Checking the configuration of the server, with ipconfig /all
,
I saw that its MAC
address, i.e. the physical address, was all zeroes.
C:\Documents and Settings\Administrator>ipconfig /all Windows IP Configuration Host Name . . . . . . . . . . . . : crystal Primary Dns Suffix . . . . . . . : example.com Node Type . . . . . . . . . . . . : Hybrid IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : example.com Ethernet adapter Server Local Area Connection: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : SiS 900-Based PCI Fast Ethernet Adapter Physical Address. . . . . . . . . : 00-00-00-00-00-00 DHCP Enabled. . . . . . . . . . . : No IP Address. . . . . . . . . . . . : 192.168.1.7 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.1.1 DNS Servers . . . . . . . . . . . : 192.168.1.7 217.68.70.72 Primary WINS Server . . . . . . . : 192.168.1.7
When I monitored the network traffic between the firewall and server
using Microsoft's Network Monitor, I could see
ARP
requests from the firewall and replies from the domain controller. Yet,
when I checked the ARP table on the firewall with the show arp
command, I did not see the domain controller's MAC address. The arp
-a
command on the domain controller did show the firewall's
MAC address in its ARP cache, however.
I suspected the Pix firewall was not accepting a MAC address of all zeros.
When I tried to manually enter the MAC address on the Pix firewall with
the arp
command, it declared the address to be invalid.
The ipconfig /all
command showed the network adapter in the
domain controller as a "SiS 900-Based PCI Fast Ethernet Adapter". Peforming
a
Google search on whether others had encountered a MAC address of all
zeros with this adapter, I found that using the default driver Windows XP
provides for this adapter yields an all-zero MAC address for the adapter.
The same appears to be true for SBS 2003 systems. Responses to a posting
at Anyone else with
ideas for SIS 900
ethernet?1
, indicated that updating the driver
for the network adapter might resolve the problem. This is apparently a common
problem with motherboards that have this network adapter built-in
2, 3. I thought
updating the driver might require a reboot. I didn't want to reboot the server,
so I changed its MAC address, instead, to a valid MAC address, which resolved
the problem. Once I did that, I could ping the firewall from the server and
vice versa and access the Internet. The change did not require a reboot.
The steps to modify the MAC address are as follows:
000CF1C89910
in this case. At
linksys wusb v.2.6 - using on WinXP4, I saw the following address
listed for the same adapter:
Description . . . . . . . . . . . : SiS 900-Based PCI Fast ethernet adapter
Physical Address. . . . . . . . . : 00-E0-18-82-79-A4
You could use that same address, since presumably it is a valid one for
that adapter or just change the last digit.
ipconfig /all
command. After I made the change, I saw the
information below:
Description . . . . . . . . . . . : SiS 900-Based PCI Fast Ethernet Adapter
Physical Address. . . . . . . . . : 00-0C-F1-C8-99-10
I was then able to ping the firewall and access the Internet from the domain controller. Though I encountered the problem with a Pix firewall, it is likely other firewalls, routers, or switches might also reject an all-zero physical, aka MAC or Ethernet, address as well.
References: