You are currently offline, waiting for your internet to reconnect

Active Directory communication fails on multihomed domain controllers

Support for Windows Server 2003 ended on July 14, 2015

Microsoft ended support for Windows Server 2003 on July 14, 2015. This change has affected your software updates and security options. Learn what this means for you and how to stay protected.

This article was previously published under Q272294
SYMPTOMS
In a Windows 2000 domain that has multihomed domain controllers, Active Directory communication, including replication, may fail intermittently.
CAUSE
This issue can occur if one of the network adapters is attached to an external network (such as the Internet) on the multihomed domain controller, and if Lightweight Directory Access Protocol (LDAP) and Kerberos traffic between the internal and external networks is partially or completely restricted because of a Proxy, ISA Server, NAT Server or another firewall device.

In this scenario, network adapters on the multihomed domain controllers are registering both the inside and outside Internet Protocol (IP) addresses with the DNS server. DNS name resolution lookup requests return records in a "round robin" fashion, alternating the internal and external IP addresses. Replication operations require multiple lookup requests of SRV records. In this case, half of the DNS lookup requests return an IP address that cannot be contacted, and the replication operation fails.
RESOLUTION
To resolve this issue:
  1. Disable registration on the outside network adapter on the multihomed domain controller. To do so:
    1. Click Start, click Settings, and then click Network and Dial-Up Connections.
    2. Right-click the outside local area network (LAN) connection, and then click Properties.
    3. Click TCP/IP, and then click Properties.
    4. Click Advanced, and then click to clear the Register DNS for this connection check box.
  2. Disable the round robin functionality on the DNS server. To do so:
    1. Click Start, click Settings, click Administrative Tools, and then click DNS.
    2. Open the properties for the DNS server's name.
    3. Click the Advanced tab, and then click to clear the Enable round robin check box.
  3. Remove the existing entries in DNS. To do so:
    1. Browse to the following location:
      Under DNS\DNS Servername\Forward Lookup Zones\Domain Name
    2. Remove Host (A) record entries that refer to the domain controller's computer name for the outside network adapter IP addresses.
    3. Remove Host (A) record entries for the same name as the parent folder for the network adapter IP addresses.
  4. Start the DNS Management Console, right-click the server name, and then click Properties.
  5. Click the Interfaces tab, and then remove the external IP address so that DNS does not listen on it.
  6. Open a command prompt, type ipconfig /flushdns, press ENTER, type ipconfig /registerdns, and then press ENTER.
  7. Change the binding order of your network adapters so that the Internal adapter is the first bound adapter. To do this, follow these steps:
    1. Click Start, click Settings, and then click Network and Dial-Up Connections.
    2. On the Advanced menu, click Advanced.
    3. Verify that the internal network adapter is listed first in the Connections box.
STATUS
This behavior is by design.
MORE INFORMATION
For more information, click the following article numbers to view the articles in the Microsoft Knowledge Base:
191611 Symptoms of multihomed browsers
246804 How to enable or disable DNS updates in Windows 2000 and in Windows Server 2003
multihome route Active Directory Users Computers Sites Services replication router register DC ISP VPN NIC multi-homed
Properties

Article ID: 272294 - Last Review: 04/17/2007 09:35:21 - Revision: 3.4

Microsoft Windows Server 2003, Enterprise Edition (32-bit x86), Microsoft Windows Server 2003, Standard Edition (32-bit x86), Microsoft Windows 2000 Service Pack 1, Microsoft Windows 2000 Advanced Server

  • kbactivedirectoryrepl kbdns kbperformance kbprb KB272294
Feedback
e; " src="https://c1.microsoft.com/c.gif?DI=4050&did=1&t=">kTracking = 1; var varCustomerTracking = 1; var Route = "76500"; var Ctrl = ""; document.write(" var Route = "76500"; var Ctrl = ""; document.write(" 1&t=">