Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 4199 Source: Tcpip

Source
Level
Description
The system detected an address conflict for IP address <ip address> with the system having network hardware address <MAC address>. Network operations on this system may be disrupted as a result.
Comments
 
You can determine the the vendor of the network card by using this site: EV100206 (www.hwaddress.com). For instance, this will help narrow down if it's a Dell pc or an Apple Mac.
After you assign or change an IP address on a Windows Vista-based computer, the system searches the network for a computer that is already using this IP address. If the search reveals no computer that is already using this IP address, the IP address is officially assigned to the Windows Vista-based computer. This event occurs if another computer sends a ping message to the new IP address before the system finishes the search process. The system was not designed to be pinged while it is searching for a new IP address. See ME948363 for a hotfix applicable to Windows Vista.
If you are using Double-Take:
- your source server crashed.
- during failover, the target server takes over the IP address of the source.
- the source server boots and claims its own IP address, resulting in an IP conflict, causing this error.
- the source server gets IP address 0.0.0.0 and is unreachable.
To prevent this, do not boot the source server until you have performed a failback on the target server. To prevent automatic reboots after a BSOD, go to My Computer -> Properties -> Advanced -> Startup and Recovery -> Settings, and disable "Automatically restart".
The latest service pack for Windows NT 4.0 or Windows NT Server 4.0 will fix this problem. Check ME178550 for more details.
Microsoft SMS 2.0 can be used to create a query that will find the computer details (provided the computer has SMS client installed) given a MAC address. This can be done even after the IP address has been changed (the details are stored in the database).


Self-explanatory. It is not easy to find the conflicting machine. If you use switches you can check the switch tables. You can also use a network analyzer in order to capture the MAC address of the conflicting machine.
For Microsoft Windows users, try EV100207 for a free tool download: Advanced IP Scanner.

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net.

Read more...

 

Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.

Read more...