I'm running Windows Vista Ultimate edition, and have stumbled across a very odd problem that I cannot seem to find any mention of elsewhere. When I put the system into sleep mode, it disables the network card. When I bring the system back from sleep mode (tap mouse, press space or some such) the network card comes back to life, but all of sudden the Vista machine starts 'broadcasting' multiple network MAC addresses to the switch. The first one it broadcasts is the correct MAC address of the network card. The others are all made-up MAC addresses, about 105 of them. The reason I can say it is about 105 made-up MAC addresses, is that at 105 MAC addresses on the same port, our network swtich shuts the port off. This happens all within about a minute of the system coming back out of sleep mode. A look through the event logs, shows the following entries as the machine wakes up from Sleep mode, in the order as written in the System Log (*means abbreviated entry) 1. Service Control Manager - Event ID: 7036- Windows Image Acquisition service (WIA) started2. Service Control Manager - Event ID: 7036 - McAfee McShield Service started3. Tcpip - Event ID: 4201 - Lan card has initiated normal operation *4. Power-Troubleshooter - Event ID: 1 - Sleep Time & Wake Time *5. e1express - Event ID: 33 - Card running at 100/Full Duplex *6. DHcp-Client - Event ID: 1003 - was not able to renew its DHCP address *7. User-Pnp - Event ID: 2003 - Driver Management has concluded the process to add Service tunnel for Device Instance ID ROOT\*6TO4MP\0000 with the following status: 0.8. e1express - Event ID:27 - Card has been disconnected* In the Security Log I find several of the following events that happen at the same time as Tcpip - Event ID: 33 Security-Auditing - Event ID: 5032 - Windows Firewall was unable to notify the user that it blocked an application from accepting incoming connections on the network. Any ideas on why the vista system would be suddenly flooding the network switch with a bunch of bogus MAC addresses when it wakes up from Sleep mode? And any idea how to stop it, so users are suddenly not able to use the network because the switch port was turned off on them, when Vista did something off the wall. P.S. Has anyone else noticed that the times listed in "Power-Troubleshooter - Event ID: 1" seem be listed in GMT as opposed to local time?

After some testing I have a bit more information on this issue: 1. At this point it seems to happen only with Windows Vista Ultimate edition (although I only have one Vista Business Edition and one Vista Ultimate edition to test with)2. Reinstalling Vista Ultimate from Scratch does not make a difference, the problem still happens3. Installing Vista Patch KB 930163 does not help , the problem still occurs4. Disabling the following services does not help either: Windows Media Player Network Sharing Service SSDP Discovery Service Windows Media Center Receiver Service Windows Media Center Scheduler Service Windows Media Center Service Launcher(The last three I disabled because those are in Vista Ultimate not Business)5. Tried disabling IPv6 and that did not help either6. Made sure in all the power settings that Sleep options were set to Never, Hybrid Sleep was off, and the buttons were all set to shut down or do nothing In all the above cases, when Vista Ultimate comes out of Sleep Mode it suddenly swaps the switch with first the real MAC address, followed by a slew of made-up MAC address, and the switch says that is too many MACs for one port, and turns the port off. I cannot think of anything or any reason why something should suddenly spam a switch with bogus MAC addresses. At this point though, it looks like we may have to say No Windows Vista systems at our site. Any help will be much appreciated on this.

