Udostępnij za pośrednictwem


I see this time and time again

Hi. I get out to a lot and I mean a lot of customer sites. I also see many Active Directories. Some of them well maintained and some of them facing challenges :). However consistently across these environments there is always a similiar issue that raises its head. This being Site Configuration and subnets NOT being associated with them.

So what are the implications of this you ask ?

Well associating sites with sub nets ensures that clients are authenticated by the most appropriate domain controller. When a client comes up onto the network to look for a Domain Controller if it cannot locate a Domain Controller that is considered "in-site" then the following event codes 5807 (Windows 2003) will be logged to the system event log of the Authenticating Domain Controller.

See Information Below;

Event ID: 5807 Source: NETLOGON

User: N/A

Computer: ComputerName

Description: During the past number hours there have been number connections to this Domain Controller from client machines whose IP addresses don't map to any of the existing sites in the enterprise. Those clients, therefore, have undefined sites and may connect to any Domain Controller including those that are in far distant locations from the clients. A client's site is determined by the mapping of its subnet to one of the existing sites. To move the above clients to one of the sites, please consider creating subnet object(s) covering the above IP addresses with mapping to one of the existing sites. The names and IP addresses of the clients in question have been logged on this to computer in the following log file 'SystemRoot\debug\netlogon.log' and, potentially, in the log file 'SystemRoot\debug\netlogon.bak' created if the former log becomes full. The log(s) may contain additional unrelated debugging information. To filter out the needed information, please search for lines which contain text 'NO_CLIENT_SITE:'. The first word after this string is the client name and the second word is the client IP address. The maximum size of the log(s) is controlled by the following registry DWORD value'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters\LogFileMaxSize'; the default is 20000000 bytes. The current maximum size is 20000000 bytes. To set a different maximum size, create the above registry value and set the desired maximum size in bytes.

So to prevent these type of Events filling up the System Logs of your Domain Controllers, ensure you have a procedure in place to create and associate Subnets to Sites. If your Network team control the commissioning of New Subnets or this is outsourced, ensure they have a process in place to inform you everytime a New Subnet is created. The effect of not doing this is that your clients and application servers will be potentially Authenticating across the Wan to totally inappropriate Domain Controllers. Plus utilising Domain Controllers which are not optimised or overloaded to handle this.

Comments