I have questions related to this specific event:
Index : 865
EntryType : Warning
InstanceId : 5802
Message : None of the IP addresses (192.168.254.17) of this Domain Controller map to the configured site 'North'.
While this may be a temporary situation due to IP address changes, it is generally
recommended that the IP address of the Domain Controller (accessible to machines in
its domain) maps to the Site which it services. If the above list of IP addresses is
stable, consider moving this server to a site (or create one if it does not already
exist) such that the above IP address maps to the selected site. This may require the
creation of a new subnet object (whose range includes the above IP address) which maps
to the selected site object.
Category : (0)
CategoryNumber : 0
ReplacementStrings : {North, 192.168.254.17}
Source : NETLOGON
TimeGenerated : 11/10/2018 4:45:42 PM
TimeWritten : 11/10/2018 4:45:42 PM
UserName :
The event was being logged repeatedly by a domain controller whose IPv4 address is not associated to the site it serves, as configured on Active Directory Sites and Services console. I supressed it by creating a /32 subnet object that maps to the served site, however I am wondering to know about the actual consequences.
- Why should the IPv4 address of the domain controller map to the site it serves?
- Why is such test being performed by Netlogon? Why is the recommendation generally recommended?
- Besides the event log, how would Active Directory infrastructure be impacted by such configuration mismatch?
Although the network infrastructure that links the sites consists of no more than a few meters of optic fibers and has low latency and high bandwidth, multiple sites were created in order to establish affinities between users and domain controllers while maintaning IPv4 addresses unchanged. It is a purpose of capacity management.
Under a test environment, a few Windows PowerShell lines may reproduce the issue.
DC1:
New-NetIPAddress -IPAddress 192.168.254.16 `
-InterfaceAlias Ethernet -AddressFamily IPv4 `
-Type Unicast -PrefixLength 24
Set-DnsClientServerAddress -InterfaceAlias Ethernet `
-ServerAddresses @('192.168.254.17','192.168.254.16')
Import-Module ServerManager
Install-WindowsFeature -IncludeManagementTools ("AD-Domain-Services")
Import-Module ADDSDeployment
$dsrm_password = ConvertTo-SecureString 'Pa$$w0rd' -AsPlainText -Force
Install-ADDSForest `
-DomainName 'contoso.com' `
-InstallDns `
-SafeModeAdministratorPassword $dsrm_password
#--------------
New-ADReplicationSite -Name 'North'
New-ADReplicationSite -Name 'South'
Get-ADReplicationSite -Identity 'Default-First-Site-Name' | `
Get-ADObject | Rename-ADObject -NewName 'CPD'
New-ADReplicationSubnet -Name '192.168.0.0/16' -Site 'CPD'
New-ADReplicationSubnet -Name '192.168.0.0/18' -Site 'North'
New-ADReplicationSubnet -Name '192.168.128.0/18' -Site 'South'
New-ADReplicationSiteLink -Name 'CPD-North' `
-SitesIncluded @('CPD', 'North') `
-InterSiteTransportProtocol IP `
-ReplicationFrequencyInMinutes 15 `
-OtherAttributes @{'Options'=5}
New-ADReplicationSiteLink -Name 'CPD-South' `
-SitesIncluded @('CPD', 'South') `
-InterSiteTransportProtocol IP `
-ReplicationFrequencyInMinutes 15 `
-OtherAttributes @{'Options'=5}
Get-ADReplicationSiteLink 'DEFAULTIPSITELINK' | Remove-ADReplicationSiteLink
DC2:
New-NetIPAddress -IPAddress 192.168.254.17 `
-InterfaceAlias Ethernet -AddressFamily IPv4 `
-Type Unicast -PrefixLength 24
Set-DnsClientServerAddress -InterfaceAlias Ethernet `
-ServerAddresses @('192.168.254.16','192.168.254.17')
Import-Module ServerManager
Install-WindowsFeature -IncludeManagementTools ("AD-Domain-Services")
Import-Module ADDSDeployment
$dsrm_password = ConvertTo-SecureString 'Pa$$w0rd' -AsPlainText -Force
Install-ADDSDomainController `
-InstallDns `
-SiteName 'North' `
-DomainName 'contoso.com' `
-SafeModeAdministratorPassword $dsrm_password `
-Credential (Get-Credential)
#--------------
Get-EventLog -LogName 'System' -InstanceId 5802 -Newest 1
No comments:
Post a Comment