| Author | Messages | |
ken
Posts:173
 | | 07/13/2006 6:20 AM |
| Can't your spyware just change/delete the host entries again? Or use an IP
address (or do you configure static routes for the subnets that the IP
addresses reside in that those host entries point to?)
Has this tactic ever helped anyone in a spyware-on-the-server situation?
(except possibly in a SOHO situation where the server's been treated like a
desktop?)
Cheers
Ken
--
My IIS Blog: www.adOpenStatic.com/cs/blogs/ken
Tech.Ed Sydney: learn all about IIS 7.0 - See you there!
: -----Original Message-----
: From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx [mailto:ActiveDir-
: owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Kevin Brunson
: Sent: Thursday, 13 July 2006 3:00 AM
: To: ActiveDir@xxxxxxxxxxxxxxxxxx
: Subject: RE: [ActiveDir] Multihomed Domain Controllers
:
: I have definitely found the hosts file to be useful on servers to keep
: them from EVER getting to spyware sites. This guy has a great list :
: http://pgl.yoyo.org/adservers/serverlist.php?showintro=0&hostformat=hos
: t
: s
:
: Just cut and paste into the hosts file and you are good to go. I
: scripted it for all of the servers I deal with. But I guess this is
: getting pretty far OT: :)
: Kevin
:
: -----Original Message-----
: From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
: [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Susan Bradley,
: CPA aka Ebitz - SBS Rocks [MVP]
: Sent: Wednesday, July 12, 2006 10:41 AM
: To: ActiveDir@xxxxxxxxxxxxxxxxxx
: Subject: Re: [ActiveDir] Multihomed Domain Controllers
:
: In the year 2006.. I hope we are still not making host file entries on
: servers and workstations.... :-)
:
: Peter Johnson wrote:
:
: > You might want to then create entries in the host file on the backup
: > server so that you guarantee that the backup server always uses the
: > right network connection.
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx | | | |
| ZJORZ
Posts:389
| | 07/13/2006 6:50 AM |
| ________________________________
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx on behalf of Freddy HARTONO
Sent: Thu 2006-07-13 17:09
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: RE: [ActiveDir] Multihomed Domain Controllers
Hi Jorge
Aha, does that happen to be a link somewhere on the net that I can
reference to?
Personally for DC I never find a need for adapter teaming, if the nic
dies and I get an alert from the monitoring server that's all good for
me - clients should failover elsewhere anyway...
So any bullets against teaming would be excellent!
Thank you and have a splendid day!
Kind Regards,
Freddy Hartono
Group Support Engineer
InternationalSOS Pte Ltd
mail: freddy.hartono@xxxxxxxxxxxxxxxxxxxx
phone: (+65) 6330-9785
-----Original Message-----
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Almeida Pinto,
Jorge de
Sent: Thursday, July 13, 2006 9:55 PM
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: RE: [ActiveDir] Multihomed Domain Controllers
In the "Windows Server System Reference Architecture" (WSSRA) Microsoft
states:
"At this time, Microsoft does not support load balanced network teams on
domain controllers due to potential data corruption issues" (Taken from
the Directory Services Blueprint - page 29)
>>>-----Original Message-----
>>>From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
>>>[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Paul
>>>Williams
>>>Sent: Thursday, July 13, 2006 13:50
>>>To: ActiveDir@xxxxxxxxxxxxxxxxxx
>>>Subject: Re: [ActiveDir] Multihomed Domain Controllers
>>>
>>>We team everything. It seems stupid not too. Use fault tolerance
>>>only (as opposed to load balancing) and you've got additional
>>>resilliency. FT works fine with different paths, e.g. different
>>>switches.
>>>
>>>
>>>--Paul
>>>
>>>----- Original Message -----
>>>From: "Freddy HARTONO"
>>>To:
>>>Sent: Thursday, July 13, 2006 2:02 AM
>>>Subject: RE: [ActiveDir] Multihomed Domain Controllers
>>>
>>>
>>>> Don't mean to hijack this thread but on a similar note - whats the
>>>> downside for installing DCs with Adapter Teaming?
>>>>
>>>> All I know is that when adapter teaming is enabled, setting up WINS
>>>> service will pops and error message (which can be ignored)...but
>>>> anything else? I've always been a firm believer of one nic and no
>>>> teaming...
>>>>
>>>> Any comments?
>>>>
>>>>
>>>> Thank you and have a splendid day!
>>>>
>>>> Kind Regards,
>>>>
>>>> Freddy Hartono
>>>> Group Support Engineer
>>>> InternationalSOS Pte Ltd
>>>> mail: freddy.hartono@xxxxxxxxxxxxxxxxxxxx
>>>> phone: (+65) 6330-9785
>>>>
>>>>
>>>> -----Original Message-----
>>>> From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
>>>> [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of
>>>Susan Bradley,
>>>> CPA aka Ebitz - SBS Rocks [MVP]
>>>> Sent: Wednesday, July 12, 2006 11:41 PM
>>>> To: ActiveDir@xxxxxxxxxxxxxxxxxx
>>>> Subject: Re: [ActiveDir] Multihomed Domain Controllers
>>>>
>>>> In the year 2006.. I hope we are still not making host
>>>file entries on
>>>> servers and workstations.... :-)
>>>>
>>>> Peter Johnson wrote:
>>>>
>>>>> You might want to then create entries in the host file on
>>>the backup
>>>>> server so that you guarantee that the backup server
>>>always uses the
>>>>> right network connection.
>>>>>
>>>>>
>>>>>
>>>>>
>>>-------------------------------------------------------------
>>>---------
>>>>> --
>>>>>
>>>>> *From:* ActiveDir-owner@xxxxxxxxxxxxxxxxxx
>>>>> [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] *On Behalf Of *Robert
>>>>> Rutherford
>>>>> *Sent:* 12 July 2006 12:57
>>>>> *To:* ActiveDir@xxxxxxxxxxxxxxxxxx
>>>>> *Subject:* RE: [ActiveDir] Multihomed Domain Controllers
>>>>>
>>>>>
>>>>>
>>>>> No issues, if you...
