Cluster private network appears in DNS

C

Chris Hawkins

Hi,

I have a 2-node cluster as follows

2 x HP DL380 G3 servers running Win2K Advanced in a 2 node cluster
1 x gigabit port on each configured for private (heartbeat) network as
10.0.0.1, 10.0.0.2 using a crossover cable
1 x gigabit port on each configured for public network as 192.168.10.95,
192.168.10.99
Both nodes are acting as DCs and hosting DNS with an AD integrated zone

We have a 3rd server in the parent domain hosting another DNS ADI zone

All zones are hosted on the other domain as standard secondary

The problem:

The two private network addresses (10.0.0.1, 10.0.0.2) keep re-appearing in
DNS and registering themselves as Global Catalog servers in DNS causing
logon failures across the network. If I maually delete the entries they
re-appear after 30-60 minutes (replication interval?)

I have disabled the 'register this connection in DNS' on both NICs.
In the DNS configuration, DNS is only listening on the public connection.

Any feedback would be much appreciated.

Thanks

Chris Hawkins
(remove nospam to e-mail)
 
K

Kevin Goodknecht

In
Chris Hawkins said:
Hi,

I have a 2-node cluster as follows

2 x HP DL380 G3 servers running Win2K Advanced in a 2 node cluster
1 x gigabit port on each configured for private (heartbeat) network as
10.0.0.1, 10.0.0.2 using a crossover cable
1 x gigabit port on each configured for public network as
192.168.10.95, 192.168.10.99
Both nodes are acting as DCs and hosting DNS with an AD integrated
zone

We have a 3rd server in the parent domain hosting another DNS ADI zone

All zones are hosted on the other domain as standard secondary

The problem:

The two private network addresses (10.0.0.1, 10.0.0.2) keep
re-appearing in DNS and registering themselves as Global Catalog
servers in DNS causing logon failures across the network. If I
maually delete the entries they re-appear after 30-60 minutes
(replication interval?)

I have disabled the 'register this connection in DNS' on both NICs.
In the DNS configuration, DNS is only listening on the public
connection.

Any feedback would be much appreciated.

Thanks

Chris Hawkins
(remove nospam to e-mail)
Click to expand...

Go to AD Sites and Services Expand Sites, Default-First-Site-Name, Servers,
<servername>, Right click on NTDS Settings select properties, clear the
Global Catalog check box.

--
Best regards,
Kevin D4 Dad Goodknecht Sr. [MVP]
Hope This Helps
============================
http://www.lonestaramerica.com/
============================
When responding to posts, please "Reply to Group" via your
newsreader so that others may learn and benefit from your issue.
To respond directly to me remove the nospam. from my email.
==========================================
--
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
==========================================
Keep a back up of your OE settings and folders with
OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
==========================================
 
A

Ace Fekay [MVP]

Well, actually you would want the Cluster IP to register and not the
indivual cluster node IPs. If unchecking the GC status, then logon failures
will occur with using UPN logons or across subnets (but not locally if using
the legacy logon method).

I would disable the GC registration in the registry and manually make the GC
entry to be the cluster IP.

Check this:

267855 - Problems with Many Domain Controllers with Active Directory
Integrated DNS Zones [many ways to disable registration too, including SRV
specific records]:
http://support.microsoft.com/default.aspx?scid=kb;EN-US;267855



--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
 
K

Kevin D. Goodknecht

In Ace Fekay [MVP] <PleaseSubstituteMyActualFirstName&[email protected]>
posted a question
Then Kevin replied below:
Well, actually you would want the Cluster IP to register and not the
indivual cluster node IPs. If unchecking the GC status, then logon
failures will occur with using UPN logons or across subnets (but not
locally if using the legacy logon method).

I would disable the GC registration in the registry and manually make
the GC entry to be the cluster IP.

Check this:

267855 - Problems with Many Domain Controllers with Active Directory
Integrated DNS Zones [many ways to disable registration too,
including SRV specific records]:
http://support.microsoft.com/default.aspx?scid=kb;EN-US;267855
Click to expand...

Good eye Ace, I was under the impression that his parent DC was the global
catalog
 
A

Ace Fekay [MVP]

Thanks Kevin. That Cluster thing always catches my eye. I normally don't
recommend a DC on a cluster, especially with this DNS registration issue
with the GC SRV record. Rather Cluster services be better suited for
services such as Exchange or anything else that warrants high availablity
with failover. With DCs, recommmend multiple DCs would be better, IMHO,
since it can use DNS for load balancing client logons and other services
they hold.

