Warning: This document contains information about modifying the registry. Before you modify the registry, make sure to back it up and make sure that you understand how to restore the registry if a problem occurs. This document is provided "AS-IS" with no warranties or guarantees and confers no rights. If you find a mistake in this document please email me with the details. There are several different KB articles referring to Multi-homed domain controllers, this is a cumulative of these articles using a text only format. 1. Stopping the Automatic Creation of the Domain Controllers hostname record (two methods) a. In the DNS management console, on the properties of the DNS server, interfaces tab, set DNS to only listen on the private IP you want in DNS for the server’s name. b. Alternately, DNS can listen on all addresses if you use this registry key instead: Use Regedt32 navigate to this key. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\Parameters On the Edit menu, point to New, and then click String Value to add the following registry value: Value name: PublishAddresses Data type: REG_SZ Value data: IP address of the server's local network adapter. If you have to specify more than one IP address, separate the addresses with spaces. ************************************************************************ 2. Stop the Automatic creation of (same as parent folder) “A” records by the Netlogon Service, Then, go to step 3 and add the records there are two methods to stop these and are necessary for the Domain Sysvol share to be on the internal interface IP. a. Add one of these registry entries with regedt32 to stop the (same as parent folder) records. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters Registry value: DnsAvoidRegisterRecords Data type: REG_MULTI_SZ LdapIpAddress Note- If the DC is also a Global Catalog use this registry entry: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters Registry value: DnsAvoidRegisterRecords Data type: REG_MULTI_SZ LdapIpAddress GcIpAddress b. Alternately you can use this Key value: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters On the Edit menu, point to New, and then click DWORD Value to add the following registry value: Value name: RegisterDnsARecords Data type: REG_DWORD Value data: 0 ************************************************************************ 3. Create hosts in DNS In DNS in the Forward Lookup Zone for the Active Directory domain name, create a new host, leave the name field blank, give it the IP of the internal interface.(Windows 2000 barks at you saying "(same as parent folder) is not a valid host name", click OK to create the record anyway). If this is also a Global Catalog, open the Forest Root domain forward lookup zone, expand the _msdcs sub domain, and open the gc sub domain. Create a new host, leave the name field blank and give it the IP of the internal interface. Windows Server 2003 moved the _msdcs. to its own Forward Lookup Zone, expand this zone and open the gc sub domain, create the new host leaving the name field blank with the IP of the internal interface. ************************************************************************ 4. To Correct Binding order of NICs which can cause USERENV 1000 Events: Right click on Network places; choose properties, in the Advanced menu select Advanced settings. Make sure the internal interface is at the top of the connections pane and in the Bindings pane make sure File sharing and Client for Microsoft Networks is enabled only on the internal interface. ************************************************************************ 5. For NetBIOS browsing issues, NetBIOS over TCP/IP should be enabled only on the private internal interface. If you are using the Domain Controller as a Remote Access Server add this to the registry to disable NetBIOS over TCP/IP on the RAS Dial-in interface. (Causes browser service and Master Browser errors 1. Click Start, click Run, type regedit, and then click OK. 2. Locate and then click the following registry subkey: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\RemoteAccess\Parameters\IP 3. On the Edit menu, point to New, and then click DWORD Value to add the following registry value: Value name: DisableNetbiosOverTcpip Data type: REG_DWORD Value data: 1 4. Close Registry Editor, and then restart the Routing and Remote Access service. To restart a service, click Start, point to Programs or All Programs, point to Administrative Tools, and then click Services. In the Services console, right-click the service, and then click Restart. Alternately, you can do this: As a workaround for this issue, you can configure the remote access connections to use a static pool of IP addresses that is on a different IP subnet than the local computers. In this case, local computers will not try to connect to the PPP adapter if it registers in DNS or WINS because the PPP adapter is on a different IP subnet. To specify a static address pool in the Routing and Remote Access console, right-click ServerName, click Properties, click the IP tab, click Static address pool, and then click Add. Add a range that does not use the same IP subnet as the local computers. For example, if the local computers are using the 10.0.0.0 subnet, add a static pool that uses the 172.168.0.0 subnet. If the Routing and Remote Access server is running ISA Server 2000, you must add this subnet to the Local Address Table. This scenario is most common on Small Business Server 2000. End of document.