Re: Event ID 5807 / Netlogon
- From: "Paul Bergson" <pbergson@xxxxxxxxxxxxxxxxx>
- Date: Thu, 29 Jun 2006 08:15:48 -0500
Defining sites assist the client into knowing which dc or dc's should be
used to authenticate. If an ip subnet isn't defined in sites and services,
if I recall correctly, the client goes to the first defined site within your
domain.
You don't have to define a seperate site but you should have subnets defined
for the sites that will have clients authenticating to your domain. I would
do as you have done and define the new subnets into the sites where you want
your clients to authenticate to.
Whether or not this is best practice I'm am unsure. I'm sure others will
post on this as well.
--
Paul Bergson MCT, MCSE, MCSA, Security+, CNE, CNA, CCA
http://www.pbbergs.com
Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no rights.
"ThOF" <mpareja@xxxxxxxxx> wrote in message
news:OF1ZZO3mGHA.1208@xxxxxxxxxxxxxxxxxxxxxxx
Hi all the group;
I'm constantly seeing on some of my DCs the Event ID 5807 (source
Netlogon) which argues about client IP addresses not mapped to any site
The IPs that appearsin the netlogon.log file are IPs from remote VPN
clients and also IPs from another different Windows domains in which we
trust (we've configured trust relationships among them, but I don't think
it should be neccesary define new sites for those remote domains!)
I've searched all over the Internet and Google Groups to see if some
decent explanation and/or workaround can be done for this, but wasn't
unable to find it
Remote clients (RAS/VPN) are in fact appearing in the netlogon.log with
their public IP addresses (i.e. 80.0.0.0/24) not with the "conversed"
internal ones.
On the other hand, DCs from remote domains in which we trust appear with
their "correct" internal IP addresses (i.e. 172.16.0.0/16)
Anyway, for this kind of cases, what would be the best
solution/workaround? Define a new subnet (i.e. 80.0.0.0/24) and then
associate it with the existing site where the DC that is arguing belongs?
Obviously, I don't want to define a new site for the remote users because
that site will not have any DCs!!! (the DCs for those clients are added in
the remote domain, of course). Moreover, if I try to define a new site in
my domain I have to add the replication link between this new site and the
other existing ones, and I don't want this, neither!!)
What I have done by now is to simply create subnets for the "unclassified"
IPs and then simply assign those subnets to our local site (where the main
DC is located) although I recognise those clients shouldn't belong to
it... but is the best solution I've thought of
Regards and many thanks in advance.
.
- References:
- Event ID 5807 / Netlogon
- From: ThOF
- Event ID 5807 / Netlogon
- Prev by Date: Re: NS and domain A record affecting AD
- Next by Date: Re: Setting profiles specific to machines using Group Policy
- Previous by thread: Event ID 5807 / Netlogon
- Next by thread: Re: Event ID 5807 / Netlogon
- Index(es):
Relevant Pages
|
Loading
