Solved

Event id 5807 Netlogon

Posted on 2011-09-07
4
5,771 Views
Last Modified: 2012-05-12
Hi guys hope you are all well and can assist.

We seem to be getting the following error a lot on our dcs..

System Log
Event ID: 5807
Source: NETLOGON
Type: Warning

During the past 4.25 hours there have been 522 connections to this Domain Controller from client machines whose IP addresses don't map to any of the existing sites in the enterprise. Those clients, therefore, have undefined sites and may connect to any Domain Controller including those that are in far distant locations from the clients. A client's site is determined by the mapping of its subnet to one of the existing sites. To move the above clients to one of the sites, please consider creating subnet object(s) covering the above IP addresses with mapping to one of the existing sites.  The names and IP addresses of the clients in question have been logged on this computer in the following log file '%SystemRoot%\debug\netlogon.log' and, potentially, in the log file '%SystemRoot%\debug\netlogon.bak' created if the former log becomes full. The log(s) may contain additional unrelated debugging information. To filter out the needed information, please search for lines which contain text 'NO_CLIENT_SITE:'. The first word after this string is the client name and the second word is the client IP address. The maximum size of the log(s) is controlled by the following registry DWORD value 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters\LogFileMaxSize'; the default is 20000000 bytes.  The current maximum size is 20000000 bytes.  To set a different maximum size, create the above registry value and set the desired maximum size in bytes.


Now, I have looked in the log:

'%SystemRoot%\debug\netlogon.log'

What I want to understand is are these machines attempting to logon to the domain, and as such, trying to contact a domain controller?

If they are remote machines that should not be trying to log on to the domain, then how can we stop them from trying?

Any help greatly appreciated.
0
Comment
Question by:Simon336697
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 25

Accepted Solution

by:
Sekar Chinnakannu earned 250 total points
ID: 36500268
seems Clients that have IP addresses that do not map to any of the existing sites in the enterprise were connected to the specified domain controller.Map the client IP addresses to an existing site.

Try
1. Open Active Directory Sites and Services.
2. Expand Sites.
3. Right-click Subnets and press New Subnet.
4. Type the <Client IPaddress> into the Address box.
5. Type the subnet mask into the Mask box.
6. In the Site Name box, select the site object that contains the local domain controller and press OK.
7. Close Active Directory Sites and Services.

http://support.microsoft.com/kb/889031
0
 
LVL 1

Author Comment

by:Simon336697
ID: 36500441
Thanks for your kind help on this.
0
 
LVL 24

Assisted Solution

by:Sandeshdubey
Sandeshdubey earned 250 total points
ID: 36500472
Refer this link:http://support.microsoft.com/kb/889031 define the IP address of the client computer in the Subnets folder, and then map the IP address to the site that contains the local domain controller.

Note:The first thing that you need to know about Active Directory sites is that the sites themselves are a logical structure that mimics your network’s physical topology. Typically, each site will represent a well connected area of your network. Some administrators like to create a separate site for each network segment, but I tend to prefer to create sites based on connectivity speed. My rule of thumb is that there should be a site link for every WAN connector, and every part of your network that is separated from another part by a WAN link should be represented by a site.

0
 
LVL 1

Author Comment

by:Simon336697
ID: 36519983
Thanks guys to both of you.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Always backup Domain, SYSVOL etc.using processes according to Microsoft Best Practices. This is meant as a disaster recovery process for small environments that did not implement backup processes and did not run a secondary domain controller that ne…
After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

623 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question