We have been experiencing persistent connection issues with our Exchange server. Primary suspect for cause is another device with the same IP address as our Exchange server. Running the following commands I was able to discover the MAC address of suspected culprit:
1) arp -a <IP_Address> (recorded results)
2) arp -d <IP_Address>
3) ping <IP_Address>
4) arp -a <IP_Address> (compare results with #1)
Results from #1 and #4 had different MAC addresses listed. Once connection issues were temporarily cleared up I then connected to Exchange server and checked it's MAC address. We now have known correct address and possible culprit. Doing MAC address lookup we know duplicate device is a Dell, but that doesn't really help as we use all Dell desktops and laptops for our ~100 users on that subnet.
On to the question... Is there any possible way to determine what and where the device using the duplicate IP is? Are there any options on blocking this device from accessing the network?
The IP address is outside the scope of our DHCP server so we know it must be statically configured. One workaround we have started using for clients with connection issues is to delete the arp record and create a static arp entry with the correct MAC address. But this will work only for workstations; we won't be able to apply this workaround for all of our digital senders and devices configured to send alerts via SMTP. It would be too cumbersome to change the IP address of our Exchange server, we must find this conflicting device to correct and resolve our communication issues