>>>>>
>>>>>
>>>>>
>>>>> Go to the TCP/IP settings of the backup network card,
>>>click advanced,
>>>>> goto the DNS tab and untick register the connection in DNS.
>>>>>
>>>>>
>>>>>
>>>>> Cheers,
>>>>>
>>>>>
>>>>>
>>>>> Rob
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> *Robert Rutherford*
>>>>> *QuoStar Solutions Limited*
>>>>>
>>>>>
>>>>> The Enterprise Pavilion
>>>>> Fern Barrow
>>>>> Wallisdown
>>>>> Poole
>>>>> Dorset
>>>>> BH12 5HH
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> *T:*
>>>>>
>>>>>
>>>>>
>>>>> +44 (0) 8456 440 331
>>>>>
>>>>> *F:*
>>>>>
>>>>>
>>>>>
>>>>> +44 (0) 8456 440 332
>>>>>
>>>>> *M:*
>>>>>
>>>>>
>>>>>
>>>>> +44 (0) 7974 249 494
>>>>>
>>>>> *E: *
>>>>>
>>>>>
>>>>>
>>>>> robert.rutherford@xxxxxxxxxxx
>>>
>>>>>
>>>>> *W: *
>>>>>
>>>>>
>>>>>
>>>>> www.quostar.com
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>-------------------------------------------------------------
>>>---------
>>>>> --
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> **From:** ActiveDir-owner@xxxxxxxxxxxxxxxxxx
>>>>> [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] *On Behalf Of
>>>*Jeff Green
>>>>> *Sent:* 12 July 2006 11:43
>>>>> *To:* ActiveDir@xxxxxxxxxxxxxxxxxx
>>>>> *Subject:* [ActiveDir] Multihomed Domain Controllers
>>>>>
>>>>> Hi,
>>>>>
>>>>> First posting to this list but I've lurked quite a
>>>while and I've
>>>>
>>>>> been very impressed by the quality of replies by the gurus.
>>>>>
>>>>> My question is regarding the advisability of having
>>>multihomed DCs.
>>>>> Basically I want
>>>>> to run backups over a separate GbE and as my servers have
>>>dual inbuilt
>>>>
>>>>> NICs this seems an obvious route to take. I know there
>>>are some issues
>>>>
>>>>> with DNS (I have a DNS integrated AD).
>>>>>
>>>>> Would this cause replication problems, etc ?
>>>>>
>>>>> Any other "gotchas" ?
>>>>>
>>>>>
>>>>>
>>>>> Many Thanks,
>>>>>
>>>>> ---
>>>>> Jeff Green
>>>>> Network Support Manager
>>>>> SAPIENS (UK) Ltd
>>>>> t: +44 (0)1895 464228 f: +44 (0)1895 463098
>>>>>
>>>>> "I dream of hover cars and old transistor radios ... She dreams of
>>>>> flowers in a field of sunny bungalows"
>>>>>
>>>>>
>>>>>
>>>-------------------------------------------------------------
>>>---------
>>>>> -- Confidentiality Note: The information contained in
>>>this email and
>>>>> document(s) attached are for the exclusive use of the
>>>addressee and
>>>>> may contain confidential, privileged and non-disclosable
>>>information.
>>>>> If the recipient of this email is not the addressee, such
>>>recipient is
>>>>
>>>>> strictly prohibited from reading, photocopying, distribution or
>>>>> otherwise using this email or its contents in any way.
>>>>>
>>>>> Please notify the Sapiens (UK) Ltd. Systems Administrator
>>>via e-mail
>>>>> immediately at networksupport@xxxxxxxxxxxxx, if you have
>>>received this
>>>>
>>>>> email in error.
>>>>>
>>>>> Disclaimer: The views, opinions and guidelines contained in this
>>>>> confidential e-mail are those of the originating author
>>>and may not be
>>>>
>>>>> representative of Sapiens (UK) Ltd.
>>>>>
>>>-------------------------------------------------------------
>>>---------
>>>>> --
>>>>>
>>>>
>>>> --
>>>> Letting your vendors set your risk analysis these days?
>>>> http://www.threatcode.com
>>>>
>>>> If you are a SBSer and you don't subscribe to the SBS
>>>Blog... man ... I
>>>> will hunt you down...
>>>> http://blogs.technet.com/sbs
>>>>
>>>> List info : http://www.activedir.org/List.aspx
>>>> List FAQ : http://www.activedir.org/ListFAQ.aspx
>>>> List archive: http://www.activedir.org/ml/threads.aspx
>>>> List info : http://www.activedir.org/List.aspx
>>>> List FAQ : http://www.activedir.org/ListFAQ.aspx
>>>> List archive: http://www.activedir.org/ml/threads.aspx
>>>
>>>List info : http://www.activedir.org/List.aspx
>>>List FAQ : http://www.activedir.org/ListFAQ.aspx
>>>List archive: http://www.activedir.org/ml/threads.aspx
>>>
This e-mail and any attachment is for authorised use by the intended
recipient(s) only. It may contain proprietary material, confidential
information and/or be subject to legal privilege. It should not be
copied, disclosed to, retained or used by, any other party. If you are
not an intended recipient then please promptly delete this e-mail and
any attachment and all copies and inform the sender. Thank you.
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx
> | | | |
| AD00000364
Posts:0
| | 07/13/2006 11:13 AM |
| Well, I don't think the driving factor is the size of the IT operation
in terms of # DC's necessarily.
In my small environment (3 x DC, 1 x Exchange, 2 x Fileserver, 1 x
Sharepoint), the factors are
My "client" facing network is 100 Mbs Ethernet
Major vendor's servers have come with inbuilt dual GbE NICs for
the last 3+ years
GbE switches are now ridiculously cheap
Backup software supports this configuration (some vendors
recommend this config, as noted by other replies)
Uniform configuration, I backup Exchange, file servers, etc
using this configuration.
