Odd behavior that I've not been able to track down

Discussion in 'Windows Server' started by NonverbalMel, Jul 5, 2023.

  1. NonverbalMel

    NonverbalMel MDL Junior Member

    Oct 11, 2021
    #1 NonverbalMel, Jul 5, 2023
    Last edited: Jul 5, 2023
    Hi Everyone:

    The Overview:

    I've rebuilt my VMs for medical reasons and thus got to redesign the networking from the ground up** find below a diagram (sorry for the bad quality I'm still learning how to use MS Visio) and then below I'll explain what I'm trying to convey:

    **NOTE: I did not configure the router settings that was the way it came from AT&T and I have to get special approval from my fiancee to adjust anything on the router because even though I have a reasonably tight grasp on how the particular brand of crap router works and a reasonable understanding of TCP/IP networking as a whole; My fiancee nor myself want to hear my sister-in-law throwing a tantrum because her TV isn't working or her tablet cannot get online. I also would hate to be the idiot who thought they knew enough and then took all the phones offline and no one could call 9-1-1 (while both situations bother me, the second one scares the hell out of me more than the first (even though the sister-in-law gets very loud and has been known to get violent)

    Image 01: Network Diagram (Click to View Full-Sized Image)

    Understanding The Diagram:

    OK, the above is an oversimplification of my network as follows:
    • The white cloud represents the Internet which is connected to a residential router (AT&T for those in the US) which uses 192.168.1.x IP Addresses and the default subnet mask of
    • the blue box represents my laptop that runs VMWare Workstation 17 (still need to fiddle round with Hyper-V)
    • the two beige-looking computers are router/gateway boxes running on Windows Server 2003 R2 the first VM closest to the left (Called "Edge Router) has two NICs one that is bridged to the AT&T router and is assigned a static IP address and the second NIC on what VMWare calls a "LAN Segment". The LAN Segment uses IP Addresses 10.x.x.x. Edge Router is set to use NAT, act as a basic firewall, provide LAN Routing, Provide DNS and DHCP (DNS and DHCP on the 10.x.x.x side only). The second computer is just like edge router but is called "Site Router" and gets a 10.x.x.x ( on the public side and a 192.168.27.x ( on the private side. Site Router only provides DNS and DHCP on the 192.168.27.x side.
    • The yellow triangle represents an overly-simplified version of what's actually in my environment AD, IIS, Remote Desktop, etc..
    Things That Lead Up To The Odd Behavior

    Well for the longest time, I was getting some strange behaviors based on the following:
    • Site Router was set to hand out 192.168.1.x IP addresses on the private side (silly me) later changed it to the 192.168.27.x addresses after discovering (for the millionth time due to my memory issue) that the 192.168.1.x range conflicts with the IP range handed out by the home router.
    • Everything behind the site router (192.168.27.x is set to get its DNS from and (the two DCs), along with
    • The DNS Servers are set such that the two DCs forward queries to the site router if they don't have an answer, the site router in turn forwards to the edge router, the edge router forwards to either the DSL router or external DNS (like Quad 9 or Google)
    • is the primary DNS server whereas and are both secondary DNS servers for my AD DNS.
    • Home router hands out 192.168.1.x addresses and I forgot about that (yet again) :(
    • Both AD DCs were also acting as DNS servers (AD likes to have DNS on the same box).
    • So a path in from the internet or back goes through [Internet]=>[DSL Router]=>[Edge Router]=>[Site Router]=>[Endpoint]
    The strange behaviors were:
    1) Other devices (like brother in law's TV and one of his smartphones) would show up in the DHCP Leases on either Edge Router or Site Router (both of those are set to only bind DHCP to the "Private" side (10.0.0.x for Edge and 192.168.27.x for site respectively)
    2) One of my DCs was in a conflict with an IP Address (the original IP of it was before I changed it to (incidentally the private IP address of the DSL router) but in the event logs it was listing a MAC address that was not only not the MAC of the DSL router but also mysteriously no where to be found on any of my networks or on the DSL router.

    My objectives:
    1) Build out a multi-layer VM Environment (10.x.x.x acts as a "backbone" of sorts and the machines on it are basically routers, email servers, or other boxes that need access to other resources in the bubble) and the router boxes on the 2nd layer provide network isolation to allow me to stand up systems that might otherwise conflict.
    2) ensure that only devices at the appropriate layer can see and interact with each other (e.g. anything in a 192.168.x.x which is behind a 10.x.x.x router can only see and interact with other 192.168.x.x devices and only other routers, email servers, etc. only 10.x.x.x can see each other). The only way a layer further back can interact with a layer closer to the internet is by going through its respective router. The reason I want this is to ensure that my experimentation and specific configuration does not adversely effect others in the home.

    I appreciate any help I can get my hands on regarding the above and thanks for taking the time to help me troubleshoot I really appreciate it. I hope that the above is enough to help someone with a better understanding of things than me to spot my oversight and help me fix it. Again, I cannot thank you enough in advance for any help given to me on this.

    Edited: to correct for several spelling and grammar errors and adding clarification