Event ID 5810 on windows 2008 R2 Domain Controller
-
Tuesday, May 01, 2012 1:34 PM
Good day,
I am getting the Event ID 5810 Netlogon Warning on my new installed Windows 2008 R2 Domain Controllers. how can solve this issue.
Details:
============================================================================
Log Name: System
Source: NETLOGON
Date: 5/1/2012 3:11:06 PM
Event ID: 5810
Task Category: None
Level: Warning
Keywords: Classic
User: N/A
Computer: DC-Server2.Domain.internal
Description:
During the past 4.21 hours, this domain controller has received 6 connections from dual-stack IPv4/IPv6 clients with partial subnet-site mappings. A client has a partial subnet-site mapping if its IPv4 address is mapped to a site but its global IPv6 address is not mapped to a site, or vice versa. To ensure correct behavior for applications running on member computers and servers that rely on subnet-site mappings, dual-stack IPv4/IPv6 clients must have both IPv4 and global IPv6 addresses mapped to the same site. If a partially mapped client attempts to connect to this domain controller using its unmapped IP address, its mapped address is used for the client's site mapping.The log files %SystemRoot%\debug\netlogon.log or %SystemRoot%\debug\netlogon.bak contain the name, unmapped IP address and mapped IP address for each partially mapped client. The log files may also contain unrelated debugging information. To locate the information pertaining to partial-subnet mappings, search for lines that contain the text 'PARTIAL_CLIENT_SITE_MAPPING:'. The first word after this text is the client name. Following the client name is the client's unmapped IP address (the IP address that does not have a subnet-site mapping) and the client's mapped IP address, which was used to return site information.
USER ACTION
Use the Active Directory Sites and Services management console (MMC) snap-in to add the subnet mapping for the unmapped IP addresses to the same site being used by the mapped IP addresses. When adding site mappings for IPv6 addresses, you should use global IPv6 addresses and not for instance temporary, link-local or site-local IPv6 addresses.The default maximum size of the log files is 20000000 bytes. The current maximum size is 20000000 bytes. To set a different maximum size, create the following registry DWORD value to specify the maximum size in bytes:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters\LogFileMaxSize
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="NETLOGON" />
<EventID Qualifiers="0">5810</EventID>
<Level>3</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2012-05-01T12:11:06.000000000Z" />
<EventRecordID>14279</EventRecordID>
<Channel>System</Channel>
<Computer>MSC-Server2.kawargroup.internal</Computer>
<Security />
</System>
<EventData>
<Data>4.21</Data>
<Data>6</Data>
<Data>20000000</Data>
<Data>20000000</Data>
</EventData>
</Event>==========================================================================
Regards
Elias Dayeh
All Replies
-
Tuesday, May 01, 2012 1:54 PM
IS the sites and services are configured properly? Subnets are defined and associated with sites properly?
Have a look at http://support.microsoft.com/kb/889031
Regards,
_Prashant_
MCSA|MCITP SA|Microsoft Exchange 2003 Blog - http://prashant1987.wordpress.com Disclaimer: This posting is provided AS-IS with no warranties/guarantees and confers no rights.
-
Tuesday, May 01, 2012 2:08 PM
Hello,
Please use dssite.msc to add all IPv4 / IPv6 subnets in use and link them to the correct AD sites.
This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.Microsoft Student Partner 2010 / 2011
Microsoft Certified Professional
Microsoft Certified Systems Administrator: Security
Microsoft Certified Systems Engineer: Security
Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration
Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration
Microsoft Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration
Microsoft Certified Technology Specialist: Windows 7, Configuring
Microsoft Certified Technology Specialist: Designing and Providing Volume Licensing Solutions to Large Organizations
Microsoft Certified IT Professional: Enterprise Administrator
Microsoft Certified IT Professional: Server Administrator
Microsoft Certified Trainer -
Tuesday, May 01, 2012 3:08 PMModerator
I presume you have undefined site/subnet and you can start reviewing %systemroot%\Debug\Netlogon.log file for the undefined site and subnet info in the ADSS. You can also use this cmd nltest /dsaddresstosite:DC.domain.com /addresses:192.168.XX.XX to find undefined subnet.
Active Directory Sites and Services http://technet.microsoft.com/en-us/library/cc730868.aspx
Resources for Active Directory Sites and Services http://technet.microsoft.com/en-us/library/cc755294.aspx
Awinish Vishwakarma - MVP - Directory Services
My Blog: awinish.wordpress.com Disclaimer This posting is provided AS-IS with no warranties/guarantees and confers no rights. -
Wednesday, May 02, 2012 7:35 AM
Thanks for your replies , will check & revert soon.