So I guess you could look at as a "poor man's SAN".
>From my perspective it seems a reasonable thing to do.
---
Jeff Green
Network Support Manager
SAPIENS (UK) Ltd
t: +44 (0)1895 464228 f: +44 (0)1895 463098
"I dream of hover cars and old transistor radios ... she dreams of
flowers in a field of sunny bungalows"
-----Original Message-----
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Kurt Falde
Sent: 12 July 2006 16:59
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: RE: [ActiveDir] Multihomed Domain Controllers
So how many DC's do you have? What is your DIT size like to warrant
going through all this trouble? Are there other applications that you
need to backup on the DC's that are requiring full backups of all your
DC's. With most environments getting the system state from a DC/GC in
each domain should be enough to allow you to do whatever authoritative
restores that you need. Now if you have other apps that you need to do a
large data backups of then this may be required. Yes you can do
multiple nic's on DC's and quite a few organizations do however it
definitely would not fall under best practices for Domain Controllers.
Kurt Falde
Premier Field Engineer
Northeast Region
Microsoft Corporation
[deleted]
------------------------------------------------------------------------
Confidentiality Note: The information contained in this email and document(s) attached are for the exclusive use of the addressee and may contain confidential, privileged and non-disclosable information. If the recipient of this email is not the addressee, such recipient is strictly prohibited from reading, photocopying, distribution or otherwise using this email or its contents in any way.
Please notify the Sapiens (UK) Ltd. Systems Administrator via e-mail immediately at networksupport@xxxxxxxxxxxxx, if you have received this email in error.
Disclaimer: The views, opinions and guidelines contained in this confidential e-mail are those of the originating author and may not be representative of Sapiens (UK) Ltd.
------------------------------------------------------------------------
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx | | | |
| robertrutherford5
Posts:0
| | 07/13/2006 11:41 AM |
| Jeff,
If you back them up over the client-facing LAN conn or over your Gb
back-end I wouldn't have any concerns. If you want to just standardise
your setup then just go for it.
Cheers.
Rob
Robert Rutherford
QuoStar Solutions Limited
The Enterprise Pavilion
Fern Barrow
Wallisdown
Poole
Dorset
BH12 5HH
T: +44 (0) 8456 440 331
F: +44 (0) 8456 440 332
M: +44 (0) 7974 249 494
E: robert.rutherford@xxxxxxxxxxx
W: www.quostar.com
-----Original Message-----
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Jeff Green
Sent: 13 July 2006 12:13
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: RE: [ActiveDir] Multihomed Domain Controllers
Well, I don't think the driving factor is the size of the IT operation
in terms of # DC's necessarily.
In my small environment (3 x DC, 1 x Exchange, 2 x Fileserver, 1 x
Sharepoint), the factors are
My "client" facing network is 100 Mbs Ethernet
Major vendor's servers have come with inbuilt dual GbE NICs for
the last 3+ years
GbE switches are now ridiculously cheap
Backup software supports this configuration (some vendors
recommend this config, as noted by other replies)
Uniform configuration, I backup Exchange, file servers, etc
using this configuration.
So I guess you could look at as a "poor man's SAN".
>From my perspective it seems a reasonable thing to do.
---
Jeff Green
Network Support Manager
SAPIENS (UK) Ltd
t: +44 (0)1895 464228 f: +44 (0)1895 463098
"I dream of hover cars and old transistor radios ... she dreams of
flowers in a field of sunny bungalows"
-----Original Message-----
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Kurt Falde
Sent: 12 July 2006 16:59
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: RE: [ActiveDir] Multihomed Domain Controllers
So how many DC's do you have? What is your DIT size like to warrant
going through all this trouble? Are there other applications that you
need to backup on the DC's that are requiring full backups of all your
DC's. With most environments getting the system state from a DC/GC in
each domain should be enough to allow you to do whatever authoritative
restores that you need. Now if you have other apps that you need to do a
large data backups of then this may be required. Yes you can do
multiple nic's on DC's and quite a few organizations do however it
definitely would not fall under best practices for Domain Controllers.
Kurt Falde
Premier Field Engineer
Northeast Region
Microsoft Corporation
[deleted]
------------------------------------------------------------------------
Confidentiality Note: The information contained in this email and
document(s) attached are for the exclusive use of the addressee and may
contain confidential, privileged and non-disclosable information. If the
recipient of this email is not the addressee, such recipient is strictly
prohibited from reading, photocopying, distribution or otherwise using
this email or its contents in any way.
Please notify the Sapiens (UK) Ltd. Systems Administrator via e-mail
immediately at networksupport@xxxxxxxxxxxxx, if you have received this
email in error.
Disclaimer: The views, opinions and guidelines contained in this
confidential e-mail are those of the originating author and may not be
representative of Sapiens (UK) Ltd.
------------------------------------------------------------------------
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx | | | |
| AD000001356
Posts:0
| | 07/13/2006 11:50 AM |
| We team everything. It seems stupid not too. Use fault tolerance only (as
opposed to load balancing) and you've got additional resilliency. FT works
fine with different paths, e.g. different switches.
--Paul
----- Original Message -----
From: "Freddy HARTONO"
To:
Sent: Thursday, July 13, 2006 2:02 AM
Subject: RE: [ActiveDir] Multihomed Domain Controllers
Don't mean to hijack this thread but on a similar note - whats the
downside for installing DCs with Adapter Teaming?
All I know is that when adapter teaming is enabled, setting up WINS
service will pops and error message (which can be ignored)...but
anything else? I've always been a firm believer of one nic and no
teaming...
Any comments?
Thank you and have a splendid day!
