do I need to create an AD site for VPN network
Posted
by
ykyri
on Server Fault
See other posts from Server Fault
or by ykyri
Published on 2013-07-01T06:33:19Z
Indexed on
2013/07/01
10:23 UTC
Read the original article
Hit count: 250
I have Windows Domain level 2008 R2. There are four GC DC
in four different physical locations. I have Kerio-based VPN network for replication and remote administration.
Here is how network configured:
dc1:
local IP: 192.168.0.10
VPN IP: 192.168.1.10
dc2:
local IP: 10.10.8.11
VPN IP: 192.168.1.11
dc3:
local IP: 10.10.9.12
VPN IP: 192.168.1.12
dc4:
local IP: 10.10.10.13
VPN IP: 192.168.1.13
That's simple, replication and all works fine but when running dcdiag
on dc3
I have an error:
A warning event occurred. EventID: 0x000016AF
During the past 4.12 hours there have been 216 connections to this Domain
Controller from client machines whose IP addresses don't map to any of the
existing sites in the enterprise.
<...>
The log(s) may contain additional unrelated debugging information.
To filter out the needed information, please search for lines which contain text
'NO_CLIENT_SITE:'. The first word after this string is the client name
and the second word is the client IP address.
Here is netlogon.log
lines example:
05/30 12:07:39 DOMAIN.NAME: NO_CLIENT_SITE: dc2 192.168.1.11
05/31 09:52:11 DOMAIN.NAME: NO_CLIENT_SITE: dc4 192.168.1.13
05/31 19:49:31 DOMAIN.NAME: NO_CLIENT_SITE: adm-note 192.168.1.101
07/01 05:16:26 DOMAIN.NAME: NO_CLIENT_SITE: dc1 192.168.1.10
All VPN-joined computers are generates same log line as above. Computer amd-note
is for example administrator's notebook, also have VPN.
Question is should I add new AD site and bind VPN subnet 192.168.1.0/24
with that site?
© Server Fault or respective owner