Can't find IP Conflict

I recently was notified of an address conflict on a new Win2k3 server I setup. The IP was obtained via DHCP, however when I look in my DNS leases, there is only one lease for the conflicted IP. Also, the MAC address that my server is reporting it is conflicting with does not show up when I do an IP scan to obtain all the MAC addresses.

All the switches in my network are HP ProCurve 2810's (48 and 24 port models), but I can't figure out how to use them to trap any traffic, specifically any related to the mac address in question.

Thoughts?
LVL 1
alan2938Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

GuruChiuCommented:
Things you described can happen for combination of reasons:

There is a device have its IP address statically setup. This won't show up in DHCP lease.

There is a device failure which cause it to response to IP address not belong to it. This is rare, and when it happen, usually it will response to any IP address.

IP Scan usually use ping, which many devices do not response.

There is a loop in the network.

That address is a virtual address, which share by more than one devices and each have their own real iP address.

To investigate the problem further, you should look at the ARP table at the router. This should give you the MAC address of the offending device. For the procurve, you can also use the command:
sh mac-address xxxxxx-xxxxxx

Which will give you the port which that last seen packets from such MAC address. You can use it to track down the offending device.

Good luck.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Rick_O_ShayCommented:
You should be able to look in the forwarding database of each switch to see what port that mac is active on.

With wireshark on any port in the same VLAN if you have them you can filter on that mac and see any broadcasts that come from it.
0
jhyieslaCommented:
If possible, take down the server or change it's IP.  Then see if you can still Ping the IP.  If you can, try accessing it via telnet or from a Browser.  If the device is something like a printer or other non-PC device, one of these suggestions may allow you access to the device so that you can ID it.
0
INTRODUCING: WatchGuard's New MFA Solution

WatchGuard is proud to announce the launch of AuthPoint, a powerful, yet simple, Cloud-based MFA service designed to eliminate the vulnerabilities that put your data, systems, and users at risk.

alan2938Author Commented:
Hoookay, this just got complicated. I found the port with the MAC address and traced it to one of my three ESX hosts. I'm running VSphere 4.0. The server reporting the IP address conflict is on the ESX host that I traced the problem to. A quick look at my virtual inventory shows that the only machine with that IP address is the one reporting the problem. It appears that it thinks it's conflicting with itself. Could this be possible?
0
GuruChiuCommented:
This is possible if there is some kind of network loop, or mis configured virtual IP address.
0
alan2938Author Commented:
Not sure how a loop could have occured. Physically, nothing was changed. I virtualized a physical machine, kept it running, and renamed the virtual version of the physical machine. They now have separate mac addresses, separate IPs, and separate domain accounts. The virtual IP address was obtained through DHCP, which is not assigned to any other system. The DHCP range does not overlap with my static IP range.
0
GuruChiuCommented:
Are you running any Windows clustering on any of the VM? Also check your ESX virtual switch configuration.

One final note, make sure you are not using one of those multicast IP address.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
DNS

From novice to tech pro — start learning today.