none
DC域控dcdiag 命令发现有一条错误 RRS feed

  • 问题

  • 我们公司是域架构,在香港,无锡,上海 各有一台DC,然后依据地理位置,设置对应的香港,无锡,上海站点,各自的DC都在自己的站点下,但是运行dcdiag 命令检查各个站点的DC,都有下面的报错,请问报错是什么意思,我该如何排查,谢谢。
                During the past 4.17 hours there have been 32 connections to this Domain Controller from client machines whose IP addresses don't map to any of the existing sites in the enterprise. Those clients, therefore, have undefined sites and may connect to any Domain Controller including those that are in far distant locations from the clients. A client's site is determined by the mapping of its subnet to one of the existing sites. To move the above clients to one of the sites, please consider creating subnet object(s) covering the above IP addresses with mapping to one of the existing sites.  The names and IP addresses of the clients in question have been logged on this computer in the following log file '%SystemRoot%\debug\netlogon.log' and, potentially, in the log file '%SystemRoot%\debug\netlogon.bak' created if the former log becomes full. The log(s) may contain additional unrelated debugging information. To filter out the needed information, please search for lines which contain text 'NO_CLIENT_SITE:'. The first word after this string is the client name and the second word is the client IP address. The maximum size of the log(s) is controlled by the following registry DWORD value 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters\LogFileMaxSize'; the default is 20000000 bytes.  The current maximum size is 20000000 bytes.  To set a different maximum size, create the above registry value and set the desired maximum size in bytes.
    2019年8月24日 7:41

全部回复

  • 因为你有多个dc,这个报错的大意就是当计算机加入域时,该计算机可能知道也可能不知道它所在的AD站点。即使它认为它知道AD站点,它甚至可能不在正确的AD站点中。

    并且出现问题的计算机已经在日志'%SystemRoot%\ debug \ netlogon.log'记录来,其中的关键信息行是“NO_CLIENT_SITE:”

    同时朋友可以参考下列连接

    https://jorgequestforknowledge.wordpress.com/2011/01/27/dc-locator-what-does-quot-no-client-site-quot-mean-in-netlogon-log/

    2019年8月24日 8:50
  • 你好,

    这种情况说明我们在AD站点和服务中定义的子网中,并没有将客户端的IP地址包含在任意一个子网,要解决这个问题,我们应该在AD站点和服务控制台中,为这些客户端地址创建相应的子网。

    https://support.microsoft.com/zh-cn/help/889031

    Best Regards,

    William


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    2019年8月26日 8:09
  • 你好,

    请问上面提供的信息对你是否有帮助?

    如果你需要更多的协助,你可以在论坛回帖告诉我们。

    Best Regards,

    William


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    2019年8月30日 9:40
  • 你好,

     

    你的问题解决了吗?

     

    如果您使用我们的解决方案解决了它,请“标记为答复”以帮助其他社区成员快速找到有用的回复。

    如果您使用自己的解决方案解决问题,请在此处分享您的经验和解决方案。对于有类似问题的其他社区成员来说,这将非常有益。

    如果不是,请回复并告诉我们当前的情况,以便提供进一步的帮助。

     

    此致,

    William


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    2019年9月3日 8:33