Kind Regards,
Freddy Hartono
Group Support Engineer
InternationalSOS Pte Ltd
mail: freddy.hartono@xxxxxxxxxxxxxxxxxxxx
phone: (+65) 6330-9785
-----Original Message-----
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Susan Bradley,
CPA aka Ebitz - SBS Rocks [MVP]
Sent: Wednesday, July 12, 2006 11:41 PM
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: Re: [ActiveDir] Multihomed Domain Controllers
In the year 2006.. I hope we are still not making host file entries on
servers and workstations.... :-)
Peter Johnson wrote:
You might want to then create entries in the host file on the backup
server so that you guarantee that the backup server always uses the
right network connection.
----------------------------------------------------------------------
--
*From:* ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] *On Behalf Of *Robert
Rutherford
*Sent:* 12 July 2006 12:57
*To:* ActiveDir@xxxxxxxxxxxxxxxxxx
*Subject:* RE: [ActiveDir] Multihomed Domain Controllers
No issues, if you...
Go to the TCP/IP settings of the backup network card, click advanced,
goto the DNS tab and untick register the connection in DNS.
Cheers,
Rob
*Robert Rutherford*
*QuoStar Solutions Limited*
The Enterprise Pavilion
Fern Barrow
Wallisdown
Poole
Dorset
BH12 5HH
*T:*
+44 (0) 8456 440 331
*F:*
+44 (0) 8456 440 332
*M:*
+44 (0) 7974 249 494
*E: *
robert.rutherford@xxxxxxxxxxx
*W: *
www.quostar.com
----------------------------------------------------------------------
--
**From:** ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] *On Behalf Of *Jeff Green
*Sent:* 12 July 2006 11:43
*To:* ActiveDir@xxxxxxxxxxxxxxxxxx
*Subject:* [ActiveDir] Multihomed Domain Controllers
Hi,
First posting to this list but I've lurked quite a while and I've
been very impressed by the quality of replies by the gurus.
My question is regarding the advisability of having multihomed DCs.
Basically I want
to run backups over a separate GbE and as my servers have dual inbuilt
NICs this seems an obvious route to take. I know there are some issues
with DNS (I have a DNS integrated AD).
Would this cause replication problems, etc ?
Any other "gotchas" ?
Many Thanks,
---
Jeff Green
Network Support Manager
SAPIENS (UK) Ltd
t: +44 (0)1895 464228 f: +44 (0)1895 463098
"I dream of hover cars and old transistor radios ... She dreams of
flowers in a field of sunny bungalows"
----------------------------------------------------------------------
-- Confidentiality Note: The information contained in this email and
document(s) attached are for the exclusive use of the addressee and
may contain confidential, privileged and non-disclosable information.
If the recipient of this email is not the addressee, such recipient is
strictly prohibited from reading, photocopying, distribution or
otherwise using this email or its contents in any way.
Please notify the Sapiens (UK) Ltd. Systems Administrator via e-mail
immediately at networksupport@xxxxxxxxxxxxx, if you have received this
email in error.
Disclaimer: The views, opinions and guidelines contained in this
confidential e-mail are those of the originating author and may not be
representative of Sapiens (UK) Ltd.
----------------------------------------------------------------------
--
--
Letting your vendors set your risk analysis these days?
http://www.threatcode.com
If you are a SBSer and you don't subscribe to the SBS Blog... man ... I
will hunt you down...
http://blogs.technet.com/sbs
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx | | | |
| AD000001290
Posts:0
| | 07/13/2006 12:18 PM |
| FWIW - I too have teamed NICs in FT mode on DCs on many occasions and
have never experienced any issues.
The NIC driver only presents one NIC to the OS so I don't why that
should cause an issue. The FT aspects are transparent to the OS.
neil
-----Original Message-----
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Paul Williams
Sent: 13 July 2006 12:50
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: Re: [ActiveDir] Multihomed Domain Controllers
We team everything. It seems stupid not too. Use fault tolerance only
(as opposed to load balancing) and you've got additional resilliency.
FT works fine with different paths, e.g. different switches.
--Paul
----- Original Message -----
From: "Freddy HARTONO"
To:
Sent: Thursday, July 13, 2006 2:02 AM
Subject: RE: [ActiveDir] Multihomed Domain Controllers
> Don't mean to hijack this thread but on a similar note - whats the
> downside for installing DCs with Adapter Teaming?
>
> All I know is that when adapter teaming is enabled, setting up WINS
> service will pops and error message (which can be ignored)...but
> anything else? I've always been a firm believer of one nic and no
> teaming...
>
> Any comments?
>
>
> Thank you and have a splendid day!
>
> Kind Regards,
>
> Freddy Hartono
> Group Support Engineer
> InternationalSOS Pte Ltd
> mail: freddy.hartono@xxxxxxxxxxxxxxxxxxxx
> phone: (+65) 6330-9785
>
>
> -----Original Message-----
> From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
> [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Susan
Bradley,
> CPA aka Ebitz - SBS Rocks [MVP]
> Sent: Wednesday, July 12, 2006 11:41 PM
> To: ActiveDir@xxxxxxxxxxxxxxxxxx
> Subject: Re: [ActiveDir] Multihomed Domain Controllers
>
> In the year 2006.. I hope we are still not making host file entries on
> servers and workstations.... :-)
>
> Peter Johnson wrote:
>
>> You might want to then create entries in the host file on the backup
>> server so that you guarantee that the backup server always uses the
>> right network connection.
>>
>>
>>
>>
----------------------------------------------------------------------
>> --
>>
>> *From:* ActiveDir-owner@xxxxxxxxxxxxxxxxxx
>> [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] *On Behalf Of *Robert
>> Rutherford
>> *Sent:* 12 July 2006 12:57
>> *To:* ActiveDir@xxxxxxxxxxxxxxxxxx
>> *Subject:* RE: [ActiveDir] Multihomed Domain Controllers
>>
>>
>>
>> No issues, if you...
>>
>>
>>
>> Go to the TCP/IP settings of the backup network card, click advanced,
>> goto the DNS tab and untick register the connection in DNS.
