It strikes me like the best way to handle that is to provide correct site and subnet mappings across both (all) forests - especially when there are cross forest processes happening.
-------- Roger Seielstad E-mail Geek > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Rachui, Scott > Sent: Monday, April 04, 2005 6:20 PM > To: [email protected] > Subject: [ActiveDir] Unmapped IP Subnets in Another AD Forest > > I have an odd problem. I checked one of our AD 2000 (SP4) > forests today. It had a flurry of Event ID 5778s as shown below: > > Event Type: Information > Event Source: NETLOGON > Event Category: None > Event ID: 5778 > Date: 4/4/2005 > Time: 9:14:17 PM > User: N/A > Computer: <Domain Controller> > Description: > '<Computer Name>' tried to determine its site by looking up > its IP address ('<IP Address>') in the > Configuration\Sites\Subnets container in the DS. No subnet > matched the IP address. Consider adding a subnet object for > this IP address. > > The only problem was that in some cases, the computers > mentioned in the events were authenticating to another > forest. There is a 2-way trust between Forest A and Forest > B. The user and computer are both in Forest A, with only > resources in Forest B (a migration is underway). > > My understanding of unmapped subnets is that DNS will give > you a random list of DCs and you'll query them to find you're > optimal site. If your IP Address is unmapped, you'll use > whichever DC replies first. But you'll also re-query AD > every 15 minutes until your IP Subnet is defined and you are > using AD optimally. > > Now if a computer is authenticating to Forest A and then only > accessing resources in Forest B, why would he post 5778 > events just because his IP Subnet from Forest A isn't also > defined in Forest B? This seems wrong to me, somehow. But I > thought I'd ask the experts on this alias to see if you had > any thoughts. > > Thanks in advance for your thoughts and help. > > Scott > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
