Had not specifically looked there, but had searched the registry for the rogue address, and didn't find it.
I just now did look in that part of the registry, with no result - it's not there. The weirdest thing about this is that the machine *will not* issue an echo-reply in response to an echo-request for the rogue address, but *will* respond to the echo-request or an ARP indicating it has the address. Very strange Kurt On Tue, Nov 23, 2010 at 21:14, Ken Schaefer <[email protected]> wrote: > Apologies if this was suggested before: IPv4 addresses seems to be stored in: > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces > > If you can find it in there, maybe nuke the relevant key and see if the > problem goes away? > > Cheers > Ken > > -----Original Message----- > From: Kurt Buff [mailto:[email protected]] > Sent: Wednesday, 24 November 2010 4:08 AM > To: NT System Admin Issues > Subject: Re: A real puzzler... > > Unfortunately, no. The machine holding the phantom IP address is a physical > box - the DC for the AU office. > > I'm just about on top of standing up a VM for a new DC, DCPROMO'ing down the > offending box and seeing what comes to light from that, and if that doesn't > resolve it, I may have the part-time guy scratch the box and re-install. > > Kurt > > On Tue, Nov 23, 2010 at 06:04, Kelsey, John <[email protected]> wrote: >> I had a similar problem to this on one of my VMs. It had to do with the way >> the vm box was connected to the lan. I had to set the vm nic load balancing >> to 'route based on IP hash' Until I did that, I had all kinds of strange >> issues with IP addresses mapping back to the wrong mac addresses. Not sure >> if it applies to your situation, but if your vm box has multiple network >> lines trunked up to a switch it might be something to look at. >> >> Thanks >> >> -----Original Message----- >> From: Kurt Buff [mailto:[email protected]] >> Sent: Monday, November 22, 2010 11:56 PM >> To: NT System Admin Issues >> Subject: Re: A real puzzler... >> >> Unfortunately, no. >> >> Already tried that - no phantom NIC. >> >> On Mon, Nov 22, 2010 at 15:56, Hilderbrand, Doug >> <[email protected]> wrote: >>> Try this trick from a previous ntsysadmin post. I bet you have a phantom >>> nic on that DC. >>> >>> <snip> >>> I never heard of this before, and just read it on the NT Sys Admin news >>> feed. >>> >>> …To work around this behavior and display phantom devices when you use the >>> Show hidden devices command: >>> Click Start, click Run, type cmd.exe, and then press ENTER. >>> Type set devmgr_show_nonpresent_devices=1, and then press ENTER. >>> Type Start DEVMGMT.MSC, and then press ENTER. >>> Click View, and then click Show Hidden Devices. >>> Expand the Network Adapters tree. >>> Right-click the dimmed network adapter, and then click Uninstall. >>> >>> >>> Definitely going into my bag o’ tricks. >>> <snip> >>> >>> >>> >>> Doug Hilderbrand | Systems Analyst, Information Technology | Crane >>> Aerospace & Electronics >>> >>> >>> -----Original Message----- >>> From: Kurt Buff [mailto:[email protected]] >>> Sent: Tuesday, November 16, 2010 4:49 PM >>> To: NT System Admin Issues >>> Subject: Re: A real puzzler... >>> >>> On Tue, Nov 16, 2010 at 16:17, Ben Scott <[email protected]> wrote: >>>> On Tue, Nov 16, 2010 at 7:03 PM, Kurt Buff <[email protected]> wrote: >>>>> So, I'm away from the office in a VMWare class, and find that the >>>>> part time IT guy in the office did a test, and it seems to confirm >>>>> that the DC is holding onto 192.168.61.30. >>>> >>>> Well, that narrows it down quite a bit, which is a good thing. >>>> >>>> Did you ever try "ipconfig /all" and/or checking RRAS (Routing and >>>> Remote Access) on the suspect DC? I remember RRAS holding on to an >>>> IP address confused my minion once. >>>> >>>> -- Ben >>> >>> I did check those - RRAS has never been configured, and the results of your >>> suggested tests are below: >>> >>> H:\>ipconfig /all >>> >>> Windows IP Configuration >>> >>> Host Name . . . . . . . . . . . . : auad1 >>> Primary Dns Suffix . . . . . . . : example.com >>> Node Type . . . . . . . . . . . . : Hybrid >>> IP Routing Enabled. . . . . . . . : No >>> WINS Proxy Enabled. . . . . . . . : No >>> DNS Suffix Search List. . . . . . : example.com >>> >>> Ethernet adapter Local Area Connection: >>> >>> Connection-specific DNS Suffix . : >>> Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network >>> Connection >>> Physical Address. . . . . . . . . : 00-14-22-21-B2-87 >>> DHCP Enabled. . . . . . . . . . . : No >>> IP Address. . . . . . . . . . . . : 192.168.61.31 >>> Subnet Mask . . . . . . . . . . . : 255.255.255.0 >>> Default Gateway . . . . . . . . . : 192.168.61.1 >>> DNS Servers . . . . . . . . . . . : 192.168.61.31 >>> 192.168.10.191 >>> Primary WINS Server . . . . . . . : 192.168.61.31 >>> Secondary WINS Server . . . . . . : 192.168.10.191 >>> >>> H:\>getmac >>> >>> Physical Address Transport Name >>> =================== >>> ========================================================== >>> 00-14-22-21-B2-87 >>> \Device\Tcpip_{872C9721-6C4B-41FB-9D0F-53C3F8FDB82E} >>> Disabled Disconnected >>> >>> H:\>netsh -c interface show interface >>> >>> Admin State State Type Interface Name >>> --------------------------------------------------------------------- >>> ---- Enabled Unreachable Dedicated Local Area >>> Connection Enabled Unreachable Dedicated Local Area >>> Connection 2 Enabled Unreachable Internal Internal >>> Enabled Unreachable Loopback Loopback >>> >>> >>> H:\>netsh -c interface show alias >>> >>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ >>> <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >>> >>> --- >>> To manage subscriptions click here: >>> http://lyris.sunbelt-software.com/read/my_forums/ >>> or send an email to [email protected] >>> with the body: unsubscribe ntsysadmin >>> >>> >>> --------------------------------------------------------------------- >>> ----------- Check out the new Crane Aerospace & Electronics Newsroom! >>> http://newsroom.craneae.com >>> Like us on Facebook! >>> http://www.facebook.com/home.php?#!/pages/Crane-Aerospace-Electronics >>> /163305413682908 >>> >>> We value your opinion! How may we serve you better? >>> Please click the survey link to tell us how we are doing: >>> http://www.craneae.com/ContactUs/VoiceofCustomer.aspx >>> Your feedback is of the utmost importance to us. Thank you for your time. >>> --------------------------------------------------------------------- >>> ----------- Crane Aerospace & Electronics Confidentiality Statement: >>> The information contained in this email message may be privileged and >>> is confidential information intended only for the use of the >>> recipient, or any employee or agent responsible to deliver it to the >>> intended recipient. Any unauthorized use, distribution or copying of >>> this information is strictly prohibited and may be unlawful. If you >>> have received this communication in error, please notify the sender >>> immediately and destroy the original message and all attachments from your >>> electronic files. >>> --------------------------------------------------------------------- >>> ----------- >>> >>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ >>> <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >>> >>> --- >>> To manage subscriptions click here: >>> http://lyris.sunbelt-software.com/read/my_forums/ >>> or send an email to [email protected] >>> with the body: unsubscribe ntsysadmin >> >> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ >> <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >> >> --- >> To manage subscriptions click here: >> http://lyris.sunbelt-software.com/read/my_forums/ >> or send an email to [email protected] >> with the body: unsubscribe ntsysadmin >> >> This email and any files transmitted with it are confidential and intended >> solely for the use of the individual or entity to whom they are addressed. >> If you have received this email in error please notify the system manager. >> This message contains confidential information and is intended only for the >> individual named. If you are not the named addressee you should not >> disseminate, distribute or copy this e-mail. >> >> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ >> <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >> >> --- >> To manage subscriptions click here: >> http://lyris.sunbelt-software.com/read/my_forums/ >> or send an email to [email protected] >> with the body: unsubscribe ntsysadmin > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ > <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
