No, there's no wireless there. Thanks for the suggestion though!
IP address conflict
- Thread starter brockalee
- Start date
YeOldeStonecat
Well-Known Member
- Reaction score
- 6,698
- Location
- Englewood Florida
Hmmm...guessing we're back to the "ghost" NICs. Have you compared the MAC against ALL the NICs on the server..even the disabled ones?
angry_geek
Well-Known Member
- Reaction score
- 46
- Location
- herrin, il
I may have missed if this was asked, but I have 2 questions.
1: Are there any virtual nics on this machine? (also check hidden devices)
2: Is DRAC or another Dell utility configured with that IP?
Edit: Also, some isp's don't give you a public address. There is a potential they have a router upstream handing out private addresses in order to conserve their public IP's. If this is the case, you could have another customer on the same node that is causing you issues. If that's the case, you can set up another network with a different range. Granted, I don't think this is your issue. This is extremely rare, and, even then, it's only small weirdo isp's that do this.
1: Are there any virtual nics on this machine? (also check hidden devices)
2: Is DRAC or another Dell utility configured with that IP?
Edit: Also, some isp's don't give you a public address. There is a potential they have a router upstream handing out private addresses in order to conserve their public IP's. If this is the case, you could have another customer on the same node that is causing you issues. If that's the case, you can set up another network with a different range. Granted, I don't think this is your issue. This is extremely rare, and, even then, it's only small weirdo isp's that do this.
Last edited:
http://imageshack.us/photo/my-images/21/screenshotnbp.png
Here's a screenshot of the NIC's installed. The AV created a miniport for each NIC as well.
I did check the disabled ones - no MAC match. I also checked a dell utility - Dell OpenManage Server Administrator and it has a BMC (Baseboard Management Controller) installed for a remote utility function, but doesn't appear to be enabled, has no IP, and the MAC does not match the offending one.
Now what you mentioned about the ISP interests me. They go through an AT&T reseller - TW Telcom. Here's the current router setup and info from the data sheet they sent upon setup.
Router Current Setup - External Network:
IP Address - 173.xxx.xx.14
Subnet Mask - 255.255.255.252
Gateway - 173.xxx.xx.13
Technical Information from ISP:
Assigned LAN Netblock: 173.xxx.xx.12/30
Subnet Mask: 255.255.255.252
LAN Ethernet usable IPs: 173.xxx.xx.14
You can use this on your LAN (PC, Workstation, Firewall, etc)
Default Gateway for LAN Netblock: 173.xxx.xx.13
This will be the IP that all devices use as a default route or gateway for your LAN back to the router
Please manually configure your NIC in the equipmentment connection to TW Telecom for Speed=Auto Detect
(I don't know that there is a way to modify the port speed for the Firebox Edge.)
YeOldeStonecat
Well-Known Member
- Reaction score
- 6,698
- Location
- Englewood Florida
Public IP on your firewall, it's doing NAT, so routing 192.168.0.xxx traffic out the firewall shouldn't happen.
The Dell iDrac port...confirmed that it's not plugged in?
Not familiar with the latest Trend Micro on a server..but try disabling the miniports it made for those additional 3x NICs that are disabled.
The Dell iDrac port...confirmed that it's not plugged in?
Not familiar with the latest Trend Micro on a server..but try disabling the miniports it made for those additional 3x NICs that are disabled.
YeOldeStonecat
Well-Known Member
- Reaction score
- 6,698
- Location
- Englewood Florida
As an added note....in the past, I recall one situation at a network I was troubleshooting....sporadic random internet drops, IP conflict messages. Ensured no rogue unauthorized devices on the LAN, ensure only server and known devices had static IPs...rest were DHCP. Ended up swapping out the switch....problem went away. Bad memory in the switch causing corrupt
MAC tables? Dunno.
MAC tables? Dunno.
angry_geek
Well-Known Member
- Reaction score
- 46
- Location
- herrin, il
What he said.................
