locked
Windows Server 2008 R2 Networking question

    Question

  • I have a Windows server 2008 r2 Server with two networkcards.

    One card is attached to my lan and listed in the domain network

    the other is connected to the internet, and also listed in the domain network.

    I would like to change the internet connection form domain network to private network.

    But I can't find anywhere how to change the domain network to a private network.

    Any help would be greatly apriciated

    Friday, March 19, 2010 8:48 PM

All replies

  • What do you mean by Domain network and Private network?  Are they phyically connected to 2 seperate networks? 

    Please paste the output of IPCONFIG/ALL from your server here


    Santhosh Sivarajan | MCTS, MCSE (W2K3/W2K/NT4), MCSA (W2K3/W2K/MSG), CCNA, Network+ Houston, TX http://blogs.sivarajan.com/ http://publications.sivarajan.com/ This posting is provided "AS IS" with no warranties, and confers no rights.
    Friday, March 19, 2010 11:38 PM
  • Here is the Ipconfig /all

    Both the wan and lan adapter are listed in the domain network.

    The lan adapter is connected to my internal network while the wan adapter is connected to the internet

     

    Windows IP Configuration

       Host Name . . . . . . . . . . . . : DC1
       Primary Dns Suffix  . . . . . . . : Atlantis.local
       Node Type . . . . . . . . . . . . : Hybrid
       IP Routing Enabled. . . . . . . . : Yes
       WINS Proxy Enabled. . . . . . . . : No
       DNS Suffix Search List. . . . . . : Atlantis.local

    PPP adapter RAS (Dial In) Interface:

       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : RAS (Dial In) Interface
       Physical Address. . . . . . . . . :
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes
       IPv4 Address. . . . . . . . . . . : 192.168.50.54(Preferred)
       Subnet Mask . . . . . . . . . . . : 255.255.255.255
       Default Gateway . . . . . . . . . :
       NetBIOS over Tcpip. . . . . . . . : Enabled

    Ethernet adapter WAN:

       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Intel(R) 82567LF-2 Gigabit Network Connec
    tion
       Physical Address. . . . . . . . . : 00-27-0E-11-FA-9E
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes
       Link-local IPv6 Address . . . . . : fe80::5a6:f934:bb1c:f4d0%17(Preferred)
       IPv4 Address. . . . . . . . . . . : 10.0.1.2(Preferred)
       Subnet Mask . . . . . . . . . . . : 255.255.255.0
       Default Gateway . . . . . . . . . : 10.0.1.1
       DHCPv6 IAID . . . . . . . . . . . : 369108750
       DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-13-34-28-A1-00-27-0E-11-FA-9E

       DNS Servers . . . . . . . . . . . : 62.179.104.196
       NetBIOS over Tcpip. . . . . . . . : Enabled

    Ethernet adapter LAN:

       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Intel(R) PRO/1000 GT Desktop Adapter
       Physical Address. . . . . . . . . : 00-1B-21-56-9D-34
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes
       Link-local IPv6 Address . . . . . : fe80::bc36:a0fe:214:d8a8%12(Preferred)
       IPv4 Address. . . . . . . . . . . : 192.168.50.1(Preferred)
       Subnet Mask . . . . . . . . . . . : 255.255.255.0
       Default Gateway . . . . . . . . . :
       DHCPv6 IAID . . . . . . . . . . . : 301996833
       DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-13-34-28-A1-00-27-0E-11-FA-9E

       DNS Servers . . . . . . . . . . . : ::1
                                           192.168.50.1
       NetBIOS over Tcpip. . . . . . . . : Enabled

    Tunnel adapter isatap.{5BBC91AA-8CA1-4CD6-8C9F-0906A885FCAC}:

       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Microsoft ISATAP Adapter
       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes

    Tunnel adapter isatap.{619BA68B-0137-470B-8369-4B58D4BEF06D}:

       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes

    Tunnel adapter Teredo Tunneling Pseudo-Interface:

       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes

    Tunnel adapter isatap.{6E06F030-7526-11D2-BAF4-00600815A4BD}:

       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes

    Saturday, March 20, 2010 6:30 PM
  • What are you trying to accomblish?  Currently, your internet or external connection will go through 10.0.1.2.  If you remove the Gateway address from this interface and add a gateway on "Ethernet adapter LAN" adaptor your external connection will go through that adaptor.  Make sure your DNS configuration is working. 
    Santhosh Sivarajan | MCTS, MCSE (W2K3/W2K/NT4), MCSA (W2K3/W2K/MSG), CCNA, Network+ Houston, TX http://blogs.sivarajan.com/ http://publications.sivarajan.com/ This posting is provided "AS IS" with no warranties, and confers no rights.
    Saturday, March 20, 2010 11:02 PM
  •    You shold not multihome a DC, either by connecting it to two LAN segments or by remote access (client or server). This will cause all sorts of odd problems with name resolution and computer browsing. The network names will be the least of your problems.

       See KB292822 for a description of the sorts of problems which come up with a multihomed DC/DNS server.

      The best solution is to use two separate servers, one for your DC and one as a router/remote access server. If you must run this on one server, the best solution is SBS (which is designed to run like that). If you must run this all on one server you will need to work through the problems outlined in the KB.

     


    Bill
    Sunday, March 21, 2010 12:11 AM
  • I completely agree with Bill.  It is not recommend to Multihome a DC. 

    Initially Junktroep said  "I have a Windows server 2008 r2 Server"  It looks a DC. 

    Here are some good KB articles:

    http://support.microsoft.com/kb/272294

    http://support.microsoft.com/kb/832478 

    Again, I am still trying to understand what exactly you are trying to accomplish

     


    Santhosh Sivarajan | MCTS, MCSE (W2K3/W2K/NT4), MCSA (W2K3/W2K/MSG), CCNA, Network+ Houston, TX http://blogs.sivarajan.com/ http://publications.sivarajan.com/ This posting is provided "AS IS" with no warranties, and confers no rights.
    Sunday, March 21, 2010 2:48 AM
  • It is indeed a multihomed DC with DNS DHCP and RAS enabled.

    Everything is working fine btw no problems with DNS or network browsing.

    What I am trying to accomplish is the following. In windows server 2003 with RAS you had the option of basic firewall on the NAT interfaces.

    With this new windows server 2008 r2 you have to use the advanced firewall. And because of my WAN connection is listed in the Domain Network and I'm not able to identify or set this as a private interface my windows server 2008 r2 is less secure from the internet while the domain rules apply to both connections.

    So for example if I say no ICMP no ICMP possible for ether wan of lan.

    I hope you understand a little bit more what my problem is now.

     

    Sunday, March 21, 2010 10:28 AM
  • Any thoughts?? Bump
    Wednesday, April 07, 2010 10:24 PM
  • You can't do what you are proposing.  Any network card that can see a domain controller for its joined domain is automatically part of the "Domain" profile in firewall.  And by definition, that is true for all network cards in a DC.  They can communicate with the DC because they're attached to it.  There is no way to set a network card in a DC to any other network profile (Public or Private).


    Dave Bishop
    Team Lead
    Windows Server Networking Information Experience Team
    Wednesday, April 07, 2010 11:16 PM
  • Got a similar problem here.  I recently deployed a win2008r2 server with 2 network cards as a DC. It also has RDS installed.  The first nic is attached to the LAN switch and the second to the router which is connect to our ISP (switch is connected to router also).  The second nic is coming up as inactive.  The router is forwarding RDC requests to that nic unsuccessfully. Trying to split the load here by having a separate line for remote traffic.  Can only afford one server tight now so would like to fully utilize it.

    Any help would be much appreciated.

    Thanks,

    Bill

    Sunday, April 18, 2010 4:43 AM
  • Any update?
    Santhosh Sivarajan | MCTS, MCSE (W2K3/W2K/NT4), MCSA (W2K3/W2K/MSG), CCNA, Network+ Houston, TX http://blogs.sivarajan.com/ http://publications.sivarajan.com/ This posting is provided "AS IS" with no warranties, and confers no rights.
    Saturday, June 12, 2010 3:41 AM
  • I ended up placing a router between my server and internet.

    Saturday, June 12, 2010 6:26 AM