This week I have seen an interesting issue on Windows Servers 2008 /2012 . Just to let you know these are VM’s and I was unable to connect to these server. So I login on vCenter to check the windows host and found the server was having network error.
After checking the event viewer i found this error
The system detected an address conflict for IP address 0.0.0.0 with the system having network hardware address xx-xx-xx-CE-44-3F. Network operations on this system may be disrupted as a result. Time stamp 28/10/2014 hh:mm:ss.
Reboot the server and it got the network back. I have to mention giving ipconfig was showing the correct IP address even when it was having the network error.
Further investigation reviled few interesting and worrying facts, apparently this issue is only affecting Windows Vista and above, we also found that it is a known issue, However it will arise only when a windows server is rebooted.
The root cause is part of the detection flows defined by the RFC 5227 (IPv4 Address Conflict Detection).
The error is caused by the method used by Windows to detect an address conflict (http://tools.ietf.org/html/rfc5227#section-2.1.1) and one of the packets used by the cisco security feature called “ip device tracking”, used for the NAC Layer 2 validation.
Unfortunately the IOS version (15.2) used by the most of the Cisco core switches, enables this feature by default and there is no way to disable it. The only options are: downgrade the IOS or tuning some parameters.
a. downgrade the IOS
b. modify a parameter of Cisco ‘IP device tracking’ feature in order to potentially solve this issue.
On each interfaces
ip device tracking maximum 0