second nic, ages 2 logon

Hello,

I installed a win2008 nw with ad in a domain 10.0.0.1
I installed a member server win2008 10.0.0.254
The member server needs to be a forefrontserver, so i installed a second
nic where i connect my isp.

from then on, it takes ages to logon to that server.
I'm guessing dns, but I can't see why.

nic1 ---> LAN
ip 10.0.0.254
255.255.0.0
G
DNS 10.0.0.1


nic2 ---> internet
ip 192.168.0.1
255.255.255.0
G 192.168.0.254

dns 193.74.208.135
193.74.208.65

tx for any help

"nico" <> wrote in message news:...
> Hello,
>
> I installed a win2008 nw with ad in a domain 10.0.0.1
> I installed a member server win2008 10.0.0.254
> The member server needs to be a forefrontserver, so i installed a second
> nic where i connect my isp.
>
> from then on, it takes ages to logon to that server.
> I'm guessing dns, but I can't see why.
>
> nic1 ---> LAN
> ip 10.0.0.254
> 255.255.0.0
> G
> DNS 10.0.0.1
>
>
> nic2 ---> internet
> ip 192.168.0.1
> 255.255.255.0
> G 192.168.0.254
>
> dns 193.74.208.135
> 193.74.208.65
>
> tx for any help


Remove the two ISP addresses off of the outer NIC. Only put in 10.0.0.1. In DNS, configure a forwarder to those ISP addresses. That is done in DNS properties, Forwarders tab.

Go into Network Connections or Network and Sharing Center, Manage NIC properties, Advanced menu, choose Advanced, and make sure the internal NIC is at the top of the binding order.

Then go into the OUTER NIC properties (just the outer NIC), IPv4 address properties, advanced button, DNS tab, and uncheck 'register this connection..."

Go into DNS and delete any reference to the outside NIC IP address it may have registered. I don't think it would have since you had the ISP's in the NIC properties, but delete them if you do see any.

Then disable IPv6 if you are not using it. I suggest to do that on all of your servers. Here's how:

=======================
To disable IPv6 on any server:

Uncheck IPv6 in NIC properties
Uncheck the two LinkLayer Topology Discovery components
Then follow the registry changes procedure below to completely disable IPv6.

1. Navigate to:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Tcpip6\Parameters]
2. In the details pane, click New, and then click DWORD (32-bit) Value.
3. Type in DisabledComponents , and then press ENTER.
4. Double-click DisabledComponents,
5. Type ff in Hexadecimal.
6. So it should like this when completed:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Tcpip6\Parameters]
"DisabledComponents"=dword:000000ff
=======================

Restart the machine.

Let us know how you make out.

--
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSA Messaging, MCT
Microsoft Certified Trainer


For urgent issues, you may want to contact Microsoft PSS directly. Please
check http://support.microsoft.com for regional support phone numbers.

"Efficiency is doing things right; effectiveness is doing the right things." - Peter F. Drucker
http://twitter.com/acefekay

Hi
If you plan to use the win2008-10.0.0.254 as external query DNS for the
internal DC (10.0.0.1)... Configure the Server 10.0.0.254 as DNS server
without zones, configure forwarding with the ISP DNS IPs, configure the DNS
to respond to queries that came only from internal address (respond only to
interface 10.0.0.254 under DNS properties), in the external interface
disable all except TCP/IP, if your external adpter is getting the address
from DHCP, make sure that you disable the options "Register this
connection's address in DNS" and "Use this connection's DNS suffix in DNS
registration". Now you can configure the DC/DNS Forwarding to forward all
DNS queries to the server 10.0.0.254 and disable the use of roothints in
case of failure.

Note: Because the server 10.0.0.254 is in the internal network, that
interface should have the IP address of your DC/DNS under preferred DNS
server, is generally a good practice to place DNS relays in the DMZ outside
of the internal network.
--
I hope that the information above helps you.
Have a Nice day.

Jorge Silva
MVP Directory Services
"nico" <> wrote in message
news:...
> Hello,
>
> I installed a win2008 nw with ad in a domain 10.0.0.1
> I installed a member server win2008 10.0.0.254
> The member server needs to be a forefrontserver, so i installed a second
> nic where i connect my isp.
>
> from then on, it takes ages to logon to that server.
> I'm guessing dns, but I can't see why.
>
> nic1 ---> LAN
> ip 10.0.0.254
> 255.255.0.0
> G
> DNS 10.0.0.1
>
>
> nic2 ---> internet
> ip 192.168.0.1
> 255.255.255.0
> G 192.168.0.254
>
> dns 193.74.208.135
> 193.74.208.65
>
> tx for any help

Ace,

your tips did the trick, tx for the insight.
one thing though, could not find where to change the binding order.

> Go into Network Connections or Network and Sharing Center, Manage NIC
properties, Advanced menu, choose Advanced, and make sure the internal
NIC is at the top of the binding order.


tx.

N.



