may not be good practice, I cannot see how it is not supported.

    http://support.microsoft.com/kb/272294 talks about failing comms

    http://support.microsoft.com/kb/832478 talks about DNS

     

    but you would assume that if it wasn't supported these KBs would say so, rather than giving a solution, workaround or "this is fixed in the next SP"

     

    - Stuart Hudman

     

     

    Friday, May 16, 2008 9:37 PM
  • Hello,

     

    Technically speaking, multihomed domain controller is supported. However it’s not recommended as numerous issues can occur in such an environment, such as name resolving (DNS, WINS). Though some general configuration change can be performed to avoid the issues that result from the multihomed domain controller, considering the different network environments (default gateway, route table and reason for multihome) and different application usage, you may need to perform some additional operation and troubleshooting to make it work. If it is possible, we strongly suggest that you do not configure domain controller as multihomed.  

    Here I listed the following known issues of multihomed domain controller for your reference:

     

    -      Browsing Service is much affected by multihomed computers. Because the browser service does not merge networks. Each browser service bound to each interface operates independently, and the DC maintains a "separate" cumulative list on each interface that are not merged.

     

    Symptoms of multihomed browsers

    http://support.microsoft.com/default.aspx?scid=kb;EN-US;191611

     

    Troubleshooting browser Event ID 8021 and 8032 on master browsers

    http://support.microsoft.com/kb/135404

     

     

    -      Influence on the name resolve.

     

    Active Directory communication fails on multihomed domain controllers

    http://support.microsoft.com/kb/272294

     

    Name resolution and connectivity issues occur on Windows 2000 domain controllers that have the Routing and Remote Access service and DNS installed

    http://support.microsoft.com/kb/830063

     

    Delay in NetBIOS connections from a multi-homed computer

    http://support.microsoft.com/kb/166159

     

     

    Hope it helps.

     

    Monday, May 19, 2008 5:38 AM

All replies

  • Not sure I understand the issue, as any NT> DCs can be multi-homed.  What is the issue ?  Sure, you have to be careful on which interface DNS is registered, how clients access it etc...but there is no "restriction".  Have you some docs that say there is ?

     

    I am not saying it is a smart idea to multihome a DC though 

     

    - Stuart Hudman

    Friday, May 16, 2008 9:22 PM
  • I've been told many times on different support calls with Microsoft that a multihomed DC is unsupported.  This is all the way back to NT4 server.

     

    Friday, May 16, 2008 9:25 PM
  • Hopefully one of the MS guys can jump in here, but I don't believe that to be the case.  Whilst it may not be good practice, I cannot see how it is not supported.

    http://support.microsoft.com/kb/272294 talks about failing comms

    http://support.microsoft.com/kb/832478 talks about DNS

     

    but you would assume that if it wasn't supported these KBs would say so, rather than giving a solution, workaround or "this is fixed in the next SP"

     

    - Stuart Hudman

     

     

    Friday, May 16, 2008 9:37 PM
  • I do know that some of the issues were related to WINS and NetBT, but I don't think that was all of them.  Further, there still may be some things that depend on these services.

     

    Friday, May 16, 2008 9:44 PM
  • Hello,

     

    Technically speaking, multihomed domain controller is supported. However it’s not recommended as numerous issues can occur in such an environment, such as name resolving (DNS, WINS). Though some general configuration change can be performed to avoid the issues that result from the multihomed domain controller, considering the different network environments (default gateway, route table and reason for multihome) and different application usage, you may need to perform some additional operation and troubleshooting to make it work. If it is possible, we strongly suggest that you do not configure domain controller as multihomed.  

    Here I listed the following known issues of multihomed domain controller for your reference:

     

    -      Browsing Service is much affected by multihomed computers. Because the browser service does not merge networks. Each browser service bound to each interface operates independently, and the DC maintains a "separate" cumulative list on each interface that are not merged.

     

    Symptoms of multihomed browsers

    http://support.microsoft.com/default.aspx?scid=kb;EN-US;191611

     

    Troubleshooting browser Event ID 8021 and 8032 on master browsers

    http://support.microsoft.com/kb/135404

     

     

    -      Influence on the name resolve.

     

    Active Directory communication fails on multihomed domain controllers

    http://support.microsoft.com/kb/272294

     

    Name resolution and connectivity issues occur on Windows 2000 domain controllers that have the Routing and Remote Access service and DNS installed

    http://support.microsoft.com/kb/830063

     

    Delay in NetBIOS connections from a multi-homed computer

    http://support.microsoft.com/kb/166159

     

     

    Hope it helps.

     

    Monday, May 19, 2008 5:38 AM
  • Do all these issues still apply to Server 2008?

     

    I guess I wasn't speaking of be supported/unsupported in the technical sense of the word but more in the practical sense.

     

    Monday, May 19, 2008 12:49 PM
  • Yes, "issues" like name resolution and browsing have been around since NT3.5 and continue all the way through all OSes to 2008.  Obviously complicated are added when you bring AD into the fold, but like we have re-iterated, "it is supported, but not best practice".

     

    Hope it helps

     

    - Stuart Hudman

     

    Monday, May 19, 2008 8:02 PM
  • I dont think this is all of it, says nothing of the risks of multihomed domain controller.

    Why would this not help some.

    1. Using a proxy server?

    2: Firewall outside domain?

    3: what research has been done on a multihomed domain controller

    Monday, August 16, 2010 8:42 PM