HI

Running Windows 2003 DC's and I am seeing the following errors in the Event log:

"During the past 4.25 hours there have been 185 connections to this Domain Controller from client machines whose IP addresses don't map to any of the existing sites in the enterprise"

I checked out the corresponding logs which showed client connecting with "'NO_CLIENT_SITE:" which infers they're in a subnet which has not been defined in AD Sites and Services.

Is this something to worry about? Am I correct in thinking that they would connect to the nearest site anyway?

This means that the clients address did not match any subnet definition found in AD Sites and Services and therefore cannot be associated with any particular site.  Because of this the more DCs you have in the domain the less likely the client is to find the 'best' DC.  You need to fix the site-subnet affinity by defining the client's subnet in AD and associating it with an appropriate site.  If you are using Microsoft DNS with the default configuration, the DNS server returns the query for DCs using Subnet Priority, presumes a 24 bit mask, and will improve the odds your client is able to target a DC - if and only if - there happens to be a DC in the same site as the client.  In practice, this should never be counted on at all as it is very rare to have a DC in the same subnet as a client -- unless the 'enterprise' is so small it consists o a single LAN in which the default, lack of subnet definitions, implies all clients presumed to be in the default site.

You might want to check out the script on Doug's blog here:  http://blogs.technet.com/b/askpfeplat/archive/2011/12/26/in-search-of-roaming-active-directory-clients-how-to-scriptomatically-identify-missing-active-directory-subnet-definitions.aspx.  Doug is an ex-coworker of mine, from my days at Microsoft PFE, and I can assure you his blog is worth reading.

David Taylor,

Former Microsoft PFE

www.theUnluckyFish.com

• Proposed as answer by Sandesh DubeyMicrosoft community contributor Wednesday, March 06, 2013 4:00 AM
• Marked as answer by Vivian_WangMicrosoft community contributor, Moderator Monday, March 11, 2013 1:04 AM

You need to mention IP-Subnet in Active Directory Sites and service it helps the DC locator process to locate the nearest and best DC to entertain logon request

Read below for more info on DC locator process and your issue

DC Locator What Does "NO_CLIENT_SITE" Mean In Netlogon.log
http://jorgequestforknowledge.wordpress.com/2011/01/27/dc-locator-what-does-quot-no-client-site-quot-mean-in-netlogon-log/

• The IP address of the client computer is not defined.
• The IP address of the client computer is not mapped to an existing site in the Subnets folder of the  Active Directory Sites and Services snap-in on the local domain controller.

You may receive event ID 5807 on a Windows Server 2003-based domain controller
http://support.microsoft.com/kb/889031

HI,

I got the same event. Event ID:      5807.  checked out the corresponding logs which showed client connecting with "'NO_CLIENT_SITE:"  subnet which has not been defined in AD Sites and Services

we are a seperate forest and trust with HQ forest. So do we need to add these HQ subnet to our site and services?

As

• Edited by AUSSUPPORT 2 hours 3 minutes ago

HI,

I got the same event. Event ID:      5807.  checked out the corresponding logs which showed client connecting with "'NO_CLIENT_SITE:"  subnet which has not been defined in AD Sites and Services

we are a seperate forest and trust with HQ forest. So do we need to add these HQ subnet to our site and services?

As

• Edited by AUSSUPPORT 2 hours 4 minutes ago