Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net. The EventId.Net for Splunk Add-on assumes that Splunk is collecting information from Windows servers and workstation via the Splunk Universal Forwarder.
'<computer name>' tried to determine its site by looking up its IP address ('<ip address>')in the Configuration\Sites\Subnets container in the DS. No subnet matched the IP address. Consider adding a subnet object for this IP address.
|English: Request a translation of the event description in plain English.|
|Concepts to understand:|
What is the role of the Netlogon share?
I got the same error on a two-site domain. The error occurred on a DC in site B and the WS that caused it was in site A. The IP address listed in the event log entry for the error was that of our router. The problem was, that I had NAT, i.e. IP masquerading enabled on the connection that linked the two sites. This affected the source IP address of the requests sent from the WS to the DC. The router replaced the WS's IP address with its own. Consequently, the DC could not find the correct site, because the router IP did not belong to either site’s subnets. Surprisingly, everything else between the two sites (ADS replication, NTFRS, domain logons, etc.) worked fine, even though NAT was enabled. To fix it I disabled, NAT on the inter-site connection. Adding the router subnet to the sites in "Sites and Services" console might also work, but I did not try it.
From a newsgroup post: "Look in AD Site and Services to make sure the subnet is defined and assigned to a site. If not create one and assign it to a site".
From a newsgroup post: "If your domain is all on one LAN then it is not important to have sites and subnets configured. Sites are primarily used for controlling logon, traffic, replication traffic and for site aware applications. If you do delete the subnets then you will probably start receiving informational event ID 5778 in the Netlogon log of your domain controllers. It will be logged when clients logon and it means that the client was unable to determine its site because it was unable to locate it's subnet in sites and services. You can delete the information and your domain will continue to function".
From a newsgroup post: "Subnet objects are used to efficiently route network authentication requests. For example, you do not want a client in Los Angeles authenticating to a DC in New York. This event message means that the client's IP was outside the range of mapped addresses. If you only have one site this does not do much harm beyond causing extra event log messages. If you have multiple sites, you should consider creating subnet objects using the Sites and Services Snap-In that map your subnet address to particular sites, (and subsequently 'closely located' DCs)".
ME316812 gives information on how to create and configure a site link in Active Directory in Windows 2000.
According to a newsgroup post: "A domain member machine attempts to determine what site it is in from its IP Address and subnet mask. A subnet object is requried in the site that matches that address for a given subnet mask."
See ME311759. As per Microsoft, this was fixed with the latest service pack.
|Private comment: Subscribers only. See example of private comment|
|Links: ME311759, ME316812|
|Search: Google - Bing - Microsoft - Yahoo - EventID.Net Queue (0) - More links...|
Send comments or solutions
- Notify me when updated