Executive Summary:
When you're configuring a new Microsoft Windows server that has multiple network interface cards (NICs), it's important that you disable any NICs that aren't plugged in to the network. If you don't disable an unused NIC, problems can arise on domain controllers (DCs) running Domain Name System (DNS). The DNS server problems can impede the performance of client computers.


When you're configuring a new server that has multiple NICs, it's important that you disable any NICs that aren't plugged in to the network. If you don't disable an unused NIC, the Windows software will assign it an IP address from the 169.254.x.x subnet. This address isn't used anywhere on the network and isn't routable across any WAN routers.

At this point you might be thinking, "So if it isn't connected, what's the problem?" Problems can arise on domain controllers (DCs) running DNS. Servers register all active IP addresses with the default DNS server. On a DC, this has the side effect of registering the server in Active Directory (AD) as a DC with two IP addresses: its valid IP address and the invalid 169.254.x.x address.

When a client makes a DNS request to find all the DCs for the appropriate domain, occasionally the client will be given the invalid 169.254.x.x address as a valid DC address because addresses are returned in a round-robin fashion. The client will then attempt to contact the DC using this invalid address. Of course, it won't be able to contact the DC, and the connection will fail. The client will then attempt to look up another DC using DNS. Eventually the client will succeed, and all will be fine. However, all these extra lookups will slow down the client computer.

We learned about this problem while attempting to connect a new storage appliance. The appliance was able to register with the domain but periodically would be unavailable when we attempted to browse for files located on the appliance. We had to manually go through DNS and remove all of the invalid entries and reregister the appliance with the domain to correct the problem.

So, the moral of the story is this: If you have multiple NICs in a server, disable those NICs that aren't being used.
—Chris Lamb, Director, IT Infrastructure, HIT Entertainment

End of Article


You must log on before posting a comment.

If you don't have a username & password, please register now.

Reader Comments

Interesting point. After reading this I immediately checked our new server. The second NIC is on but not plugged in to any network. Windows lists it as disconnected with no IP address.

Then I checked our DNS registrations. It shows three 169 addresses. While not too bad for a 15,000 person organizaion, it's still three more then should be there. All three have "(same as parent folder)" for their hostname. Is there a way to track which machines these are coming from?

Mahoney- August 30, 2007

Article Rating 3 out of 5

I fully support this article. I was getting an error when I ran dcdiag and netdiag on a new DC. So I was worried. Once I disabled the unused NIC all was good!

oalexis@dar.org- September 07, 2007

Article Rating 5 out of 5

I know of no way to trace the DNS entry to see which machine registered the record, since there is no hostname registered with the 169 address. I think your only option is to go to each DC and check for enabled/disconnected nics. The issue is only relevant for domain controllers so it will limit the number of machines you need to check.

cwlamb- September 26, 2007

Article Rating 4 out of 5

 
 

ADS BY GOOGLE