On Fri, Oct 29, 2010 at 23:24, Ben Scott <[email protected]> wrote: > On Sat, Oct 30, 2010 at 1:49 AM, Kurt Buff <[email protected]> wrote: >> I'm more than a little baffled by this one. > > It does sound weird. Random thoughts follow, no particular order, > sleep-deprived brain, so use at your own risk. :)
Understood... >> However, when I ping the IP address that the machine refuses to use, I >> get no answer. > > Maybe try nmap with a full port scan, see if anything else comes back? I tried angry IP scanner - not as god as nmap, but didn't get anything. >> When I use netmon on the VM in the AU office to capture ARP traffic, I >> get a MAC address that's for the DC. > > Do you see anything else for that IP address besides an ARP "is-at" message? Nothing... >> I've even fired up regedit on the DC to search for the IP address, and >> all I'm showing is the one it's supposed to have - 192.168.61.31 > > There are other ways to store IP addresses (e.g., binary data, or > outside the registry entirely), so that's not entirely conclusive. > > On the DC, check RRAS (Routing and Remote Access), see if .30 is > configured for dial-in or something like that. > > Check the following on the DC for clues: > > getmac > ipconfig /all > netsh -c interface show interface > netsh -c interface show alias > > Can you temporarily shut down the misbehaving DC (or disable its > switch port) and see if the ARP still comes back? Long shot, but > maybe something's spoofing it. I will try those commands, but can't really shut down the DC in the AU office - I don't have a way to start it remotely. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