Slaters Kustum Machines
Well-Known Member
- Reaction score
- 2,498
- Location
- Iowa
As an added note....in the past, I recall one situation at a network I was troubleshooting....sporadic random internet drops, IP conflict messages. Ensured no rogue unauthorized devices on the LAN, ensure only server and known devices had static IPs...rest were DHCP. Ended up swapping out the switch....problem went away. Bad memory in the switch causing corrupt
I'm not familiar with higher end network hardware, but was this a managed switch were it could be "reset"? Is it possible for a MAC table to get corrupted without a memory corruption?
Server went down again 4AM this morning. This time it was down for over 4 hours. I wasn't able to access via Logmein, but had someone login on-site and as soon as they logged in to the server, connectivity was restored... Coincidence?
I'm curious about the iDRAC. It is not showing up in the hardware list, as shown in the pic, but could it still be using resources causing errors? Is the only way to configure the DRAC port from the console accessed on boot?
I'm curious about the iDRAC. It is not showing up in the hardware list, as shown in the pic, but could it still be using resources causing errors? Is the only way to configure the DRAC port from the console accessed on boot?
Encrypted Existence
Well-Known Member
- Reaction score
- 87
I am gonna assume that you haven't been able to look yet but...event viewer?
Same blasted IP conflict error. I'm thinking about just changing the IP of the server.
Martyn
Well-Known Member
- Reaction score
- 116
- Location
- Bedfordshire UK
At this point I would probably stick Wireshark on the server nic and see if you can glean some more info. Even filter down to specific mac addresses.
YeOldeStonecat
Well-Known Member
- Reaction score
- 6,698
- Location
- Englewood Florida
I'll guess it's possible. I'm trying to recall the situation I had a while ago...quite a while ago. I believe we had power cycled the switch many times....problem went away for a day...or two..and then came back. Power cycle switch...problem gone...came back. Replaced switch with a loaner (we keep loaners around the shop)...problem didn't come back. Ordered and installed new switch for client.
On yet another note...I had many horrible issues with Broadcom XTreme NICs and Server 2003. Driver related. I didn't have issues like the OP here...but I did have issues with it loading properly..causing painfully long server reboots since SBS is a DN thus needs DNS services running before many other services load. Happened across 4 or 5 clients that I had installed HP Proliant ML350...oh, G4 I think...servers at. Server 03 and Broadcom NICs. I found quite a few similar complaints at various tech forums including HP's forums. I installed Intel NICs and problems went away. From then on, I ordered Dell and HP servers configured with optional Intel NICs...and never had the problem again. Since Server 08 came out I've not had issues with Broadcom NICs.
So, I forget if the OP mentioned updated drivers from Dells site on this server..but perhaps try that. I prefer to do this onsite instead of remotely in case the server loses its IP settings (it's happened)...
Update number.... I've lost count. Went on-site and did some stuff.
Unplugged every cable from the switch except the server and hooked up a different router. The router showed a connection of the bad MAC, 00:1c:23:5d:xx:xx. It listed its connection type as "computer" and "wired" but "disconnected".
For good measure I enabled and checked the MAC addresses for the 2 integrated and 2 add-in cards, still nothing matching.
I rebooted the server and checked the configuration of the DRAC utility, but it made no reference to the MAC address above, and listed the connection type as "shared" (other option was failover).
I installed Wireshark and let it run for about 30 seconds. Awesome tool. It showed several errors regarding the rogue MAC.
The below were highlighed by red background.
Source - 0.0.0.0
Destination - 255.255.255.255
Protocol - BOOTP
Length - 342
Info - Boot Request from 00:1c:23:5d.xx.xx (Dell_5d:XX:XX)
In another area, the following message would repeat about 10 times:
Source - Dell_5d:69:c2
Destination - Spanning-tree-(for-bridges)_00
Protocol - STP
Length - 60
Info - Conf. Root = 32768/0/00:1c:23:5d:XX:XX cost = 0 Port = 0x8025
Followed by one of these:
Destination - LLDP_Multicast
Protocol - LLDP
Length - 60
Info - Chassis Id = 00:1c:23:5d:xx:xx Port Id = e37 TTL - 120
This pattern repeated scores of times.
