Solved

Reserved IP address taken by unknown device

Posted on 2014-01-07
9
639 Views
Last Modified: 2014-01-09
Hello All,

I have an odd issue, recently I moved all printers from a Windows server 2008 VM to a physical 2008 R2 server with Print management role installed. It all went smoothly except for one of the Multifunction printers which has decided not to print.

The strange thing I found is that I can ping the IP Address of the MFP when the LAN cable is out leading me to believe that another device has taken this IP. Strange thing is that this is a reserved address on our DHCP server. The MFP will print after I pull out and replace the power cable for 5 minutes then it will stop printing again shortly after, I have 2 of of these devices which are Olivetti MF250 Colour MFPs, the other one works fine and I can access the the web interface with no problem.

I have run every command I can think of to find out which host has this IP address, nbtstat -A <ipaddress>, NSLOOKUP <ipaddress> even tried traceroute. Our spice works can find it either. It's driving me nuts. This particular IP address is configured on the device so it must have this IP so I can't simply change it.

so in nut shell......

Moved printer from a VM, the MFP worked before then
Its now on a Physical box, 2008 R2 print server
I can ping the IP address and get a response when LAN cable is out
CMDs have  been no help.

If any one has any ideas I'd appreciate the help

Thanks


John
0
Comment
Question by:gam1002
9 Comments
 
LVL 53

Expert Comment

by:Will Szymkowski
Comment Utility
Few things you can do are...
- unplug your device that you use run a ping -a <ip> (this will give you the FQDN or try and resolve the netbios name, which might help in determining it).

If no netbios name is returned it might be a network appliance, from my personal experience they do not like to return status unless they are configured to.

You could also check DNS Manager and see what IP has been registered with the same IP you are using.

Even though you are using a reservation someone still could mistakenly add a static address of the IP you are using to a network device.

Will.
0
 
LVL 11

Expert Comment

by:Miftaul
Comment Utility
Similar issue happened to me once. Here was what worked for me.
Unplug the printer and ping the ip to find out what is the mac address of the device responding. Do an oui search, to have a good guess on the type of device holding the researved ip.

For me it was a new cisco switch that a fello colleague connected unknowingly, which took reserved ip of a workstation running some special software.

I did "sh mac-" and "sh arp"  to trace the mac until i found the port connecting the device.

There must be smarter ways, it was my manual effors.
0
 
LVL 1

Author Comment

by:gam1002
Comment Utility
Hi will,

Thanks for your response, I have tried all those things. What we have here is a ghost of sorts.

Nothing shows up in DNS manager or DHCP manager other than the reserved IP details. I have just turned off all Printers and PCs in the company and still I get a response from ping. I've removed the reservation and re added it with no luck, these lease list only shows one count and if delete it from the lease list which in-turn deletes the reservation itself, and I can still Ping it.

The IP address is 10.0.0.201, I can ping this no matter what, but nothing I do tells me what is using it. I've used all cmd lines relevant. I've also released the DNS cache too.

Nslookup says domain is non-existent for this IP

Another thing I should mention is that i have just moved our Trend Antivirus software to the same physical server, I don't think this is causing the issue as the other exact same MFP is working. I've checked all network cards and they are all automatically assigned by DHCP.


Very Confusing.

John
0
 
LVL 37

Expert Comment

by:Bing CISM / CISSP
Comment Utility
> I can ping the IP address and get a response when LAN cable is out

that does mean another host is using the given IP address.

if there is only one subnet and all hosts are in the same subnet, you may use Miftaul's suggestion to find out the hiding device.

another way is to check your DHCP manager to see which host is using the IP.
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 11

Expert Comment

by:Miftaul
Comment Utility
Did you try within your switch fablic, which port is that particular ip sourcing from. That way we could narrow down the possiblity.

If we could find the port, we can then concentrete on the device connecting to that port to check whats going on.
0
 
LVL 3

Accepted Solution

by:
markc56 earned 500 total points
Comment Utility
On your Cisco switch you can find the port by:

sh arp | include [ip address]

then

sh mac address-table | include [mac address]

this should return the switch port that the device is connected on. Any documenation on the switch ports should be able to trace back to device, room number, etc.
0
 
LVL 4

Expert Comment

by:Niabingi
Comment Utility
the fact that you should down all the devices and still able to ping sounds like a network appliance, switch, hub,
Markc56 suggestion should work.
0
 
LVL 1

Author Closing Comment

by:gam1002
Comment Utility
Thanks for your help, weirdest issue I've ever had.
0
 
LVL 11

Expert Comment

by:Miftaul
Comment Utility
What device was taking the ip. Was that any network device.
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Suggested Solutions

So, you're experiencing issues on your network and you've decided that you need to perform some tests to determine whether your cabling is good.  You're likely thinking that you may need to spend money which you probably don't have on hiring/purchas…
Resolve DNS query failed errors for Exchange
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now