>>
>>
>>
>> Cheers,
>>
>>
>>
>> Rob
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> *Robert Rutherford*
>> *QuoStar Solutions Limited*
>>
>>
>> The Enterprise Pavilion
>> Fern Barrow
>> Wallisdown
>> Poole
>> Dorset
>> BH12 5HH
>>
>>
>>
>>
>>
>>
>>
>>
>> *T:*
>>
>>
>>
>> +44 (0) 8456 440 331
>>
>> *F:*
>>
>>
>>
>> +44 (0) 8456 440 332
>>
>> *M:*
>>
>>
>>
>> +44 (0) 7974 249 494
>>
>> *E: *
>>
>>
>>
>> robert.rutherford@xxxxxxxxxxx
>>
>> *W: *
>>
>>
>>
>> www.quostar.com
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
----------------------------------------------------------------------
>> --
>>
>>
>>
>>
>>
>> **From:** ActiveDir-owner@xxxxxxxxxxxxxxxxxx
>> [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] *On Behalf Of *Jeff Green
>> *Sent:* 12 July 2006 11:43
>> *To:* ActiveDir@xxxxxxxxxxxxxxxxxx
>> *Subject:* [ActiveDir] Multihomed Domain Controllers
>>
>> Hi,
>>
>> First posting to this list but I've lurked quite a while and
I've
>
>> been very impressed by the quality of replies by the gurus.
>>
>> My question is regarding the advisability of having multihomed DCs.
>> Basically I want
>> to run backups over a separate GbE and as my servers have dual
inbuilt
>
>> NICs this seems an obvious route to take. I know there are some
issues
>
>> with DNS (I have a DNS integrated AD).
>>
>> Would this cause replication problems, etc ?
>>
>> Any other "gotchas" ?
>>
>>
>>
>> Many Thanks,
>>
>> ---
>> Jeff Green
>> Network Support Manager
>> SAPIENS (UK) Ltd
>> t: +44 (0)1895 464228 f: +44 (0)1895 463098
>>
>> "I dream of hover cars and old transistor radios ... She dreams of
>> flowers in a field of sunny bungalows"
>>
>>
>>
----------------------------------------------------------------------
>> -- Confidentiality Note: The information contained in this email and
>> document(s) attached are for the exclusive use of the addressee and
>> may contain confidential, privileged and non-disclosable information.
>> If the recipient of this email is not the addressee, such recipient
is
>
>> strictly prohibited from reading, photocopying, distribution or
>> otherwise using this email or its contents in any way.
>>
>> Please notify the Sapiens (UK) Ltd. Systems Administrator via e-mail
>> immediately at networksupport@xxxxxxxxxxxxx, if you have received
this
>
>> email in error.
>>
>> Disclaimer: The views, opinions and guidelines contained in this
>> confidential e-mail are those of the originating author and may not
be
>
>> representative of Sapiens (UK) Ltd.
>>
----------------------------------------------------------------------
>> --
>>
>
> --
> Letting your vendors set your risk analysis these days?
> http://www.threatcode.com
>
> If you are a SBSer and you don't subscribe to the SBS Blog... man ...
I
> will hunt you down...
> http://blogs.technet.com/sbs
>
> List info : http://www.activedir.org/List.aspx
> List FAQ : http://www.activedir.org/ListFAQ.aspx
> List archive: http://www.activedir.org/ml/threads.aspx
> List info : http://www.activedir.org/List.aspx
> List FAQ : http://www.activedir.org/ListFAQ.aspx
> List archive: http://www.activedir.org/ml/threads.aspx
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx
PLEASE READ: The information contained in this email is confidential and
intended for the named recipient(s) only. If you are not an intended
recipient of this email please notify the sender immediately and delete your
copy from your system. You must not copy, distribute or take any further
action in reliance on it. Email is not a secure method of communication and
Nomura International plc ('NIplc') will not, to the extent permitted by law,
accept responsibility or liability for (a) the accuracy or completeness of,
or (b) the presence of any virus, worm or similar malicious or disabling
code in, this message or any attachment(s) to it. If verification of this
email is sought then please request a hard copy. Unless otherwise stated
this email: (1) is not, and should not be treated or relied upon as,
investment research; (2) contains views or opinions that are solely those of
the author and do not necessarily represent those of NIplc; (3) is intended
for informational purposes only and is not a recommendation, solicitation or
offer to buy or sell securities or related financial instruments. NIplc
does not provide investment services to private customers. Authorised and
regulated by the Financial Services Authority. Registered in England
no. 1550505 VAT No. 447 2492 35. Registered Office: 1 St Martin's-le-Grand,
London, EC1A 4NP. A member of the Nomura group of companies.
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx | | | |
| AFidel
Posts:88
| | 07/13/2006 12:23 PM |
| Yeah except the fact that thin clients
have about twice the useful life, are less prone to failure by virtue of
having no moving parts, and use a fraction of the power. There's still
a TCO argument to be made, but the initial outlay argument is gone.
Andrew Fidel
"Matt Hargraves"
Sent by: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
07/12/2006 04:46 PM
Please respond to
ActiveDir@xxxxxxxxxxxxxxxxxx
To
ActiveDir@xxxxxxxxxxxxxxxxxx
cc
Subject
Re: [ActiveDir] Multihomed
Domain Controllers
Not so sure I agree with that. Thin clients work
just fine, require less maintenance and can be replaced in 5 minutes, vs.
the 3 hour argument that you'll get if you try replacing someone's desktop
because they saved 190000 items that have nothing to do with their job
on the local hard drive.
Then again, desktops are about as expensive nowadays as thin clients, so
the justification for thin clients isn't what it used to be. | | | |
| habr
Posts:0
| | 07/13/2006 12:25 PM |
| Brian,
Could you please explain to me
what you mean by "save for the browsing situation, but who uses that
anyway?" Are you saying that your networks don't have browse
masters? How do people find resources then?
Thanks.
RH
___________________________________________
-----Original Message-----From:
ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx]On Behalf Of Brian
DesmondSent: 13 July, 2006 1:29 AMTo:
ActiveDir@xxxxxxxxxxxxxxxxxxSubject: RE: [ActiveDir] Multihomed
Domain Controllers
I™ve
got hundreds of sites/forests with multihomed DCs. It works fine save for the
browsing situation, but who uses that anyway?
