Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Multihomed Server authenticating over wrong interface

Status
Not open for further replies.

gmail2

Programmer
Jun 15, 2005
987
IE
Hi All

We have a 2003 SP2 server which is multihomed - Interface 1 is on 192.168.1.0/24 subnet and interface 2 is on 192.168.2.0/24 subnet.

Interface 1 is only being used for FTP access to IIS only, interface 2 is being used for "all other traffic". 192.168.1.0 is not registered in AD DNS as a subnet because there are not any AD clients or servers on there (with the exception of this one, which is only for FTP traffic). 192.168.2.0 is registered in AD DNS

The "register this connection's address in DNS" check box has been disabled for interface 1. However, periodically we get that log on one of our DC's saying "in the past 4.x hours there have been y number of connections from clients that do not match to any subnets" (sorry, don't remember the exact wording).

So it seems that AD authentication is going over interface 1, when we want it to go over interface 2. Does anybody have any ideas why or how to stop it ?

Irish Poetry - Karen O'Connor
Irish Poetry and Short Stories - Doghouse Books
Garten und Landschaftsbau
 
Good point - but actually interface 2 is higher in the binding order, which I presume is correct ?

I'm wondering if we should remove Client for Microsoft Windows, but I guess this still doesn't explain why it's chosing the wrong interface ?

Two other things I probably should have mentioned:

- FTP access to IIS is using Windows authentication, but is only using local accounts. Nobody logs on using AD accounts. Do you think it's still possible that it's the FTP traffic that's causing this ?

- When users do logon to Windows, it's mainly using RDP (not locally) but they would RDP using the IP address of interface 2 (192.168.2.10). Would it automatically use that interface for AD authentication then or would other factors still come into consideration ?

Thanks again

Irish Poetry - Karen O'Connor
Irish Poetry and Short Stories - Doghouse Books
Garten und Landschaftsbau
 
just my two cents in passing:

ive heard about a bug before where even though the adapter has 'priority' in the binding list it doesnt 'take'.

you might try, just as a test, switching the priority, applying the changes, and then switching it back.

also, since you are only using the 192.168.1.0/24 subnet for FTP, yeah, i would disable anything you dont need on that adapter.

if you can, paste the specific event log information here
 
Agreed with the above. I would disable anything that is not needed on that adapter.

Network+ Inet+ MCP
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top