Server 2003 - Static arp entrys adding themselves

Posted on 2007-08-08
Last Modified: 2008-02-07
I work at an education office and we have ~25 sites (physical locations) we support tech-wise. Each of these sites has a uniform domain controller, running Windows Server 2003, and are automatically updated (WSUS). Each of these sites are connected via a WAN, which we are connected to (our office). These servers also act as local DHCP and DNS servers.

We've been having an issue lately on some of our servers where every now and then, a pc or laptop (doesn't seem to be model related) cannot ping the domain controller (and vice versa), but can ping any other address. All the pc's / laptops are windows XP Pro SP2, and are also kept up to date with WSUS.

Here are circumstances in which the PC's laptops cannot ping the server, but can ping anything else, i'll use a specific case i'm working on at the moment for elaborating on as far as IP's go:

-Leaving on DHCP (gets IP of
-Setting a static IP which is the same as the DHCP address (

Here are circumstances where they can ping the domain controller and everything else:

-Setting a DHCP reservation different to the usual address (-ie
-Setting a static IP different to the usual address (-ie-

Untill recently, the only fix to the issue that worked was resetting the domain controller, which obviously is far from optimal. We had tried resetting the machine in question, deleting the DNS, DHCP entries on the server and resetting the Netlogon, DHCP and DNS services on the Server. Also tried ipconfig /release + /renew, releasing and re-registering with DNS on the machine, and running repairs on the NIC of the machine and also multiple resets.

Recently we found that the domain controller had a static ARP entry for the machine in question, and found that clearing the arp cache on the server fixed the issue (netsh interface ip delete arpcache)

Nobody manually adds static arp enteries on the server so i have no idea how they are getting there. Does anybody know why static arp entries are being added on the server, and if there is a better fix than remote desktoping to the servers and clearing the arp cache when the issue happens??

Thanks in advance
Question by:lukeod
    LVL 3

    Expert Comment

    Are you using 3Com Boot Services PXE?  If so, this is a known bug with that software running on Windows Server 2003.  Unfortunately, Symantec offers no support for this issue.  Let me know if you are running this, and I'll see if I can dig up a fix for you.

    Author Comment

    Yes we are using it on every server for ghost!! Wow, there you go, wouldnt have guessed it in a million years!! Thanks!!
    LVL 3

    Accepted Solution

    Unfortunately, there seems to be no fix for the software directly.

    After a bit of research, I've found only 2 possible solutions.  First, is to stop using 3Com Boot Services - not surprisingly, quite a few sites have suggested that you switch to their own software package instead.  I suppose choosing another and upgrading to it would work.

    The other "solution" is to schedule an arp -d to run every 10 minutes.  As long as you don't use any static ARPs (intentionally anyway) this shouldn't cause a problem.  It will increase the number of ARP requests slightly, but the total additional network traffic should be negligible.  The dynamic ARP entries expire after 10 minutes anyway.

    Author Comment

    Okay i'll look into both options, thankyou!

    Featured Post

    How to run any project with ease

    Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
    - Combine task lists, docs, spreadsheets, and chat in one
    - View and edit from mobile/offline
    - Cut down on emails

    Join & Write a Comment

    It is a known fact that servers reach the end of their lives. Some get there quicker than others, based on age, manufacturer, usage and several other factors. However, if your organization has spent time deploying Microsoft's Active Directory server…
    I guess it is not common knowledge to most Wintel engineers/administrators: If you have an SNMP-based monitoring system in your environment (and it's common to have SNMP or Syslog) it's reasonably easy to enable monitoring of the Windows Event logs,…
    This video discusses moving either the default database or any database to a new volume.
    Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…

    728 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    23 Experts available now in Live!

    Get 1:1 Help Now