IP Address conflicts

it2bit2b Member Posts: 117
in MCTS / MCITP on Windows 2008 General
I have a new 2008 server in my DMZ to replace a server I am removing. I gave the new server the IP address of the old, and took the old server off line.

The server 2008 thinks there is a duplicate IP on the network and will not connect. I can give it any other address and it works fine.

I flushed all the caches and rebooted several times. I can't ping the address it thinks is still out there.

I'm sure this is a problem with the new server. Any ideas?
· Share on FacebookShare on Twitter

Comments

  • dynamikdynamik Banned Posts: 12,312 ■■■■■■■■■□
    Try going to the network connection itself and choosing diagnose. The performs a battery of tests and cleans out other areas you may have overlooked. Any chance you have multiple NICs in that machine and accidentally assigned that IP to two of them?
    · Share on FacebookShare on Twitter
  • it2bit2b Member Posts: 117
    I did the diagnose and repair, but no dice. There is a second NIC, but it's not configured and disabled at present.

    I'm wondering if I should disable APIPA. I read there is a reg hack for that in W2K8. IPCONFIG shows the server giving itself an APIPA address as (prefered) and my static address with (Duplicate).
    · Share on FacebookShare on Twitter
  • it2bit2b Member Posts: 117
    Solution after a call to MS and the company who manages our Firewall:
    Disable proxy arp on the firewall
    Add IP address to the server
    Enable proxy arp on the firewall.

    Life is good again.
    · Share on FacebookShare on Twitter
  • dynamikdynamik Banned Posts: 12,312 ■■■■■■■■■□
    Weird. I hadn't heard of that happening before. Thanks for posting the solution :D
    · Share on FacebookShare on Twitter
  • jamesp1983jamesp1983 Member Posts: 2,475 ■■■■□□□□□□
    hmm, interesting
    "Check both the destination and return path when a route fails." "Switches create a network. Routers connect networks."
    · Share on FacebookShare on Twitter
  • RobertKaucherRobertKaucher Member Posts: 4,299 ■■■■■■■■■■
    it2b wrote: »
    Solution after a call to MS and the company who manages our Firewall:
    Disable proxy arp on the firewall
    Add IP address to the server
    Enable proxy arp on the firewall.

    Life is good again.

    I was actually going to suggest flushing the arp cache on your firewall. Glad I was right, but it sucks I didn't get to post it before you found the answer! I have seen this exactly once before and it was proxy arp.

    What brand is the firewall?
    · Share on FacebookShare on Twitter
  • it2bit2b Member Posts: 117
    It's an older Cisco Pix I believe.
    · Share on FacebookShare on Twitter
  • dynamikdynamik Banned Posts: 12,312 ■■■■■■■■■□
    RobertKaucher wrote: »
    I was actually going to suggest flushing the arp cache on your firewall. Glad I was right

    Oh yea, it's really easy to declare you're right after the solution was posted, isn't it? ;)
    · Share on FacebookShare on Twitter
  • RobertKaucherRobertKaucher Member Posts: 4,299 ■■■■■■■■■■
    dynamik wrote: »
    Oh yea, it's really easy to declare you're right after the solution was posted, isn't it? ;)

    It sure is! icon_wink.gif
    · Share on FacebookShare on Twitter
  • it2bit2b Member Posts: 117
    Hey, guess what? When you re-enable proxy arp and the server gets rebooted, you get the problem back.

    My Cisco guys blames server 08. Microsoft blames the PIX firewall.

    Funny thing is, I can give the address in question to an XP laptop and a W2K server and they don't have the issue.

    The problem is very similar to this old article I found:
    Event IDs 8032 and 8021 are recorded, and you cannot contact a Windows 2000-based computer on your local network segment

    I need Proxy ARP enabled so we can copy files to and from the internal network to the DMZ server.
    · Share on FacebookShare on Twitter
  • it2bit2b Member Posts: 117
    The problem might be that our IOS in the PIX is too old...

    The proxy ARP feature in the PIX 500 Series Firewall with software version 6.x creates communication issues in the local LAN
    The proxy ARP feature in the PIX 500 Series Firewall with software version 6.x creates communication issues in the local LAN - Ciscowiki
    · Share on FacebookShare on Twitter
  • it2bit2b Member Posts: 117
    This appears to have worked after a reboot without having to touch the PIX:

    For conflict detection, the client computer uses the Address Resolution Protocol (ARP) request to determine whether the IP address is being used. However, a ProxyArp device might incorrectly answer the ARP request, and an IP address conflict is reported.
    When this problem occurs, the ProxyArp device responds to all ARP requests.
    To work around this problem, we can turn off gratuitous ARP by setting the value of the ARPRetryCount registry entry to 0. To do this, follow these steps.

    1. Click Start , type regedit in the Start Search box, and then press ENTER.
    2. Locate the following registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
    3. On the Edit menu, point to New , and then click DWORD Value .
    4. Type ArpRetryCount .
    5. Right-click the ArpRetryCount registry entry, and then click Modify .
    6. In the Value data box, type 0 , and then click OK .
    7. Exit Registry Editor.
    (reboot)
    · Share on FacebookShare on Twitter
Sign In or Register to comment.