AD DS NLB?

-

hello experts,

i have inherited couple of windows server 2012 boxes.  1 physical (primary dc ad cs,ad ds, dhcp, dns, iis, nap).  the other 2012 box virtual , acts our backup dc (ad ds, dhcp, dns, nap).  our environment linux exception of our dcs.  just both boxes have been exhibiting intermittent crashes general network failure.  during initial troubleshooting of boxes found oddities advice on.  sorry formatting here struck me strange.

for whatever reason physical box has nic teaming set though 1 interface active in team?  

nlb set on dcs our pdc , bdc hosts?  tcp chimney offload disabled , multicast enabled in nlb assuming why setup works.  i have worked nlb before on iis servers.  so i'm not sure why nlb setup since dcs setup sync via dfs?

our vpn auth device pointed @ nlb cluster ip.  when physical box encounters general network failure.  the vpn requests not being redirected secondary host (bdc) in nlb cluster.  the physical machine has rebooted.  same thing virtual box.  when system stalls requests not being redirected primary host (pdc).  

my thinking disable nic team.  uninstall nlb roles on dcs.  set radius proxy load balancing nps.   guidance best practice helpful.  i'm not sure nlb between our dcs it.  but wrong have been out of windows game time.

thanks

for whatever reason physical box has nic teaming set though 1 interface active in team?  

it not recommended have nic teaming enabled on dc. result in errors when running dcdiag command can use check health state of dcs.

with teaming enabled, might 1 nic enabled while second 1 passive. allows failover in case if active nic fails. if not failover setup might admin have changed settings , left second nic disabled.

nlb set on dcs our pdc , bdc hosts?  tcp chimney offload disabled , multicast enabled in nlb assuming why setup works.  i have worked nlb before on iis servers.  so i'm not sure why nlb setup since dcs setup sync via dfs?

nlb should not used on dcs. nap enabled on both boxes believe purpose of using it.

my thinking disable nic team.  uninstall nlb roles on dcs.  set radius proxy load balancing nps.   guidance best practice helpful.  i'm not sure nlb between our dcs it.  but wrong have been out of windows game time.

my recommendation leave ad/dns/dhcp running on these boxes. recommend install other roles on member servers.

for ha of nps, can refer that: https://social.technet.microsoft.com/forums/windowsserver/en-us/a82799b7-0291-4e92-b029-62e53d63e60d/high-availability-of-nps-server-and-dr?forum=winservernap

this posting provided no warranties or guarantees , , confers no rights.

ahmed malek

my website link

my linkedin profile

my mvp profile



Windows Server  >  Directory Services



Comments

Post a Comment

Popular posts from this blog

Edit Group Policy

-
i have pc has power settings pushed out default domain policy in ad environment. of course on local machine "some settings managed system adminstrator". the machine temporarily no longer in contact domain controller (it's been physically moved , not on same network now) can't updated gpo settings. i believe if edit local group policy won't make difference because of group policy processing , precedence. since it's temporary away ad network, still want use settings of ad user. is there somewhere in registry stored can edit power plan manually until can sync domain? (i need prevent sleeping while plugged in - it's set 1 hour) thanks! allen crist i found site: http://gpsearch.azurewebsites.net/#7916 i able add policy to hkey_local_machine\software\policies\microsoft\power using specs found on site. looks solved issue. i'll report if didn't. thanks! allen crist ...
Read more

Hyper-V VM not reaching OS 'Logon' screen

-
i trying migrate vm vmware hyper-v. so far have done following (seemingly successfully): prepare vmware vm conversion hyper-v format (vhd) within vmware workstation 8.0 environment following steps guide: http://social.technet.microsoft.com/forums/en/winserverhyperv/thread/ef8c12f7-c45d-442e-9a30-c43cd87df3b3   (i.e. remove vm tools, add new ide hard disk…) use vmdk2vhd application convert individual vmdk files vhd ones create new vm in hyper-v exporting in 3 newly converted vhd files at point have checked settings , powered on vm in hyper-v find although windows begins load expected manages reach screen prior login screen saying either of following messages: “windows starting up…” “the active directory rebuilding indices… please wait” to knowledge, albeit limited in area, vm should present me login screen since appears in vmware. if start vm in safe mode can login not desired affect. below details of vm: operating system: windows server 2003 (enterprise edit...
Read more

DNS question...

-
i new setting dns server....my domain name expl. "domain.com"....i set "a" record in forward lookup for  www.domain.com itself...."server's local ip"....i've added no other zones , i seem able resolve names except own....www.domain.com.....also, do i put my isp's dns ip's....for external dns's server can't resolve?....forwarding or in nic setup?......i want setup in my dns server don't have include them on client side..... thanks mark     not put isp dsn server address in settings on nic dc or clients. should point local dns server on dc. set dns forward public dns, such isp. bill Windows Server  >  Network Infrastructure Servers
Read more