I was in the process of disabling the Trend-Micro miniports and all went well until I disabled the one mirrored to the active network card... NOOOO.... I was kicked out. Now I have to drive across town on the weekend maybe to get one of the employees to meet me there and re-enable it. Or tell them how to.
*sigh*
So that's a no-no. Don't ever disable your AV's miniport (I suppose that's used for firewall purposes.)
Ok, so now what to do with this wealth of information?
Unplugged every cable from the switch except the server and hooked up a different router. The router showed a connection of the bad MAC, 00:1c:23:5d:xx:xx. It listed its connection type as "computer" and "wired" but "disconnected".
For good measure I enabled and checked the MAC addresses for the 2 integrated and 2 add-in cards, still nothing matching.
I rebooted the server and checked the configuration of the DRAC utility, but it made no reference to the MAC address above, and listed the connection type as "shared" (other option was failover).
I installed Wireshark and let it run for about 30 seconds. Awesome tool. It showed several errors regarding the rogue MAC.
The below were highlighed by red background.
Source - 0.0.0.0
Destination - 255.255.255.255
Protocol - BOOTP
Length - 342
Info - Boot Request from 00:1c:23:5d.xx.xx (Dell_5d:XX:XX)
In another area, the following message would repeat about 10 times:
Source - Dell_5d:69:c2
Destination - Spanning-tree-(for-bridges)_00
Protocol - STP
Length - 60
Info - Conf. Root = 32768/0/00:1c:23:5d:XX:XX cost = 0 Port = 0x8025
Followed by one of these:
Destination - LLDP_Multicast
Protocol - LLDP
Length - 60
Info - Chassis Id = 00:1c:23:5d:xx:xx Port Id = e37 TTL - 120
This pattern repeated scores of times.
I was in the process of disabling the Trend-Micro miniports and all went well until I disabled the one mirrored to the active network card... NOOOO.... I was kicked out. Now I have to drive across town on the weekend maybe to get one of the employees to meet me there and re-enable it. Or tell them how to.
*sigh*
So that's a no-no. Don't ever disable your AV's miniport (I suppose that's used for firewall purposes.)
Ok, so now what to do with this wealth of information?
Can we step back a moment and start from the beginning? We know there is an SBS server with several nics, a switch, several computers and a printer involved. Are there any other network devices? I'm asking because I see they have spanning tree turned on at the power edge switch which usually indicates there are multiple switches with multiple routes. The last message also shows the conflict is coming from a bootp device on port 37. What device is connected to that port? Also what is the ipaddress of the switch itself?
I think I would start at whatever device is connected to port 37 and check the bios setup for BOOTP and turn it off and/or set to DHCP static. I would then check each device for the same and also ensure nothing is serving BOOTP. If there is only one switch on this network then I would also look at turning off spanning tree.
The switch being an issue is an absolute possibility! I did NOT take the switch out of the equation when I did my troubleshooting. Something I didn't think of until the drive home.
There, at one time, was a Barracuda spam firewall installed, but they are using a hosted spam solution now and the Barracuda is no longer plugged in.
OK thanks in advance for the patience in understanding the situation and solutions you mentioned.
1) How/where do you turn off spanning tree protocol? Is that on the switch or server?
2) How do I find the IP of the switch, or could it even be the same as the server?
3) The reference to "Port 37" is that the number port in the 48 port switch?
4) And the BOOTP should be as simple as turning off or reconfiguring bootstrap protocol in the BIOS? I don't recall seeing that in the BIOS, but I can take another look.
5) You mentioned configuring it for "DHCP static" you mean set the IP address manually for the BOOTP?
Encrypted Existence
Well-Known Member
- Reaction score
- 87
Answers to the best of my knowledge:
1. on the switch
2. You will need to have a look at the switches configuration...log in through its web interface or you may have to plug directly into the device (switch).
I don't know the answers to the rest of the questions. Best of luck.
1. on the switch
2. You will need to have a look at the switches configuration...log in through its web interface or you may have to plug directly into the device (switch).
I don't know the answers to the rest of the questions. Best of luck.
