Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Event id 5807 Netlogon

Posted on 2011-09-07
4
Medium Priority
?
6,182 Views
Last Modified: 2012-05-12
Hi guys hope you are all well and can assist.

We seem to be getting the following error a lot on our dcs..

System Log
Event ID: 5807
Source: NETLOGON
Type: Warning

During the past 4.25 hours there have been 522 connections to this Domain Controller from client machines whose IP addresses don't map to any of the existing sites in the enterprise. Those clients, therefore, have undefined sites and may connect to any Domain Controller including those that are in far distant locations from the clients. A client's site is determined by the mapping of its subnet to one of the existing sites. To move the above clients to one of the sites, please consider creating subnet object(s) covering the above IP addresses with mapping to one of the existing sites.  The names and IP addresses of the clients in question have been logged on this computer in the following log file '%SystemRoot%\debug\netlogon.log' and, potentially, in the log file '%SystemRoot%\debug\netlogon.bak' created if the former log becomes full. The log(s) may contain additional unrelated debugging information. To filter out the needed information, please search for lines which contain text 'NO_CLIENT_SITE:'. The first word after this string is the client name and the second word is the client IP address. The maximum size of the log(s) is controlled by the following registry DWORD value 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters\LogFileMaxSize'; the default is 20000000 bytes.  The current maximum size is 20000000 bytes.  To set a different maximum size, create the above registry value and set the desired maximum size in bytes.


Now, I have looked in the log:

'%SystemRoot%\debug\netlogon.log'

What I want to understand is are these machines attempting to logon to the domain, and as such, trying to contact a domain controller?

If they are remote machines that should not be trying to log on to the domain, then how can we stop them from trying?

Any help greatly appreciated.
0
Comment
Question by:Simon336697
  • 2
4 Comments
 
LVL 25

Accepted Solution

by:
Sekar Chinnakannu earned 1000 total points
ID: 36500268
seems Clients that have IP addresses that do not map to any of the existing sites in the enterprise were connected to the specified domain controller.Map the client IP addresses to an existing site.

Try
1. Open Active Directory Sites and Services.
2. Expand Sites.
3. Right-click Subnets and press New Subnet.
4. Type the <Client IPaddress> into the Address box.
5. Type the subnet mask into the Mask box.
6. In the Site Name box, select the site object that contains the local domain controller and press OK.
7. Close Active Directory Sites and Services.

http://support.microsoft.com/kb/889031
0
 
LVL 1

Author Comment

by:Simon336697
ID: 36500441
Thanks for your kind help on this.
0
 
LVL 24

Assisted Solution

by:Sandeshdubey
Sandeshdubey earned 1000 total points
ID: 36500472
Refer this link:http://support.microsoft.com/kb/889031 define the IP address of the client computer in the Subnets folder, and then map the IP address to the site that contains the local domain controller.

Note:The first thing that you need to know about Active Directory sites is that the sites themselves are a logical structure that mimics your network’s physical topology. Typically, each site will represent a well connected area of your network. Some administrators like to create a separate site for each network segment, but I tend to prefer to create sites based on connectivity speed. My rule of thumb is that there should be a site link for every WAN connector, and every part of your network that is separated from another part by a WAN link should be represented by a site.

0
 
LVL 1

Author Comment

by:Simon336697
ID: 36519983
Thanks guys to both of you.
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A hard and fast method for reducing Active Directory Administrators members.
Microsoft Office 365 is a subscriptions based service which includes services like Exchange Online and Skype for business Online. These services integrate with Microsoft's online version of Active Directory called Azure Active Directory.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

773 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question