I have a weird issue that popped up on our network.
Once or twice a week a user (it's always a different user) would complain about not being able to communicate to our Small Business Server 2003 that handles Exchange, DNS and file sharing, essentially cutting the machine off from any sort of network communication.
When I check the ARP table on that particular server there is a static ARP entry mapped to the IP address of the workstation in question with a completely different MAC address. If I manually delete the static entry the machine is back online. The weird thing is that it's always a different machine that has this problem.
For the life of me I can't figure out what's setting these static ARP entries on the server and forcing me every time to go in and remove it manually to bring the workstation back online.
Our environment is fairly small (20 workstations and 2 servers).
Any help is appreciated.
Best Answer
Try to identify if the MAC address belongs to any equipment on your network. You can lookup vendor addresses here.
Do you have a wireless access point on your network, is it secured? look for the MAC addresses of any connected devices. You can normally view these from the access point.
Do you have any virtual machines running on any of the workstations or servers?
Is it always the same MAC address that appears in the arp table?
What about the arp caches on your network switch and router ( if they let you view them) do the IP/MACs correspond with the table on your server at the time you have an issue? Does powercycling the switch/ router make any difference?