Server 2003 - Static arp entrys adding themselves
Posted on 2007-08-08
I work at an education office and we have ~25 sites (physical locations) we support tech-wise. Each of these sites has a uniform domain controller, running Windows Server 2003, and are automatically updated (WSUS). Each of these sites are connected via a WAN, which we are connected to (our office). These servers also act as local DHCP and DNS servers.
We've been having an issue lately on some of our servers where every now and then, a pc or laptop (doesn't seem to be model related) cannot ping the domain controller (and vice versa), but can ping any other address. All the pc's / laptops are windows XP Pro SP2, and are also kept up to date with WSUS.
Here are circumstances in which the PC's laptops cannot ping the server, but can ping anything else, i'll use a specific case i'm working on at the moment for elaborating on as far as IP's go:
-Leaving on DHCP (gets IP of 10.128.97.29)
-Setting a static IP which is the same as the DHCP address (10.128.97.65)
Here are circumstances where they can ping the domain controller and everything else:
-Setting a DHCP reservation different to the usual address (-ie 10.128.97.100)
-Setting a static IP different to the usual address (-ie- 10.128.97.90)
Untill recently, the only fix to the issue that worked was resetting the domain controller, which obviously is far from optimal. We had tried resetting the machine in question, deleting the DNS, DHCP entries on the server and resetting the Netlogon, DHCP and DNS services on the Server. Also tried ipconfig /release + /renew, releasing and re-registering with DNS on the machine, and running repairs on the NIC of the machine and also multiple resets.
Recently we found that the domain controller had a static ARP entry for the machine in question, and found that clearing the arp cache on the server fixed the issue (netsh interface ip delete arpcache)
Nobody manually adds static arp enteries on the server so i have no idea how they are getting there. Does anybody know why static arp entries are being added on the server, and if there is a better fix than remote desktoping to the servers and clearing the arp cache when the issue happens??
Thanks in advance