Ace Fekay [Microsoft Certified Trainer] schreef:
> "nico" <> wrote in message news:...
>> Hello,
>>
>> I installed a win2008 nw with ad in a domain 10.0.0.1
>> I installed a member server win2008 10.0.0.254
>> The member server needs to be a forefrontserver, so i installed a second
>> nic where i connect my isp.
>>
>> from then on, it takes ages to logon to that server.
>> I'm guessing dns, but I can't see why.
>>
>> nic1 ---> LAN
>> ip 10.0.0.254
>> 255.255.0.0
>> G
>> DNS 10.0.0.1
>>
>>
>> nic2 ---> internet
>> ip 192.168.0.1
>> 255.255.255.0
>> G 192.168.0.254
>>
>> dns 193.74.208.135
>> 193.74.208.65
>>
>> tx for any help
>
>
> Remove the two ISP addresses off of the outer NIC. Only put in 10.0.0.1. In DNS, configure a forwarder to those ISP addresses. That is done in DNS properties, Forwarders tab.
>
> Go into Network Connections or Network and Sharing Center, Manage NIC properties, Advanced menu, choose Advanced, and make sure the internal NIC is at the top of the binding order.
>
> Then go into the OUTER NIC properties (just the outer NIC), IPv4 address properties, advanced button, DNS tab, and uncheck 'register this connection..."
>
> Go into DNS and delete any reference to the outside NIC IP address it may have registered. I don't think it would have since you had the ISP's in the NIC properties, but delete them if you do see any.
>
> Then disable IPv6 if you are not using it. I suggest to do that on all of your servers. Here's how:
>
> =======================
> To disable IPv6 on any server:
>
> Uncheck IPv6 in NIC properties
> Uncheck the two LinkLayer Topology Discovery components
> Then follow the registry changes procedure below to completely disable IPv6.
>
> 1. Navigate to:
> [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Tcpip6\Parameters]
> 2. In the details pane, click New, and then click DWORD (32-bit) Value.
> 3. Type in DisabledComponents , and then press ENTER.
> 4. Double-click DisabledComponents,
> 5. Type ff in Hexadecimal.
> 6. So it should like this when completed:
> [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Tcpip6\Parameters]
> "DisabledComponents"=dword:000000ff
> =======================
>
> Restart the machine.
>
> Let us know how you make out.
>

Jorge,

tx for the tip, I firts tries ace's workarounds, but I'm gona play with
dns like you discribe below for sure once everything is working fine.

tx!
N.


Jorge Silva schreef:
> Hi
> If you plan to use the win2008-10.0.0.254 as external query DNS for the
> internal DC (10.0.0.1)... Configure the Server 10.0.0.254 as DNS server
> without zones, configure forwarding with the ISP DNS IPs, configure the
> DNS to respond to queries that came only from internal address (respond
> only to interface 10.0.0.254 under DNS properties), in the external
> interface disable all except TCP/IP, if your external adpter is getting
> the address from DHCP, make sure that you disable the options "Register
> this connection's address in DNS" and "Use this connection's DNS suffix
> in DNS registration". Now you can configure the DC/DNS Forwarding to
> forward all DNS queries to the server 10.0.0.254 and disable the use of
> roothints in case of failure.
>
> Note: Because the server 10.0.0.254 is in the internal network, that
> interface should have the IP address of your DC/DNS under preferred DNS
> server, is generally a good practice to place DNS relays in the DMZ
> outside of the internal network.

"nico" <> wrote in message news:...
>
> Ace,
>
> your tips did the trick, tx for the insight.
> one thing though, could not find where to change the binding order.
>
> > Go into Network Connections or Network and Sharing Center, Manage NIC
> properties, Advanced menu, choose Advanced, and make sure the internal
> NIC is at the top of the binding order.

Good to hear!

As for the binding order, after you chose to Manage Network Connections, it opens a new window called Network Connections that you can see all of your interfaces (NICs). In the menu bar where it has File, Edit, View, Tools, Advanced and Help, Click on the Advanced menu item, then under that you will see Advanced Settings. It is in there you juggle the binding orders around.

Ace

Hi
Correct, Ace advise is to help you to solve your current problem, my
suggestion is in security prespective.

--
I hope that the information above helps you.
Have a Nice day.

Jorge Silva
MVP Directory Services
"nico" <> wrote in message
news:...
> Jorge,
>
> tx for the tip, I firts tries ace's workarounds, but I'm gona play with
> dns like you discribe below for sure once everything is working fine.
>
> tx!
> N.
>
>
> Jorge Silva schreef:
>> Hi
>> If you plan to use the win2008-10.0.0.254 as external query DNS for the
>> internal DC (10.0.0.1)... Configure the Server 10.0.0.254 as DNS server
>> without zones, configure forwarding with the ISP DNS IPs, configure the
>> DNS to respond to queries that came only from internal address (respond
>> only to interface 10.0.0.254 under DNS properties), in the external
>> interface disable all except TCP/IP, if your external adpter is getting
>> the address from DHCP, make sure that you disable the options "Register
>> this connection's address in DNS" and "Use this connection's DNS suffix
>> in DNS registration". Now you can configure the DC/DNS Forwarding to
>> forward all DNS queries to the server 10.0.0.254 and disable the use of
>> roothints in case of failure.
>>
>> Note: Because the server 10.0.0.254 is in the internal network, that
>> interface should have the IP address of your DC/DNS under preferred DNS
>> server, is generally a good practice to place DNS relays in the DMZ
>> outside of the internal network.

Tx ace,
i must have been blind
I need to stop and pause from time to time I guess

Tx again

"nico" <> wrote in message news:...
> Tx ace,
> i must have been blind
> I need to stop and pause from time to time I guess
>
> Tx again
>


There you go!

Cheers!

Ace