I received a call from a user this morning regarding an ip address conflict. The message is as follows:
-------------------------------------------------
Event Type: Error
Event Source: Tcpip
Event Category: None
Event ID: 4199
Date: 5/30/2006
Time: 8:45:01 AM
User: N/A
Computer: OT-459
Description:
The system detected an address conflict for IP address 10.1.1.134 with the system having network hardware address 00:0A:5E:5C:47:BD. Network operations on this system may be disrupted as a result.
I examined my arp table to find the offending machine, only to find is was assigned a different IP address.
-------------------------------------------------
C:\WINDOWS\system32>arp -a
10.1.1.135 00-0a-5e-5c-47-bd dynamic
Next, I tried to pull the hostname from the IP address
C:\WINDOWS\system32>ping -a 10.1.1.134
Pinging mc-273bvt.mydomainname.ma.us [10.1.1.134] with 32 bytes of data:
Reply from 10.1.1.134: bytes=32 time<1ms TTL=128
-------------------------------------------------
That doesn’t match. What happens when I ping mc-273bvt?
C:\WINDOWS\system32>ping mc-273bvt
Pinging mc-273bvt.mydomainname.ma.us [10.1.3.172] with 32 bytes of data:
Reply from 10.1.3.172: bytes=32 time<1ms TTL=128
-------------------------------------------------
Okay, what if I try to ping the original machine…
C:\WINDOWS\system32>ping ot-459
Pinging OT-459.mydomainname.ma.us [10.1.1.134] with 32 bytes of data:
Reply from 10.1.1.134: bytes=32 time<1ms TTL=128
-------------------------------------------------
What is truly interesting is that if I nslookup the hostname, the address returned is always correct.
For a few weeks now, I have had sporadic complaints of duplicate IP addresses on the network. Can someone suggest where these crazy hostname resolutions are coming from?
-------------------------------------------------
Event Type: Error
Event Source: Tcpip
Event Category: None
Event ID: 4199
Date: 5/30/2006
Time: 8:45:01 AM
User: N/A
Computer: OT-459
Description:
The system detected an address conflict for IP address 10.1.1.134 with the system having network hardware address 00:0A:5E:5C:47:BD. Network operations on this system may be disrupted as a result.
I examined my arp table to find the offending machine, only to find is was assigned a different IP address.
-------------------------------------------------
C:\WINDOWS\system32>arp -a
10.1.1.135 00-0a-5e-5c-47-bd dynamic
Next, I tried to pull the hostname from the IP address
C:\WINDOWS\system32>ping -a 10.1.1.134
Pinging mc-273bvt.mydomainname.ma.us [10.1.1.134] with 32 bytes of data:
Reply from 10.1.1.134: bytes=32 time<1ms TTL=128
-------------------------------------------------
That doesn’t match. What happens when I ping mc-273bvt?
C:\WINDOWS\system32>ping mc-273bvt
Pinging mc-273bvt.mydomainname.ma.us [10.1.3.172] with 32 bytes of data:
Reply from 10.1.3.172: bytes=32 time<1ms TTL=128
-------------------------------------------------
Okay, what if I try to ping the original machine…
C:\WINDOWS\system32>ping ot-459
Pinging OT-459.mydomainname.ma.us [10.1.1.134] with 32 bytes of data:
Reply from 10.1.1.134: bytes=32 time<1ms TTL=128
-------------------------------------------------
What is truly interesting is that if I nslookup the hostname, the address returned is always correct.
For a few weeks now, I have had sporadic complaints of duplicate IP addresses on the network. Can someone suggest where these crazy hostname resolutions are coming from?
