One Server -2 NICs, Different IPs

Mike Davis

You could check for an IIS instance and see if it is listening on all IPs, or just a specific one. Then check DNS and see if there are entries for the second IP.

If it's a small network I would disconnect the extra NIC and listen for the screams. If you're remote when the call comes in, just add the second IP to the first NIC and that should get things going again.

Dashrender

Here's a thought - are the IPs on two different subnets?

Obsolesce

Sometimes, the only way to find out what something does is to unplug it, then wait by the phone.

Haha, just kidding... but not really. Be careful!

frodooftheshire

@Dashrender The two IPs are on the same subnet. Yesterday when I was just gathering information remotely about different devices on the network via Advanced IP scanner that's when I saw same hostname/different IPs

When I tried to access 55.6 in a browser it loaded an IIS welcome page. That's the extent of what I know for now.

frodooftheshire

@Tim_G I could always disable the port on the switch and if the screams come in switch it back on. Like most clients I take on the customer has zero documentation on how things are setup/configured. Maybe I'll be able to have a conversation with the old IT guy and see if he's willing to share on why things the way they are.

Obsolesce

Open up resmon.exe, network tab.

TCP Connections section, then look at Local Address for the IPs, and see what's connecting to them.

Obsolesce

It very well could be that the server had several network ports, and someone just figured they all aught to all be plugged in... just out of ignorance. I'd see what traffic is on them as I said above. Or what you said, just ask them why.

frodooftheshire

@Tim_G That's a good idea. I'm pretty sure it was ignorance. I mean...they have a Windows server and installed the DHCP role, but did not configure it. DNS is somewhat configured correctly but all the endpoints are pointing to Comcast's DNS servers...soooo.

JaredBusch

@frodooftheshire said in One Server -2 NICs, Different IPs:

but all the endpoints are pointing to Comcast's DNS servers

I'm sooo sorry.

IRJ

As much as I am against downtime, I might unplug the second NIC. If there is an issue, it just needs to be plugged back in. If there isn't an issue for a month, you can team the NICS.

If you don't really see any traffic on the second NIC. So what is the actual risk? perhaps downtime, but all you need to do is plug it back in if there is an issue.

IRJ

At the end of the day, you can spend hours trying to figure this out or you can save the customer money and find out if it is needed prettty easily.

Dashrender

@IRJ said in One Server -2 NICs, Different IPs:

At the end of the day, you can spend hours trying to figure this out or you can save the customer money and find out if it is needed prettty easily.

Exactly - Though just a CYA, tell the management you are doing that, and let them say it's OK to save the money that way...

Grey

If the IPs are on the same subnet, it's doing more harm than good. Traffic coming in on one NIC will go out the other. Windows likes to use the lowest IP address to send data out. If you receive on 56, it will go out on 55. I've seen this happen. We have wireshark logs.

I would suggest you immediately remove or team the spare nic to increase throughput. Be sure that your network hardware supports that!

You can do a route print from the command line to see which nic is dominant.

@frodooftheshire said in One Server -2 NICs, Different IPs:

@Tim_G I could always disable the port on the switch and if the screams come in switch it back on. Like most clients I take on the customer has zero documentation on how things are setup/configured. Maybe I'll be able to have a conversation with the old IT guy and see if he's willing to share on why things the way they are.

I'm working in an environment now with this kind of bullshit and it's almost 100% because the previous admins were /idiots./

Reid Cooper

If you can find a non-critical time frame it might well be worth just shutting one of them off and seeing what breaks. If nothing, leave it off.

frodooftheshire

Ok guys...update from today:
After going through things more, apparently both adapters were "bridged" via a Microsoft virtual adapter in Windows giving the "switch"a 51.6 IP address. This makes zero sense to me. Considering both ports were connected to the same Cisco router - potentially there could have been some switch/loop issues.

Anyways, I ended up disabling the "virtual switch" & secondary NIC (for now). I also found out that there was another small switch that was connecting to another network (from another business) in the building that had a Comcast gateway with its DHCP server turned on - handing out addresses in 10.1.10.X range. Fun stuff.

Anyways things seem to be working well now.

Deleted74295

Until it goes wrong.

You would not believe the situations people get themselves into by just unplugging things when they are not 100% certain of what is going where.

Did you check the Cisco Router config to see if there was anything particular about those ports?

scottalanmiller

@Breffni-Potter said in One Server -2 NICs, Different IPs:

Until it goes wrong.

You would not believe the situations people get themselves into by just unplugging things when they are not 100% certain of what is going where.

Did you check the Cisco Router config to see if there was anything particular about those ports?

If unplugging it causes a huge disaster outside of production hours, it was going to happen sooner or later anyway. Network connections get unplugged, switches reboot, cables break, etc.

scottalanmiller

@frodooftheshire yeah switch to switch like that isn't good. What a mess.

Dashrender

@frodooftheshire said in One Server -2 NICs, Different IPs:

Ok guys...update from today:
After going through things more, apparently both adapters were "bridged" via a Microsoft virtual adapter in Windows giving the "switch"a 51.6 IP address. This makes zero sense to me. Considering both ports were connected to the same Cisco router - potentially there could have been some switch/loop issues.

Anyways, I ended up disabling the "virtual switch" & secondary NIC (for now). I also found out that there was another small switch that was connecting to another network (from another business) in the building that had a Comcast gateway with its DHCP server turned on - handing out addresses in 10.1.10.X range. Fun stuff.

Anyways things seem to be working well now.

One just weird thing and another - WTF?

Why is the server plugged directly into a router and not a switch? I suppose if the situation is small enough and you have enough ports on the router (thinking ER-X here), OK maybe...

And someone else's network is connected to this network? How in the world did that happen? lol

Sounds like you are in for some good billing fixing someone else's mistakes.