Expiring Today—Celebrate National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17


Reserved IP address taken by unknown device

Posted on 2014-01-07
Medium Priority
Last Modified: 2014-01-09
Hello All,

I have an odd issue, recently I moved all printers from a Windows server 2008 VM to a physical 2008 R2 server with Print management role installed. It all went smoothly except for one of the Multifunction printers which has decided not to print.

The strange thing I found is that I can ping the IP Address of the MFP when the LAN cable is out leading me to believe that another device has taken this IP. Strange thing is that this is a reserved address on our DHCP server. The MFP will print after I pull out and replace the power cable for 5 minutes then it will stop printing again shortly after, I have 2 of of these devices which are Olivetti MF250 Colour MFPs, the other one works fine and I can access the the web interface with no problem.

I have run every command I can think of to find out which host has this IP address, nbtstat -A <ipaddress>, NSLOOKUP <ipaddress> even tried traceroute. Our spice works can find it either. It's driving me nuts. This particular IP address is configured on the device so it must have this IP so I can't simply change it.

so in nut shell......

Moved printer from a VM, the MFP worked before then
Its now on a Physical box, 2008 R2 print server
I can ping the IP address and get a response when LAN cable is out
CMDs have  been no help.

If any one has any ideas I'd appreciate the help


Question by:gam1002
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
LVL 53

Expert Comment

by:Will Szymkowski
ID: 39762686
Few things you can do are...
- unplug your device that you use run a ping -a <ip> (this will give you the FQDN or try and resolve the netbios name, which might help in determining it).

If no netbios name is returned it might be a network appliance, from my personal experience they do not like to return status unless they are configured to.

You could also check DNS Manager and see what IP has been registered with the same IP you are using.

Even though you are using a reservation someone still could mistakenly add a static address of the IP you are using to a network device.

LVL 11

Expert Comment

ID: 39762755
Similar issue happened to me once. Here was what worked for me.
Unplug the printer and ping the ip to find out what is the mac address of the device responding. Do an oui search, to have a good guess on the type of device holding the researved ip.

For me it was a new cisco switch that a fello colleague connected unknowingly, which took reserved ip of a workstation running some special software.

I did "sh mac-" and "sh arp"  to trace the mac until i found the port connecting the device.

There must be smarter ways, it was my manual effors.

Author Comment

ID: 39762770
Hi will,

Thanks for your response, I have tried all those things. What we have here is a ghost of sorts.

Nothing shows up in DNS manager or DHCP manager other than the reserved IP details. I have just turned off all Printers and PCs in the company and still I get a response from ping. I've removed the reservation and re added it with no luck, these lease list only shows one count and if delete it from the lease list which in-turn deletes the reservation itself, and I can still Ping it.

The IP address is, I can ping this no matter what, but nothing I do tells me what is using it. I've used all cmd lines relevant. I've also released the DNS cache too.

Nslookup says domain is non-existent for this IP

Another thing I should mention is that i have just moved our Trend Antivirus software to the same physical server, I don't think this is causing the issue as the other exact same MFP is working. I've checked all network cards and they are all automatically assigned by DHCP.

Very Confusing.

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

LVL 37

Expert Comment

ID: 39762788
> I can ping the IP address and get a response when LAN cable is out

that does mean another host is using the given IP address.

if there is only one subnet and all hosts are in the same subnet, you may use Miftaul's suggestion to find out the hiding device.

another way is to check your DHCP manager to see which host is using the IP.
LVL 11

Expert Comment

ID: 39762797
Did you try within your switch fablic, which port is that particular ip sourcing from. That way we could narrow down the possiblity.

If we could find the port, we can then concentrete on the device connecting to that port to check whats going on.

Accepted Solution

markc56 earned 2000 total points
ID: 39763034
On your Cisco switch you can find the port by:

sh arp | include [ip address]


sh mac address-table | include [mac address]

this should return the switch port that the device is connected on. Any documenation on the switch ports should be able to trace back to device, room number, etc.

Expert Comment

ID: 39763163
the fact that you should down all the devices and still able to ping sounds like a network appliance, switch, hub,
Markc56 suggestion should work.

Author Closing Comment

ID: 39768047
Thanks for your help, weirdest issue I've ever had.
LVL 11

Expert Comment

ID: 39768207
What device was taking the ip. Was that any network device.

Featured Post

Portable, direct connect server access

The ATEN CV211 connects a laptop directly to any server allowing you instant access to perform data maintenance and local operations, for quick troubleshooting, updating, service and repair.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Trying to figure out group policy inheritance and which settings apply where can be a chore.  Here's a very simple summary I've written which might help.  Keep in mind, this is just a high-level conceptual overview where I try to avoid getting bogge…
An article on effective troubleshooting
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

718 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question