Scenario:
- multi-homed Exchange 2010 servers - with two network interfaces - 1st to communicate with domain controllers, the 2nd to communicate with users;
- default gateway is on the 2nd network card - to communicate with users;
- the 1st NIC hasn't got default gateway - communication with domain controllers is possible via static route;
- when some of domain controllers are disabled (restart or something) then some of Exchange servers are losing their connection with domain controllers;
- lost communication means everything available by routes on the 1st NIC is unavailable; static routes are present, but Windows 2008 R2 disallows communication; when I remove these routes and add it again then communication returns;
- important: firewall is enabled but whole communication is allowed.
Error disappears when firewall is disabled, but company has got policy with requirement of enabled firewall.
Solution:
suspected service is Network Location Awareness (NLA) which comes to play when something in networks is changing. It discovers that domain is unavailable (missing domain controller used by Exchange services) and tries to switch network from Domain to... Public but probably it is not possible (error?).
Similar problem is described here KB980873
We used information available in: Technet:
- in gpo for these servers
- in section: Computer Configuration | Windows Settings | Security Settings | Network List Manager Policies
- change Location Type from Not configured to Public or Private, but not leave it in default Not configured.
After change from Not configured to Public problem disappears.
Brak komentarzy:
Prześlij komentarz