Event ID 5807 Source NETLOGON
| Event ID | 5807 |
| Source | NETLOGON |
| Type | Warning |
| Description | During the past <number> hours there have been <number> connections to this Domain Controller from client machines whose IP addresses don't map to any of the existing sites in the enterprise. Those clients, therefore, have undefined sites and may connect to any Domain Controller including those that are in far distant locations from the clients. A client's site is determined by the mapping of its subnet to one of the existing sites. To move the above clients to one of the sites, please consider creating subnet object(s) covering the above IP addresses with mapping to one of the existing sites. The names and IP addresses of the clients in question have been logged on this computer in the following log file '<SystemRoot>\debug\netlogon.log' and, potentially, in the log file '<SystemRoot>\debug\netlogon.bak' created if the former log becomes full. The log(s) may contain additional unrelated debugging information. To filter out the needed information, please search for lines which contain text 'NO_CLIENT_SITE:'. The first word after this string is the client name and the second word is the client IP address. The maximum size of the log(s) is controlled by the following registry DWORD value 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters\LogFileMaxSize'; the default is <number> bytes. The current maximum size is <number> bytes. To set a different maximum size, create the above registry value and set the desired maximum size in bytes. |
| English, please! | This information is only available to subscribers. An example of English, please! |
| Concepts to understand |
What is the role of the Netlogon share? What is a DWORD? |
| Comments |
Mihai Andrei
This behavior will occur if the client IP address is not defined in the Subnets folder in Active Directory Sites and Services and it is not mapped to an existing site. See "JSI Tip 8877" to fix this problem. Ionut Marin See M889031 to resolve this problem. Mike Kostersitz As the message says, check the Netlogon.log and Netlogon.bak files in the <SystemRoot>\Debug Directory for potential clues. Ross Woodhams To resolve this, check the systemroot/debug/netlogon log for the workstation name, determine the IP address and network it is on. You will find that the network the workstation is on (ping) will not be any of the subnets assigned to any sites in your directory. Add the subnet to the site you want these clients to authen against in AD Sites and Services and allow for replication between DCs and the error will go. |
| Links | M889031, JSI Tip 8877 |
| Search | Google Web - Microsoft Support - Bing - EventID.Net Queue - More links... |
| Custom search | The custom search information is available to subscribers only. |
| Feedback | Send comments - Notify me when updated |
| Print version |