I have an odd problem. I checked one of our AD 2000 (SP4) forests
today. It had a flurry of Event ID 5778s as shown below:
Event Type: Information
Event Source: NETLOGON
Event Category: None
Event ID: 5778
Date: 4/4/2005
Time: 9:14:17 PM
User: N/A
Computer: <Domain Controller>
Description:
'<Computer Name>' tried to determine its site by looking up its IP
address ('<IP Address>') in the Configuration\Sites\Subnets container in
the DS. No subnet matched the IP address. Consider adding a subnet
object for this IP address.
The only problem was that in some cases, the computers mentioned in the
events were authenticating to another forest. There is a 2-way trust
between Forest A and Forest B. The user and computer are both in Forest
A, with only resources in Forest B (a migration is underway).
My understanding of unmapped subnets is that DNS will give you a random
list of DCs and you'll query them to find you're optimal site. If your
IP Address is unmapped, you'll use whichever DC replies first. But
you'll also re-query AD every 15 minutes until your IP Subnet is defined
and you are using AD optimally.
Now if a computer is authenticating to Forest A and then only accessing
resources in Forest B, why would he post 5778 events just because his IP
Subnet from Forest A isn't also defined in Forest B? This seems wrong
to me, somehow. But I thought I'd ask the experts on this alias to see
if you had any thoughts.
Thanks in advance for your thoughts and help.
Scott
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
