Event id 5807 Netlogon

Hi guys hope you are all well and can assist.

We seem to be getting the following error a lot on our dcs..

System Log
Event ID: 5807
Source: NETLOGON
Type: Warning

During the past 4.25 hours there have been 522 connections to this Domain Controller from client machines whose IP addresses don't map to any of the existing sites in the enterprise. Those clients, therefore, have undefined sites and may connect to any Domain Controller including those that are in far distant locations from the clients. A client's site is determined by the mapping of its subnet to one of the existing sites. To move the above clients to one of the sites, please consider creating subnet object(s) covering the above IP addresses with mapping to one of the existing sites.  The names and IP addresses of the clients in question have been logged on this computer in the following log file '%SystemRoot%\debug\netlogon.log' and, potentially, in the log file '%SystemRoot%\debug\netlogon.bak' created if the former log becomes full. The log(s) may contain additional unrelated debugging information. To filter out the needed information, please search for lines which contain text 'NO_CLIENT_SITE:'. The first word after this string is the client name and the second word is the client IP address. The maximum size of the log(s) is controlled by the following registry DWORD value 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters\LogFileMaxSize'; the default is 20000000 bytes.  The current maximum size is 20000000 bytes.  To set a different maximum size, create the above registry value and set the desired maximum size in bytes.


Now, I have looked in the log:

'%SystemRoot%\debug\netlogon.log'

What I want to understand is are these machines attempting to logon to the domain, and as such, trying to contact a domain controller?

If they are remote machines that should not be trying to log on to the domain, then how can we stop them from trying?

Any help greatly appreciated.
LVL 1
Simon336697Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Sekar ChinnakannuStaff EngineerCommented:
seems Clients that have IP addresses that do not map to any of the existing sites in the enterprise were connected to the specified domain controller.Map the client IP addresses to an existing site.

Try
1. Open Active Directory Sites and Services.
2. Expand Sites.
3. Right-click Subnets and press New Subnet.
4. Type the <Client IPaddress> into the Address box.
5. Type the subnet mask into the Mask box.
6. In the Site Name box, select the site object that contains the local domain controller and press OK.
7. Close Active Directory Sites and Services.

http://support.microsoft.com/kb/889031

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Simon336697Author Commented:
Thanks for your kind help on this.
SandeshdubeySenior Server EngineerCommented:
Refer this link:http://support.microsoft.com/kb/889031 define the IP address of the client computer in the Subnets folder, and then map the IP address to the site that contains the local domain controller.

Note:The first thing that you need to know about Active Directory sites is that the sites themselves are a logical structure that mimics your network’s physical topology. Typically, each site will represent a well connected area of your network. Some administrators like to create a separate site for each network segment, but I tend to prefer to create sites based on connectivity speed. My rule of thumb is that there should be a site link for every WAN connector, and every part of your network that is separated from another part by a WAN link should be represented by a site.

Simon336697Author Commented:
Thanks guys to both of you.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.