Regards
Elias
-
Wednesday, May 02, 2012 8:39 AM
Since there are client subnet which are not mapped to required AD sites and service hence you are recieving the above mention event id.check the netlogon.log file on the Windows Server 2008 DC, you may find text entries that are similar to the following in the Netlogon.log file:
07/22 10:02:32 netbios_Domain_Name: NO_CLIENT_SITE: Client_NameClient_IPaddress 07/22 10:02:32 netbios_Domain_Name: NO_CLIENT_SITE: Client_NameClient_IPaddress 07/22 10:03:07 netbios_Domain_Name: NO_CLIENT_SITE: Client_Name Client_IPaddress
To fix the issue you need to map the subnet to required site.See this :http://support.microsoft.com/kb/889031
Hope this helpsBest Regards,
Sandesh Dubey.
MCSE|MCSA:Messaging|MCTS|MCITP:Enterprise Adminitrator | My Blog
Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights. -
Wednesday, May 02, 2012 8:56 AM
Dear Sandesh, I have attached a snaposhot of some lines in netlogon.log file , I am not used to IPv6 & its subnets in DNS yet, so can you assist to add the needed subnets in the DNS.
Regards
Elias Dayeh
-
Wednesday, May 02, 2012 9:15 AM
Hello,
see here about creating the subnet in AD sites and services http://technet.microsoft.com/en-us/library/cc816870(WS.10).aspx either for IPv4 or IPv6.
So you are using IPv6 in your network for all machines?
Best regards
Meinolf Weber
MVP, MCP, MCTS
Microsoft MVP - Directory Services
My Blog: http://msmvps.com/blogs/mweber/Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.
-
Wednesday, May 02, 2012 9:47 AM
Hi, I use IPv4 in my Network & , but on new PCs & Servers the IPv6 is by default enabled & I didn't disable it. They are getting the IPv6 automatically.
I want to get rid of the warning but at the same time I am not ready to apply the IPv6 (I even cannot figure out the subnet that I have to add )
Elias
-
Wednesday, May 02, 2012 10:20 AM
Hello,
have you added the 198.33.20.0 subnet to AD sites and services?
Best regards
Meinolf Weber
MVP, MCP, MCTS
Microsoft MVP - Directory Services
My Blog: http://msmvps.com/blogs/mweber/Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.
-
Wednesday, May 02, 2012 10:22 AMYes , it is already added ..
-
Thursday, May 03, 2012 3:16 AM
As mentioned before you need to map the subnet to require site for above event to be occuring again.Run ipconfig /all you should be able to see the IPv4 address of the server/client.However you can set the IPv6 to automatically as below.
Don't disable IPv6 on server, let it be default as many of the services utilize in the newer OS like Direct access, exchange 2010 etc.Windows 2008 R2/7 uses IPv6 and it should be configured to dynamic (Automatically).
It is not recommended from the MS to disable IPv6, take a look at below articles on IPv6. http://technet.microsoft.com/en-us/magazine/2009.07.cableguy.aspx
Arguments against disabling IPv6
http://blogs.technet.com/b/netro/archive/2010/11/24/arguments-against-disabling-ipv6.aspxYou can disable the Pv6 on worksation.
http://support.microsoft.com/kb/929852
How to disable IPv6 by GPO.
http://social.technet.microsoft.com/wiki/contents/articles/5927.how-to-disable-ipv6-through-group-policy.aspx
http://www.curuit.com/how-to-disable-ipv6-via-group-policy-(gpo)-20100820459/Hope this helps
Best Regards,
Sandesh Dubey.
MCSE|MCSA:Messaging|MCTS|MCITP:Enterprise Adminitrator | My Blog
Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.- Marked As Answer by Elias Dayeh Thursday, May 03, 2012 9:27 AM
-
Thursday, May 03, 2012 3:30 AM
You can also use ping hostname -4 to get the IP address instead of diabling the IPv6.
http://theitbros.com/ping-returns-ipv6-address-ping-ipv4 OR
set DisabledComponents registry key value to 0x200x20 = Prefer IPv4 over IPv6
Navigate to the following registry key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\DisabledComponents (32-bit DWORD value)
Reference link:http://support.microsoft.com/kb/929852
Best Regards,
Sandesh Dubey.
MCSE|MCSA:Messaging|MCTS|MCITP:Enterprise Adminitrator | My Blog
Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
.png)
