Event ID 5807 (NetLogon) on a Windows 2003 Domain Controller

A client computer that logs onto a domain that includes Windows Server 2003 domain controllers AND Active Directory Sites may be authenticated by a remote domain controller instead of by the local domain controller.

If the IP-address of a computer is not defined in the subnets, then the following error is displayed on a Windows 2003 Domain Controller:

Event Type: Warning
Event Source: NETLOGON
Event Category: None
Event ID: 5807
Computer: DOMAIN CONTROLLER
Description:
During the past 4,12 hours there have been 9 connections to this Domain Controller from client machines whose IP addresses don’t map to any of the existing sites in the enterprise. Those clients, therefore, have undefined sites and may connect to any Domain Controller including those that are in far distant locations from the clients. A client’s site is determined by the mapping of its subnet to one of the existing sites. To move the above clients to one of the sites, please consider creating subnet object(s) covering the above IP addresses with mapping to one of the existing sites. The names and IP addresses of the clients in question have been logged on this computer in the following log file ‘%SystemRoot%debugnetlogon.log’ and, potentially, in the log file ‘%SystemRoot%debugnetlogon.bak’ created if the former log becomes full. The log(s) may contain additional unrelated debugging information. To filter out the needed information, please search for lines which contain text ‘NO_CLIENT_SITE:’. The first word after this string is the client name and the second word is the client IP address. The maximum size of the log(s) is controlled by the following registry DWORD value ‘HKLMSYSTEMCurrentControlSetServicesNetlogonParametersLogFileMaxSize’; the default is 20000000 bytes. The current maximum size is 20000000 bytes. To set a different maximum size, create the above registry value and set the desired maximum size in bytes.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Solution

Open the following file : %SYSTEMROOT%Debugnetlogon.log
You should see a similar entry:

02/15 10:51:27 DOMAIN: NO_CLIENT_SITE: COMPUTERNAME IP-ADRESS

  • Open Active Directory Sites and Services and expand Sites.
  • Right-click Subnets and press New Subnet.
  • Type the IP-address of the computer into the Address box.
  • Type the subnet mask into the Mask box
  • Select the site that contains the local domain controller

Hans Sleurink

Hans Sleurink works as a Senior Technical Consultant at VodafoneZiggo in the Netherlands where he designs and deploys Microsoft Unified Communications solutions . His main focus is on, but not limited to, Skype for Business / Lync including Enterprise Voice, Anywhere365, AudioCodes, KEMP, Exchange, Office 365, Active Directory and other UC related topics.

More Posts - Website

Follow Me:
TwitterFacebookLinkedInGoogle Plus

Leave a Reply