Go Premium for a chance to win a PS4. Enter to Win


Reserved IP address taken by unknown device

Posted on 2014-01-07
Medium Priority
Last Modified: 2014-01-09
Hello All,

I have an odd issue, recently I moved all printers from a Windows server 2008 VM to a physical 2008 R2 server with Print management role installed. It all went smoothly except for one of the Multifunction printers which has decided not to print.

The strange thing I found is that I can ping the IP Address of the MFP when the LAN cable is out leading me to believe that another device has taken this IP. Strange thing is that this is a reserved address on our DHCP server. The MFP will print after I pull out and replace the power cable for 5 minutes then it will stop printing again shortly after, I have 2 of of these devices which are Olivetti MF250 Colour MFPs, the other one works fine and I can access the the web interface with no problem.

I have run every command I can think of to find out which host has this IP address, nbtstat -A <ipaddress>, NSLOOKUP <ipaddress> even tried traceroute. Our spice works can find it either. It's driving me nuts. This particular IP address is configured on the device so it must have this IP so I can't simply change it.

so in nut shell......

Moved printer from a VM, the MFP worked before then
Its now on a Physical box, 2008 R2 print server
I can ping the IP address and get a response when LAN cable is out
CMDs have  been no help.

If any one has any ideas I'd appreciate the help


Question by:gam1002
LVL 53

Expert Comment

by:Will Szymkowski
ID: 39762686
Few things you can do are...
- unplug your device that you use run a ping -a <ip> (this will give you the FQDN or try and resolve the netbios name, which might help in determining it).

If no netbios name is returned it might be a network appliance, from my personal experience they do not like to return status unless they are configured to.

You could also check DNS Manager and see what IP has been registered with the same IP you are using.

Even though you are using a reservation someone still could mistakenly add a static address of the IP you are using to a network device.

LVL 11

Expert Comment

ID: 39762755
Similar issue happened to me once. Here was what worked for me.
Unplug the printer and ping the ip to find out what is the mac address of the device responding. Do an oui search, to have a good guess on the type of device holding the researved ip.

For me it was a new cisco switch that a fello colleague connected unknowingly, which took reserved ip of a workstation running some special software.

I did "sh mac-" and "sh arp"  to trace the mac until i found the port connecting the device.

There must be smarter ways, it was my manual effors.

Author Comment

ID: 39762770
Hi will,

Thanks for your response, I have tried all those things. What we have here is a ghost of sorts.

Nothing shows up in DNS manager or DHCP manager other than the reserved IP details. I have just turned off all Printers and PCs in the company and still I get a response from ping. I've removed the reservation and re added it with no luck, these lease list only shows one count and if delete it from the lease list which in-turn deletes the reservation itself, and I can still Ping it.

The IP address is, I can ping this no matter what, but nothing I do tells me what is using it. I've used all cmd lines relevant. I've also released the DNS cache too.

Nslookup says domain is non-existent for this IP

Another thing I should mention is that i have just moved our Trend Antivirus software to the same physical server, I don't think this is causing the issue as the other exact same MFP is working. I've checked all network cards and they are all automatically assigned by DHCP.

Very Confusing.

New Tabletop Appliances Blow Competitors Away!

WatchGuard’s new T15, T35 and T55 tabletop UTMs provide the highest-performing security inspection in their class, allowing users at small offices, home offices and distributed enterprises to experience blazing-fast Internet speeds without sacrificing enterprise-grade security.

LVL 37

Expert Comment

ID: 39762788
> I can ping the IP address and get a response when LAN cable is out

that does mean another host is using the given IP address.

if there is only one subnet and all hosts are in the same subnet, you may use Miftaul's suggestion to find out the hiding device.

another way is to check your DHCP manager to see which host is using the IP.
LVL 11

Expert Comment

ID: 39762797
Did you try within your switch fablic, which port is that particular ip sourcing from. That way we could narrow down the possiblity.

If we could find the port, we can then concentrete on the device connecting to that port to check whats going on.

Accepted Solution

markc56 earned 2000 total points
ID: 39763034
On your Cisco switch you can find the port by:

sh arp | include [ip address]


sh mac address-table | include [mac address]

this should return the switch port that the device is connected on. Any documenation on the switch ports should be able to trace back to device, room number, etc.

Expert Comment

ID: 39763163
the fact that you should down all the devices and still able to ping sounds like a network appliance, switch, hub,
Markc56 suggestion should work.

Author Closing Comment

ID: 39768047
Thanks for your help, weirdest issue I've ever had.
LVL 11

Expert Comment

ID: 39768207
What device was taking the ip. Was that any network device.

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Are you one of those front-line IT Service Desk staff fielding calls, replying to emails, all-the-while working to resolve end-user technological nightmares? I am! That's why I have put together this brief overview of tools and techniques I use in o…
In this article, the configuration steps in Zabbix to monitor devices via SNMP will be discussed with some real examples on Cisco Router/Switch, Catalyst Switch, NAS Synology device.
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…

926 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question