The server is using NIC A as the default route (22.214.171.124) and should send its traffic in this direction. NIC B is connected to the other network (10.34.1.5) and will send traffic for that subnet through that network. If there are other subnets in the Agency B's network, you will need to configure permanent routes (route --p ADD [network x.x.x.x] MASK [ mask x.x.x.x] [interface x.x.x.x] ) on the domain controller to make sure that it communicates through the proper NIC. This, however, is not the end of your problems.
The other issue is how do the machines in Agency A's network locate the server as compared to the machines in Agency B. A normal configuration would be to have the domain controller dynamically register the A and SRV (service) records with DNS. However, if you all this to happen the server would register both of the IP address. Thus, you would find that about half the time the servers in Agency A's network would be trying to connect to the Agency B address (NIC B) -- which of course fails. So, there must be a DNS server for Agency A and a separate DNS server for Agency B. First, you will need to disable the dynamic registration of the DNS entries on one of the interfaces. This is done via the network properties for the NIC. If you are dealing with Windows 2000/2003, you will find that this operation although correct, doesn't work. Because you will need a hotfix:
Now that your hotfix is applied, you will find that the DNS is dynamically registered for Agency A's DNS server. Agency B's DNS is blank. You will need to manually create the entries that exist in the Agency A's DNS, replacing the IP addresses with the IP addresses of the NIC B. You can reduce the pain by exporting the Agency A's entries from DNS and importing them into the Agency B DNS. After you have imported them, alter them to have the right IP address and not to expire.
Of course, if you are replicating the zones between agency's or relying on the Domain Controller itself to act as DNS server for both Agency's you have little hope of this working.
Another way to solve the problem is to put a DC in the Agency B location, create a site for Agency B and associated subnet. Then configure to firewalls to allow point-to-point communication between the Agency A DC in the DMZ and the Agency B DC that sites on their subnet.
This was first published in December 2004