Solved

Event id 5807 Netlogon

Posted on 2011-09-07
4
4,981 Views
Last Modified: 2012-05-12
Hi guys hope you are all well and can assist.

We seem to be getting the following error a lot on our dcs..

System Log
Event ID: 5807
Source: NETLOGON
Type: Warning

During the past 4.25 hours there have been 522 connections to this Domain Controller from client machines whose IP addresses don't map to any of the existing sites in the enterprise. Those clients, therefore, have undefined sites and may connect to any Domain Controller including those that are in far distant locations from the clients. A client's site is determined by the mapping of its subnet to one of the existing sites. To move the above clients to one of the sites, please consider creating subnet object(s) covering the above IP addresses with mapping to one of the existing sites.  The names and IP addresses of the clients in question have been logged on this computer in the following log file '%SystemRoot%\debug\netlogon.log' and, potentially, in the log file '%SystemRoot%\debug\netlogon.bak' created if the former log becomes full. The log(s) may contain additional unrelated debugging information. To filter out the needed information, please search for lines which contain text 'NO_CLIENT_SITE:'. The first word after this string is the client name and the second word is the client IP address. The maximum size of the log(s) is controlled by the following registry DWORD value 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters\LogFileMaxSize'; the default is 20000000 bytes.  The current maximum size is 20000000 bytes.  To set a different maximum size, create the above registry value and set the desired maximum size in bytes.


Now, I have looked in the log:

'%SystemRoot%\debug\netlogon.log'

What I want to understand is are these machines attempting to logon to the domain, and as such, trying to contact a domain controller?

If they are remote machines that should not be trying to log on to the domain, then how can we stop them from trying?

Any help greatly appreciated.
0
Comment
Question by:Simon336697
  • 2
4 Comments
 
LVL 24

Accepted Solution

by:
Sekar Chinnakannu earned 250 total points
ID: 36500268
seems Clients that have IP addresses that do not map to any of the existing sites in the enterprise were connected to the specified domain controller.Map the client IP addresses to an existing site.

Try
1. Open Active Directory Sites and Services.
2. Expand Sites.
3. Right-click Subnets and press New Subnet.
4. Type the <Client IPaddress> into the Address box.
5. Type the subnet mask into the Mask box.
6. In the Site Name box, select the site object that contains the local domain controller and press OK.
7. Close Active Directory Sites and Services.

http://support.microsoft.com/kb/889031
0
 
LVL 1

Author Comment

by:Simon336697
ID: 36500441
Thanks for your kind help on this.
0
 
LVL 24

Assisted Solution

by:Sandeshdubey
Sandeshdubey earned 250 total points
ID: 36500472
Refer this link:http://support.microsoft.com/kb/889031 define the IP address of the client computer in the Subnets folder, and then map the IP address to the site that contains the local domain controller.

Note:The first thing that you need to know about Active Directory sites is that the sites themselves are a logical structure that mimics your network’s physical topology. Typically, each site will represent a well connected area of your network. Some administrators like to create a separate site for each network segment, but I tend to prefer to create sites based on connectivity speed. My rule of thumb is that there should be a site link for every WAN connector, and every part of your network that is separated from another part by a WAN link should be represented by a site.

0
 
LVL 1

Author Comment

by:Simon336697
ID: 36519983
Thanks guys to both of you.
0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

I'm sure that every Windows systems administrator has written, or at least used, a batch or VBS login script at some point in their career, whether it is to map network drives, install printers, or set some user preferences.  No more! With Window…
In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

948 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now