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
--
=================================

Kevin D. Goodknecht said:
In Ace Fekay [MVP]
Click to expand...
posted a question
Then Kevin replied below:
Well, actually you would want the Cluster IP to register and not the
indivual cluster node IPs. If unchecking the GC status, then logon
failures will occur with using UPN logons or across subnets (but not
locally if using the legacy logon method).

I would disable the GC registration in the registry and manually make
the GC entry to be the cluster IP.

Check this:

267855 - Problems with Many Domain Controllers with Active Directory
Integrated DNS Zones [many ways to disable registration too,
including SRV specific records]:
http://support.microsoft.com/default.aspx?scid=kb;EN-US;267855
Click to expand...

Good eye Ace, I was under the impression that his parent DC was the global
catalog
Click to expand...
 
C

Chris Hawkins

Thanks guys,

Applied the registry tweaks to the DNS Server service and Netlogon. It seems
to have done the trick.

I know Microsoft recommend not clustering DCs, but we don't have the luxury
of 2 spare servers. The system at the moment is running purely file and
print sharing and the client wanted the high availability of a cluster.

The plan is to install Exchange 2000 on the cluster in the near future.

Thanks again

Chris
"Ace Fekay [MVP]"
Thanks Kevin. That Cluster thing always catches my eye. I normally don't
recommend a DC on a cluster, especially with this DNS registration issue
with the GC SRV record. Rather Cluster services be better suited for
services such as Exchange or anything else that warrants high availablity
with failover. With DCs, recommmend multiple DCs would be better, IMHO,
since it can use DNS for load balancing client logons and other services
they hold.

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
--
=================================

Kevin D. Goodknecht said:
In Ace Fekay [MVP]
Click to expand...
posted a question
Then Kevin replied below:
Well, actually you would want the Cluster IP to register and not the
indivual cluster node IPs. If unchecking the GC status, then logon
failures will occur with using UPN logons or across subnets (but not
locally if using the legacy logon method).

I would disable the GC registration in the registry and manually make
the GC entry to be the cluster IP.

Check this:

267855 - Problems with Many Domain Controllers with Active Directory
Integrated DNS Zones [many ways to disable registration too,
including SRV specific records]:
http://support.microsoft.com/default.aspx?scid=kb;EN-US;267855
Click to expand...

Good eye Ace, I was under the impression that his parent DC was the global
catalog
Click to expand...
Click to expand...
 
A

Ace Fekay [MVP]

Great! Glad it helped. I just would rather see the DC out of a cluster, but
if you got it working fine, so be it, leave well enough alone, I always say!

If you have anymore questions, feel free to post back.

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
--
=================================

Chris Hawkins said:
Thanks guys,

Applied the registry tweaks to the DNS Server service and Netlogon. It seems
to have done the trick.

I know Microsoft recommend not clustering DCs, but we don't have the luxury
of 2 spare servers. The system at the moment is running purely file and
print sharing and the client wanted the high availability of a cluster.

The plan is to install Exchange 2000 on the cluster in the near future.

Thanks again

Chris
"Ace Fekay [MVP]"
Thanks Kevin. That Cluster thing always catches my eye. I normally don't
recommend a DC on a cluster, especially with this DNS registration issue
with the GC SRV record. Rather Cluster services be better suited for
services such as Exchange or anything else that warrants high availablity
with failover. With DCs, recommmend multiple DCs would be better, IMHO,
since it can use DNS for load balancing client logons and other services
they hold.

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
--
=================================

Kevin D. Goodknecht said:
In Ace Fekay [MVP]
Click to expand...
posted a question
Then Kevin replied below:
Well, actually you would want the Cluster IP to register and not the
indivual cluster node IPs. If unchecking the GC status, then logon
failures will occur with using UPN logons or across subnets (but not
locally if using the legacy logon method).

I would disable the GC registration in the registry and manually make
the GC entry to be the cluster IP.

Check this:

267855 - Problems with Many Domain Controllers with Active Directory
Integrated DNS Zones [many ways to disable registration too,
including SRV specific records]:
http://support.microsoft.com/default.aspx?scid=kb;EN-US;267855


Good eye Ace, I was under the impression that his parent DC was the global
catalog
Click to expand...
Click to expand...
Click to expand...
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Need to forward request for a domain to another DNS server 17
Public & Private DNS Issue 6
Public/Private DNS resolution over VPN 6
Windows XP Client - Secondary DNS Server 3
Adding a second DNS server 3
Why doesnt this w2k client register in DNS? 13
Dns Server on windows 2000 8
How to configure DNS for Private Intranet address for web server? 2

Top