Solved

Reserved IP address taken by unknown device

Posted on 2014-01-07
9
675 Views
Last Modified: 2014-01-09
Hello All,

I have an odd issue, recently I moved all printers from a Windows server 2008 VM to a physical 2008 R2 server with Print management role installed. It all went smoothly except for one of the Multifunction printers which has decided not to print.

The strange thing I found is that I can ping the IP Address of the MFP when the LAN cable is out leading me to believe that another device has taken this IP. Strange thing is that this is a reserved address on our DHCP server. The MFP will print after I pull out and replace the power cable for 5 minutes then it will stop printing again shortly after, I have 2 of of these devices which are Olivetti MF250 Colour MFPs, the other one works fine and I can access the the web interface with no problem.

I have run every command I can think of to find out which host has this IP address, nbtstat -A <ipaddress>, NSLOOKUP <ipaddress> even tried traceroute. Our spice works can find it either. It's driving me nuts. This particular IP address is configured on the device so it must have this IP so I can't simply change it.

so in nut shell......

Moved printer from a VM, the MFP worked before then
Its now on a Physical box, 2008 R2 print server
I can ping the IP address and get a response when LAN cable is out
CMDs have  been no help.

If any one has any ideas I'd appreciate the help

Thanks


John
0
Comment
Question by:gam1002
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
9 Comments
 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 39762686
Few things you can do are...
- unplug your device that you use run a ping -a <ip> (this will give you the FQDN or try and resolve the netbios name, which might help in determining it).

If no netbios name is returned it might be a network appliance, from my personal experience they do not like to return status unless they are configured to.

You could also check DNS Manager and see what IP has been registered with the same IP you are using.

Even though you are using a reservation someone still could mistakenly add a static address of the IP you are using to a network device.

Will.
0
 
LVL 11

Expert Comment

by:Miftaul
ID: 39762755
Similar issue happened to me once. Here was what worked for me.
Unplug the printer and ping the ip to find out what is the mac address of the device responding. Do an oui search, to have a good guess on the type of device holding the researved ip.

For me it was a new cisco switch that a fello colleague connected unknowingly, which took reserved ip of a workstation running some special software.

I did "sh mac-" and "sh arp"  to trace the mac until i found the port connecting the device.

There must be smarter ways, it was my manual effors.
0
 
LVL 1

Author Comment

by:gam1002
ID: 39762770
Hi will,

Thanks for your response, I have tried all those things. What we have here is a ghost of sorts.

Nothing shows up in DNS manager or DHCP manager other than the reserved IP details. I have just turned off all Printers and PCs in the company and still I get a response from ping. I've removed the reservation and re added it with no luck, these lease list only shows one count and if delete it from the lease list which in-turn deletes the reservation itself, and I can still Ping it.

The IP address is 10.0.0.201, I can ping this no matter what, but nothing I do tells me what is using it. I've used all cmd lines relevant. I've also released the DNS cache too.

Nslookup says domain is non-existent for this IP

Another thing I should mention is that i have just moved our Trend Antivirus software to the same physical server, I don't think this is causing the issue as the other exact same MFP is working. I've checked all network cards and they are all automatically assigned by DHCP.


Very Confusing.

John
0
Online Training Solution

Drastically shorten your training time with WalkMe's advanced online training solution that Guides your trainees to action. Forget about retraining and skyrocket knowledge retention rates.

 
LVL 37

Expert Comment

by:bbao
ID: 39762788
> I can ping the IP address and get a response when LAN cable is out

that does mean another host is using the given IP address.

if there is only one subnet and all hosts are in the same subnet, you may use Miftaul's suggestion to find out the hiding device.

another way is to check your DHCP manager to see which host is using the IP.
0
 
LVL 11

Expert Comment

by:Miftaul
ID: 39762797
Did you try within your switch fablic, which port is that particular ip sourcing from. That way we could narrow down the possiblity.

If we could find the port, we can then concentrete on the device connecting to that port to check whats going on.
0
 
LVL 3

Accepted Solution

by:
markc56 earned 500 total points
ID: 39763034
On your Cisco switch you can find the port by:

sh arp | include [ip address]

then

sh mac address-table | include [mac address]

this should return the switch port that the device is connected on. Any documenation on the switch ports should be able to trace back to device, room number, etc.
0
 
LVL 4

Expert Comment

by:Niabingi
ID: 39763163
the fact that you should down all the devices and still able to ping sounds like a network appliance, switch, hub,
Markc56 suggestion should work.
0
 
LVL 1

Author Closing Comment

by:gam1002
ID: 39768047
Thanks for your help, weirdest issue I've ever had.
0
 
LVL 11

Expert Comment

by:Miftaul
ID: 39768207
What device was taking the ip. Was that any network device.
0

Featured Post

Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Are you one of those front-line IT Service Desk staff fielding calls, replying to emails, all-the-while working to resolve end-user technological nightmares? I am! That's why I have put together this brief overview of tools and techniques I use in o…
Trying to figure out group policy inheritance and which settings apply where can be a chore.  Here's a very simple summary I've written which might help.  Keep in mind, this is just a high-level conceptual overview where I try to avoid getting bogge…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
Suggested Courses
Course of the Month5 days, 6 hours left to enroll

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question