I agree...my question is whether this is expected behavior or not. As a very good Microsoft engineer once told me, "we don't want to cover up evil". If AD is acting as expected, then you're right and we'll handle it. If not, then it would be good to know that as well.
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Roger Seielstad Sent: Monday, April 04, 2005 10:03 PM To: [email protected] Subject: RE: [ActiveDir] Unmapped IP Subnets in Another AD Forest It strikes me like the best way to handle that is to provide correct site and subnet mappings across both (all) forests - especially when there are cross forest processes happening. -------- Roger Seielstad E-mail Geek > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Rachui, Scott > Sent: Monday, April 04, 2005 6:20 PM > To: [email protected] > Subject: [ActiveDir] Unmapped IP Subnets in Another AD Forest > > I have an odd problem. I checked one of our AD 2000 (SP4) > forests today. It had a flurry of Event ID 5778s as shown below: > > Event Type: Information > Event Source: NETLOGON > Event Category: None > Event ID: 5778 > Date: 4/4/2005 > Time: 9:14:17 PM > User: N/A > Computer: <Domain Controller> > Description: > '<Computer Name>' tried to determine its site by looking up > its IP address ('<IP Address>') in the > Configuration\Sites\Subnets container in the DS. No subnet > matched the IP address. Consider adding a subnet object for > this IP address. > > The only problem was that in some cases, the computers > mentioned in the events were authenticating to another > forest. There is a 2-way trust between Forest A and Forest > B. The user and computer are both in Forest A, with only > resources in Forest B (a migration is underway). > > My understanding of unmapped subnets is that DNS will give > you a random list of DCs and you'll query them to find you're > optimal site. If your IP Address is unmapped, you'll use > whichever DC replies first. But you'll also re-query AD > every 15 minutes until your IP Subnet is defined and you are > using AD optimally. > > Now if a computer is authenticating to Forest A and then only > accessing resources in Forest B, why would he post 5778 > events just because his IP Subnet from Forest A isn't also > defined in Forest B? This seems wrong to me, somehow. But I > thought I'd ask the experts on this alias to see if you had > any thoughts. > > Thanks in advance for your thoughts and help. > > Scott > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
