MonitorWare Knowledge Base

Hi, All!

Twice we've encountered a problem in our C-class subnet. All servers and workstaions (platforms: WinNT 4 WS, WinNT 4 ES, Win2000 Ws, Win2000 AS, WinXP, Win2003 ES) were affected withe the following error:

Event Type: Error
Event Source: Tcpip
Event Category: None
Event ID: 4199
Date: <dd.mm.yyyy>
Time: <hh:mm:ss>
User: N/A
Computer: <NetBios_Name>
Description:
The system detected an address conflict for IP address <IP_Adress> with the system having network hardware address <Hardware_Adress>. Network operations on this system may be disrupted as a result.

* where
<dd.mm.yyyy> and <hh:mm:ss> - when it had happened (almost at the same time at all systems);
<NetBios_Name> - machine NetBios Name, e.g. SYS_VILYA;
<IP_Adress> - machine ip address, e.g. 10.1.12.12 - unique at every system
<Hardware_Adress> - 00-00-xx-00-00-00 - unique at every system, differed with xx

duration - a few seconds
result - network is down

Was it a hardware manfunction, an OS bug or an attack?
What is possible to do to investigate this event and prevent it in the future?

Several details about network:
no DHCP available, all IP addresses are static
Win2003 ES as PDC, Win2003 ES as BDC
several Intel Express 460T Standalone Switches
several 3Com SuperStack Switches
one Intel NetStructure 470T Switch

Vilya wrote:The system detected an address conflict for IP address <IP_Adress> with the system having network hardware address <Hardware_Adress>. Network operations on this system may be disrupted as a result.

Coincidentally, I've been having this error msg appearing as a popup over the last few weeks (16, 17 & 29-Nov-03) and it's the first time I've seen it.
WinXP-Home, 2-station Wireless LAN in Adhoc Mode (the other computer was switched on during one 'attack', it was off for the other 2), ADSL using XP's firewall. My first thought was that someone was hacking into my LAN.

Learned any more about it?

Nope.
It happened twice, 11-th and 12-th of Nov.
Still have no idea what was it (

Vilya wrote:Nope.
It happened twice, 11-th and 12-th of Nov.
Still have no idea what was it (

I've just been to see my next door neighbours and they have an adhoc WLAN. They're students and have 3 laptops explicitly set on a different channel, different network name, but one of them has the same IP as my machine here.

What I suspect is happening is either (a) my WLAN card is losing track of which channel it's supposed to be set on and it's latching onto their network or (b) one of their WLAN cards is losing track of etc etc or (c) they're trying to, er, 'borrow' my bandwidth.

The reason that I'm not round there right now with an axe, is that I know for a fact that my card does occasionally 'wander'. At least once a week I'll hear a shout from my daughter's room, "Dad! I can't get on the network!" and I check my WLAN card and find that it's set on the default channel 1 and showing no throughput.

Hmmm...

Write me via E-Mail )

vilya@pbcards.dp.ua

Anonymous wrote:Write me via E-Mail

Did you not get my email?

take a look at this link :
http://support.microsoft.com/default.as ... -us;178550