Thanks,
Brian
Desmond
brian@xxxxxxxxxxxxxxxx
c
- 312.731.3132
From:
ActiveDir-owner@xxxxxxxxxxxxxxxxxx [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx]
On Behalf Of Al MulnickSent: Wednesday, July 12, 2006 8:36
AMTo: ActiveDir@xxxxxxxxxxxxxxxxxxSubject: Re:
[ActiveDir] Multihomed Domain Controllers
Personally, I've never used that configuration for a
DC. Since being bit in the nt4.0 days (before that really, but hate to
show the age :) I've had architectural reasons to not do that. Since AD
is made up of a multi-master fabric, I have had no reason at all to require an
isolated network dedicated to backups. I get the feeling in your case
it's just a nice to have vs. a requirement since you have the hardware and
figure why not put it to use. You'd be a rare exception if the size of
the dit is large enough to require such a configuration. Saying that, is
it possible? Most likley. Will it be difficult when/if you call for
support for some other issue to explain to the engineer that you have a
mutli-homed DC? Most likely. Does it break the "keep it as simple as
possible while meeting the requirements?" rule? Most likley.
When you test this, as the others have mentioned, be sure
to test the recoverability and the gotchas that come along with bringing up a
recovered DC on a multi-homed machine. You'll want to have that
documented and thouroughly tested so as not to have to deal with that when
under pressure. You may also want to consider an alternative backup
method that doesn't require a dedicated network to the DC's.
Just some random thoughts and my $.04 (USD) worth.
Al
On 7/12/06, Jeff Green Jeff_Green@xxxxxxxxxxxxx>
wrote:
Hi
Guys,
Many
thanks to all that have responded (and so quickly !)
Points
/ clarifications / additional Qs
a)
DNS multihomed issues
Yes,
found that in the MS KB about not "registering this connection in DNS" on the
second NIC.
Also
leave the gateway / DNS TCP/IP settings blank on the second
NIC.
b)
Browser Issues
Several
things in MS KB about this and fixes (including hacking a registry if I
remember correctly)
But
would Browser issues affect AD operations - I'm talking about replication
issues here ?
c)
Currently running W2K SP4 + rollups on all DCs - but moving to
W2K3.
Sorry
should have stated this.
d)
Backup
Using BackupExec, which allows binding of remote agents to specific
NICs
Have I
got everything covered - I can't believe this is an unusual configuration
?
Many
Thanks
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx [mailto:
ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Jeff
GreenSent: 12 July 2006
11:43
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: [ActiveDir] Multihomed Domain
Controllers
Hi,
First posting to this list but I've lurked quite a while and I've been very
impressed by the quality of
replies by the gurus.
My
question is regarding the advisability of having multihomed DCs. Basically I
want to run backups over
a separate GbE and as my servers have dual inbuilt NICs this seems an obvious
route to take. I know there are some issues with DNS (I have a DNS integrated
AD).
Would this
cause replication problems, etc ?
Any other
"gotchas" ?
Many Thanks,
---
Jeff
Green Network Support
Manager SAPIENS (UK)
Ltd t: +44 (0)1895
464228 f: +44 (0)1895 463098
"I dream
of hover cars and old transistor radios ... She dreams of flowers in a field
of sunny bungalows"
------------------------------------------------------------------------
Confidentiality Note: The information contained in
this email and document(s) attached are for the exclusive use of the addressee
and may contain confidential, privileged and non-disclosable information. If
the recipient of this email is not the addressee, such recipient is strictly
prohibited from reading, photocopying, distribution or otherwise using this
email or its contents in any way. Please notify
the Sapiens (UK) Ltd. Systems Administrator via e-mail immediately at networksupport@xxxxxxxxxxxxx , if you have received this
email in error.Disclaimer: The views, opinions
and guidelines contained in this confidential e-mail are those of the
originating author and may not be representative of Sapiens (UK) Ltd.
------------------------------------------------------------------------
------------------------------------------------------------------------
Confidentiality Note: The information
contained in this email and document(s) attached are for the exclusive use of
the addressee and may contain confidential, privileged and non-disclosable
information. If the recipient of this email is not the addressee, such
recipient is strictly prohibited from reading, photocopying, distribution or
otherwise using this email or its contents in any way. Please notify the Sapiens (UK) Ltd. Systems Administrator via e-mail
immediately at networksupport@xxxxxxxxxxxxx , if you have received this
email in error.Disclaimer: The views, opinions
and guidelines contained in this confidential e-mail are those of the
originating author and may not be representative of Sapiens (UK) Ltd.
------------------------------------------------------------------------ | | | |
| amulnick
Posts:163
| | 07/13/2006 12:48 PM |
| I don't deploy any servers which are connected to a monitoring system that calls me at night or calls my manager without fault-tolerant NIC teaming. Inevitably it will be my fault when the network team crashes a supervisor in a 6509 or a line card dies. I have no second thoughts about using a $250 switchport as a failover port. Some shops I've found the network guys expect this from my part so it's not their problem when a NIC dies or a cable gets screwed up or whatever. Conversely I've dealt with network teams and systems people who haven't the faintest clue how teaming works and go ballistic when they hear it. It won't cause spanning tree issues (most popular network team myth I've heard), it doesn't require setting up an etherchannel (you can't have an etherchannel span switches), and it doesn't require four IOS commands and three TAC calls to make it work. It also doesn't crash switches, create broadcast loops, flood segments, etc.
