Problem:
On one or more of you domain controllers you are receiving a message similar to the below in the System log from Netlogon with the event ID of 5807.
Event Type: Warning
Event Source: NETLOGON
Event Category: None
Event ID: 5807
Date: 21/07/2010
Time: 14:40:58
User: N/A
Computer: ***********
Description:
During the past 4.04 hours there have been 18 connections to this Domain Controller from client machines whose IP addresses don’t map to any of the existing sites in the enterprise. Those clients, therefore, have undefined sites and may connect to any Domain Controller including those that are in far distant locations from the clients. A client’s site is determined by the mapping of its subnet to one of the existing sites. To move the above clients to one of the sites, please consider creating subnet object(s) covering the above IP addresses with mapping to one of the existing sites. The names and IP addresses of the clients in question have been logged on this computer in the following log file ‘%SystemRoot%\debug\netlogon.log’ and, potentially, in the log file ‘%SystemRoot%\debug\netlogon.bak’ created if the former log becomes full. The log(s) may contain additional unrelated debugging information. To filter out the needed information, please search for lines which contain text ‘NO_CLIENT_SITE:’. The first word after this string is the client name and the second word is the client IP address. The maximum size of the log(s) is controlled by the following registry DWORD value ‘HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters\LogFileMaxSize’; the default is 20000000 bytes. The current maximum size is 20000000 bytes. To set a different maximum size, create the above registry value and set the desired maximum size in bytes.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Cause:
This is actually a very good log message (if a little long), it highlights that you have failed to add a subnet(s) into Active Directory Sites and Services for a subnet where some of your domain computers are connected.
Solution:
You will need to add the subnet(s) to Sites and Services.
First you will need to know the affected subnet(s), as the log message says “clients in question have been logged on this computer in the following log file ‘%SystemRoot%\debug\netlogon.log’ “. If you open this log or potentially the netlogon.bak log on your domain controller you will see something similar to the below for the time the Windows event log was generated.
07/21 14:41:00 ******: NO_CLIENT_SITE: ****** 10.140.100.230
07/21 14:41:54 ******: NO_CLIENT_SITE: ****** 10.140.100.230
07/21 14:41:54 ******: NO_CLIENT_SITE: ****** 10.140.100.230
Next open the Active Directory Sites and Services MMC
Expand Sites => Subnets
Right-click Subnets and select New => Subnet
In the “New Object – Subnet” dialog complete the “Prefix” feild with the subnet/CIDR for example 10.140.100.0/22
Select the Site Name of the site that will be authenticating this subnet and click ok
Will this issue with 5807 cause network latency? Are there any papers out there that tell why?