Windows Server 2012 AD DC/DNS/DHCP in single server
This setup is a mess.
Don't multihome your Domain Controller.
Don't have just one Domain Controller for a domain.
You can't just use a server as a router (what you're trying to do) without explicitly configuring it to be one. You need to install RRAS, in this case.
Don't run RRAS or any other roles on a Domain Controller. Get another server or a hardware router/L3 switch.
Your clients need to point to the server for DNS to join the domain. It also has to be able to actually reach that interface. Your current config doesn't allow this.
There is really a lot here that is configured wrong. I'd throw it away and start from scratch with a new design. A design that doesn't involve multi-homing a DC and doesn't attempt to use it as a router.
Bati
Updated on September 18, 2022Comments
-
Bati over 1 year
I have to say I am not a system admin but I had to setup the development environment in my company and I ran into many issues and after searching for many hours I hope somebody can help me out here!
My Setup consist of an ADSL modem/router connected to NIC1 of server and NIC2 connected to switch!
I set static IP for NIC1 192.168.15.100 and add AD DC to server which added DNS then added DHCP to server! right now PCs connected to switch can get IP from switch but no internet access. I have internet on server but the NIC2 shows limited connectivity!
on PCs I get this
IP: 10.10.200.111
Subnet Mask: 255.0.0.0
Gateway: 10.10.200.1
DNS: 192.168.15.100
DHCP: 10.10.200.1I cant join PCs to domain too, I get the error message that "The specified domain does not exist or could not be contacted"
on AD DC I get warnings for 2886, 1400 and 4013
on DNS I get warning for 4013
on DHCP I get warning for 10020
In DNS Manager I have 2 DNS servers, 1 for DEV-SERVER and another for dev-server.hq.mycompany.com.
Here is Server IP config details, any sort of help would be appreciated!
Windows IP Configuration Host Name . . . . . . . . . . . . : dev-server Primary Dns Suffix . . . . . . . : hq.mycompany.com Node Type . . . . . . . . . . . . : Hybrid IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : hq.mycompany.com Ethernet adapter Ethernet 2: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Broadcom BCM5716C NetXtreme II GigE (NDIS VBD Client) #33 Physical Address. . . . . . . . . : 78-2B-CB-26-97-D3 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Link-local IPv6 Address . . . . . : fe80::450b:7913:9c5e:4be9%13(Preferred) IPv4 Address. . . . . . . . . . . : 10.10.200.1(Preferred) Subnet Mask . . . . . . . . . . . : 255.0.0.0 Default Gateway . . . . . . . . . : DHCPv6 IAID . . . . . . . . . . . : 326642635 DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-18-B9-BC-E6-78-2B-CB-21-97-D2 DNS Servers . . . . . . . . . . . : ::1 127.0.0.1 NetBIOS over Tcpip. . . . . . . . : Enabled Ethernet adapter Ethernet: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Broadcom BCM5716C NetXtreme II GigE (NDIS VBD Client) #32 Physical Address. . . . . . . . . : 78-2B-CB-26-97-D2 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Link-local IPv6 Address . . . . . : fe80::393f:b832:6fb6:1216%12(Preferred) IPv4 Address. . . . . . . . . . . : 192.168.15.100(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.15.1 DHCPv6 IAID . . . . . . . . . . . : 259533771 DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-18-B9-BC-E6-78-2B-CB-21-97-D2 DNS Servers . . . . . . . . . . . : ::1 127.0.0.1 NetBIOS over Tcpip. . . . . . . . : Enabled Tunnel adapter isatap.{8A7DB7D3-7E12-4A4B-9885-34080BF56936}: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Microsoft ISATAP Adapter Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Tunnel adapter Local Area Connection* 12: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Tunnel adapter isatap.{2ED762D8-71D0-40D3-9568-D9CA45135595}: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2 Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes-
MDMarra about 11 yearsIt sounds like you would benefit from reading this.
-
-
Bati about 11 yearsI have limited equipment here: 1. Server 2. Cisco SRP 527w 3. D-Link Web Smart Switch DGS-1210-24 4. PCs how do you suggest we setup our environment? Can I use one of the PCs to handle one server role? Thank you so much
-
MDMarra about 11 yearsIt doesn't sound like you need traffic to be routed by the server at all. Why are you trying to use it like a gateway in the first place?
-
Greenstone Walker about 11 yearsPlug the ADSL router's internal connection into the switch. Plug the server and workstations into the switch (one network interface each). On the server, set a static ip address with the router's ip address as the Default Gateway and "127.0.0.1" as Primary DNS. On the server configure a DHCP scope to give an ip address to the workstations with the router's ip address as Default Gateway and the server's ip address as Primary DNS. One server box should do all you need for a small network, however, let the router do the routing. -
Greenstone Walker about 11 yearsAnd sorry for posting to a 3 month old question, but this is a mess. :-)
-
Warren P almost 11 yearsWhere is the canonical source of documentation on WHY not to multi-home a DC?