I've deployed thousands of network connections with HPQ, Broadcom, and Intel teaming software and have not had issues yet. On clusters I always team across the onboard and PCI NIC for the redundancy. DCs and other stuff without a PCI NIC I just team the two ports for switch fault tolerance. This is also an easy way to see if your network people didn't follow directions on the cross connects “ if the team negotiates a 200mbps or 2gbps connection, they're on the same switch, and quite likely the same line card
Thanks,
Brian Desmond
brian@xxxxxxxxxxxxxxxx
c - 312.731.3132
From:
ActiveDir-owner@xxxxxxxxxxxxxxxxxx [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx
] On Behalf Of Al MulnickSent: Wednesday, July 12, 2006 8:29 PM
To:
ActiveDir@xxxxxxxxxxxxxxxxxxSubject: Re: [ActiveDir] Multihomed Domain Controllers
I've not had good luck with teaming and I've yet to see much benefit. Saying that, I can see where teaming in a failover method might have some benefits for other types of servers. Due to the way AD is deployed (fabric vs. cluster or single instance) I see no point in making anything complex when it comes to a domain controller. I view teaming as one more piece of software to configure (and potentially mess up) and one more thing in my troubleshooting list if something goes amiss.
On 7/12/06, Freddy HARTONO wrote:
Don't mean to hijack this thread but on a similar note - whats thedownside for installing DCs with Adapter Teaming? All I know is that when adapter teaming is enabled, setting up WINSservice will pops and error message (which can be ignored)...but
anything else? I've always been a firm believer of one nic and noteaming... Any comments?Thank you and have a splendid day!Kind Regards,Freddy HartonoGroup Support Engineer
InternationalSOS Pte Ltdmail: freddy.hartono@xxxxxxxxxxxxxxxxxxxx
phone: (+65) 6330-9785-----Original Message-----From:
ActiveDir-owner@xxxxxxxxxxxxxxxxxx[mailto:
ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Susan Bradley,CPA aka Ebitz - SBS Rocks [MVP]Sent: Wednesday, July 12, 2006 11:41 PMTo:
ActiveDir@xxxxxxxxxxxxxxxxxx Subject: Re: [ActiveDir] Multihomed Domain ControllersIn the year 2006.. I hope we are still not making host file entries onservers and workstations.... :-)Peter Johnson wrote:
> You might want to then create entries in the host file on the backup > server so that you guarantee that the backup server always uses the> right network connection.>>>> ----------------------------------------------------------------------
> -- >> *From:* ActiveDir-owner@xxxxxxxxxxxxxxxxxx
> [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx
] *On Behalf Of *Robert> Rutherford> *Sent:* 12 July 2006 12:57> *To:*
ActiveDir@xxxxxxxxxxxxxxxxxx> *Subject:* RE: [ActiveDir] Multihomed Domain Controllers >>>> No issues, if you...>>>> Go to the TCP/IP settings of the backup network card, click advanced,
> goto the DNS tab and untick register the connection in DNS. >>>> Cheers,>>>> Rob>>>>>>>>>
> *Robert Rutherford*> *QuoStar Solutions Limited*>>> The Enterprise Pavilion> Fern Barrow> Wallisdown> Poole> Dorset> BH12 5HH>>>
>>>>>> *T:*>>> > +44 (0) 8456 440 331>> *F:*>>>> +44 (0) 8456 440 332>> *M:*>>>
> +44 (0) 7974 249 494>> *E: *>>> >
robert.rutherford@xxxxxxxxxxx >> *W: *>> >> www.quostar.com >>>>>>>
>>>>>>>>>>>>>>>>> ----------------------------------------------------------------------> --
>>>> >> **From:**
ActiveDir-owner@xxxxxxxxxxxxxxxxxx> [mailto:
ActiveDir-owner@xxxxxxxxxxxxxxxxxx ] *On Behalf Of *Jeff Green> *Sent:* 12 July 2006 11:43> *To:*
ActiveDir@xxxxxxxxxxxxxxxxxx> *Subject:* [ActiveDir] Multihomed Domain Controllers> > Hi,>> First posting to this list but I've lurked quite a while and I've> been very impressed by the quality of replies by the gurus.
>> My question is regarding the advisability of having multihomed DCs. > Basically I want> to run backups over a separate GbE and as my servers have dual inbuilt> NICs this seems an obvious route to take. I know there are some issues
> with DNS (I have a DNS integrated AD). >> Would this cause replication problems, etc ?>> Any other "gotchas" ?>>>> Many Thanks,
>> ---> Jeff Green> Network Support Manager> SAPIENS (UK) Ltd> t: +44 (0)1895 464228 f: +44 (0)1895 463098>> "I dream of hover cars and old transistor radios ... She dreams of
> flowers in a field of sunny bungalows" >>> ----------------------------------------------------------------------> -- Confidentiality Note: The information contained in this email and
> document(s) attached are for the exclusive use of the addressee and > may contain confidential, privileged and non-disclosable information.> If the recipient of this email is not the addressee, such recipient is
> strictly prohibited from reading, photocopying, distribution or > otherwise using this email or its contents in any way.>> Please notify the Sapiens (UK) Ltd. Systems Administrator via e-mail
> immediately at networksupport@xxxxxxxxxxxxx , if you have received this
> email in error.>> Disclaimer: The views, opinions and guidelines contained in this> confidential e-mail are those of the originating author and may not be> representative of Sapiens (UK) Ltd.
> ----------------------------------------------------------------------> -->--Letting your vendors set your risk analysis these days?
http://www.threatcode.comIf you are a SBSer and you don't subscribe to the SBS Blog... man ... Iwill hunt you down...
http://blogs.technet.com/sbsList info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx | | | |
| amulnick
Posts:163
| | 07/13/2006 12:52 PM |
| | Message body was not found. | | | |
| sbradcpa
Posts:496
| | 07/14/2006 5:48 AM |
| Since ...uh.. you know ..me.. and uh... well...
I hang in the 'hood at times..what can I say?
Honestly in the 2k3/XP era I can't say I have browse master issues anyway...
Brian Desmond wrote:
*I don™t know anyone who goes in network neighborhood. My last AD gig
had 90K windtel devices and 500K users at almost 800 WAN locations “
going in nethood was a pretty silly idea¦*
* *
*Thanks,*
*Brian Desmond*
*brian@xxxxxxxxxxxxxxxx*
* *
*c - 312.731.3132*
* *
*From:* ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] *On Behalf Of *Rocky Habeeb
*Sent:* Thursday, July 13, 2006 7:25 AM
*To:* ActiveDir@xxxxxxxxxxxxxxxxxx
*Subject:* RE: [ActiveDir] Multihomed Domain Controllers
Brian,
Could you please explain to me what you mean by "save for the browsing
situation, but who uses that anyway?" Are you saying that your
networks don't have browse masters? How do people find resources then?
Thanks.
RH
___________________________________________
-----Original Message-----
*From:* ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx]*On Behalf Of *Brian
Desmond
*Sent:* 13 July, 2006 1:29 AM
*To:* ActiveDir@xxxxxxxxxxxxxxxxxx
*Subject:* RE: [ActiveDir] Multihomed Domain Controllers
*I™ve got hundreds of sites/forests with multihomed DCs. It works
fine save for the browsing situation, but who uses that anyway? *
* *
*Thanks,*
*Brian Desmond*
*brian@xxxxxxxxxxxxxxxx *
* *
*c - 312.731.3132*
* *
*From:* ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] *On Behalf Of *Al Mulnick
*Sent:* Wednesday, July 12, 2006 8:36 AM
*To:* ActiveDir@xxxxxxxxxxxxxxxxxx
*Subject:* Re: [ActiveDir] Multihomed Domain Controllers
Personally, I've never used that configuration for a DC. Since
being bit in the nt4.0 days (before that really, but hate to show
the age :) I've had architectural reasons to not do that. Since
AD is made up of a multi-master fabric, I have had no reason at
all to require an isolated network dedicated to backups. I get
the feeling in your case it's just a nice to have vs. a
requirement since you have the hardware and figure why not put it
to use. You'd be a rare exception if the size of the dit is large
enough to require such a configuration. Saying that, is it
possible? Most likley. Will it be difficult when/if you call for
support for some other issue to explain to the engineer that you
have a mutli-homed DC? Most likely. Does it break the "keep it as
simple as possible while meeting the requirements?" rule? Most
likley.
When you test this, as the others have mentioned, be sure to test
the recoverability and the gotchas that come along with bringing
up a recovered DC on a multi-homed machine. You'll want to have
that documented and thouroughly tested so as not to have to deal
with that when under pressure. You may also want to consider an
alternative backup method that doesn't require a dedicated network
to the DC's.
Just some random thoughts and my $.04 (USD) worth.
Al
On 7/12/06, *Jeff Green* > wrote:
Hi Guys,
Many thanks to all that have responded (and so
quickly !)
Points / clarifications / additional Qs
a) DNS multihomed issues
Yes, found that in the MS KB about not "registering
this connection in DNS" on the second NIC.
Also leave the gateway / DNS TCP/IP settings blank on
the second NIC.
b) Browser Issues
Several things in MS KB about this and fixes
(including hacking a registry if I remember correctly)
But would Browser issues affect AD operations - I'm
talking about replication issues here ?
c) Currently running W2K SP4 + rollups on all DCs - but
moving to W2K3.
Sorry should have stated this.
d) Backup
Using BackupExec, which allows binding of remote agents
to specific NICs
Have I got everything covered - I can't believe this is an unusual
configuration ?
Many Thanks
------------------------------------------------------------------------
*From:* ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:
ActiveDir-owner@xxxxxxxxxxxxxxxxxx
] *On Behalf Of *Jeff Green
*Sent:* 12 July 2006 11:43
*To:* ActiveDir@xxxxxxxxxxxxxxxxxx
*Subject:* [ActiveDir] Multihomed Domain Controllers
Hi,
First posting to this list but I've lurked quite a while and
I've been very impressed by
the quality of replies by the gurus.
My question is regarding the advisability of having multihomed
DCs. Basically I want
to run backups over a separate GbE and as my servers have dual
inbuilt NICs this
seems an obvious route to take. I know there are some issues with
DNS (I have
a DNS integrated AD).
Would this cause replication problems, etc ?
Any other "gotchas" ?
Many Thanks,
---
Jeff Green
Network Support Manager
SAPIENS (UK) Ltd
t: +44 (0)1895 464228 f: +44 (0)1895 463098
"I dream of hover cars and old transistor radios ... She dreams of
flowers in a field of sunny bungalows"
------------------------------------------------------------------------
Confidentiality Note: The information contained in this email and
document(s) attached are for the exclusive use of the addressee
and may contain confidential, privileged and non-disclosable
information. If the recipient of this email is not the addressee,
such recipient is strictly prohibited from reading, photocopying,
distribution or otherwise using this email or its contents in any
way.
Please notify the Sapiens (UK) Ltd. Systems Administrator via
e-mail immediately at networksupport@xxxxxxxxxxxxx
, if you have received this
email in error.
Disclaimer: The views, opinions and guidelines contained in this
confidential e-mail are those of the originating author and may
not be representative of Sapiens (UK) Ltd.
------------------------------------------------------------------------
------------------------------------------------------------------------
Confidentiality Note: The information contained in this email and
document(s) attached are for the exclusive use of the addressee
and may contain confidential, privileged and non-disclosable
information. If the recipient of this email is not the addressee,
such recipient is strictly prohibited from reading, photocopying,
distribution or otherwise using this email or its contents in any
way.
Please notify the Sapiens (UK) Ltd. Systems Administrator via
e-mail immediately at networksupport@xxxxxxxxxxxxx
, if you have received this
email in error.
Disclaimer: The views, opinions and guidelines contained in this
confidential e-mail are those of the originating author and may
not be representative of Sapiens (UK) Ltd.
------------------------------------------------------------------------
--
Letting your vendors set your risk analysis these days?
http://www.threatcode.com
If you are a SBSer and you don't subscribe to the SBS Blog... man ... I will hunt you down...
http://blogs.technet.com/sbs
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx | | | |
|
|