Figured out where the problem was coming from on the Vista Box. It seems the problem is somewhere in the IPv6 setup. I get the MAC spam on the switch port while IPv6 is enabled. But when I disable IPv6 via the following steps:1. Disable the Internet Protocol Version 6 (TCP/IPv6) in the properties of the connection a. Go to the Control Panel b. Depending on what view you have select one of the following: "View network status and tools" under the "Network and Internet" header or "Network and Sharing Center" c. In the left window pane select "Manage network connections" d. Right-click on the connected device and select properties e. In the middle box labeled "The connection uses the following items:", uncheck the box next to "Internet Protocol Verison 6 (TCP/IPv6)" f. Click Okg. Repeat steps d through f for all the network connections2. Disable all IPv6 options via the registry a. In the Start menu, type in regedit in the Start Search box (This is the Run box now) b. Type in Regedit and press enter c. Navigate to the following location HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TcpIp6\Parameters d. Under the Edit menu select New - DWORD (32-bit) Value e. Call the new entry "DisabledComponents" f. Set the value of the entry to "ff" in Hexadecimal base g. Close Regedit3. Restart the system And yes you do have to both uncheck the box on the connection and set the registry key, if you only do one it does not seem to actually stop IPv6 from running. After that I no longer see the switch port getting swamped by a ton of MAC addresses from the system. So now I have two questions about this: 1. Why does the Vista system suddenly start spewing a bunch of bogus MAC addresses when IPv6 is on?2. Why does this only happen when the system comes out of sleep mode? It does not do this when the machine starts up or restarts, only when it comes out of sleep mode.3. Why does the time in the Power-Trouble-shooter - Event ID: 1 in the system logs not appear in local time? (not part of the bigger issue but thought I'd ask anyways). Also this seems to affect all version of Vista, since the other box I have testing with does it as well, just that the switch does not have it set to disable the port if too many MAC addresses are found on it.

I am using Windows Vista Ultimate x64 and the setup is pretty stable. However, randomly, my computer will reboot for no appearent reason. Upon Vista starting back up, I usually go to my Event Viewer. EVERY SINGLE INSTANCE, after the random reboot, there will be an error posted. It is Event ID: 5032 or Event ID: 5038 (or both). I have googled my heart out trying to figure this one out. I have been on numerous boards and it seems no one can pinpoint the problem. Here is a list of my setup:Computer: Custom BuiltProcessor: Intel QX6700 QuadcoreMemory: Corsair Dominator PC2 8500C5D Ram @ 1066mhzMotherboard: XFX MB-N680-iLT9 (680i LT)Power Supply: Enermax Galaxy 1000 watt Gamers EditionVideo Card: (2) nVidia 8800GTS cards running in SLiThe computer is connected via a LAN Cable (not wireless).My internet service provider is Charter Cable. It is a 10Mbps connection.My cable modem is a Ambit SpeedStream U10C018.My router is a Linksys WRT54G v4 (wireless capability)I have NO antivirus installed at the moment.No software firewall is installed.I believe the Linksys has a built in firewall.All of my Vista updates are current. I have not installed my 3rd party programs but I have installed a few:Winrar, TeamSpeak RC2, Everest Ultimate, CPU-Z 1.39, F.E.A.R. Combat, 3dmark06, Limewire Pro 4.12.11.. ALL of these programs are listed as compatible with Vista x64.Under Event ID: 5032, this is what the message says:Windows Firewall was unable to notify the user that it blocked an application from accepting incoming connections on the network.Error Code: 2<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">- <System> <Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-a5ba-3e3b0328c30d}" /> <EventID>5032</EventID> <Version>0</Version> <Level>0</Level> <Task>12292</Task> <Opcode>0</Opcode> <Keywords>0x8010000000000000</Keywords> <TimeCreated SystemTime="2007-04-24T15:21:14.942Z" /> <EventRecordID>3414</EventRecordID> <Correlation /> <Execution ProcessID="620" ThreadID="976" /> <Channel>Security</Channel> <Computer>WindowsUser</Computer> <Security /> </System>- <EventData> <Data Name="ErrorCode">2</Data> </EventData> </Event>Under Event ID: 5038, this is what it says:Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.File Name: \Device\HarddiskVolume1\Windows\System32\nvd3dumx.dll<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">- <System> <Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-a5ba-3e3b0328c30d}" /> <EventID>5038</EventID> <Version>0</Version> <Level>0</Level> <Task>12290</Task> <Opcode>0</Opcode> <Keywords>0x8010000000000000</Keywords> <TimeCreated SystemTime="2007-04-24T03:26:33.113Z" /> <EventRecordID>3384</EventRecordID> <Correlation /> <Execution ProcessID="4" ThreadID="72" /> <Channel>Security</Channel> <Computer>WindowsUser</Computer> <Security /> </System>- <EventData> <Data Name="param1">\Device\HarddiskVolume1\Windows\System32\nvd3dumx.dll</Data> </EventData> </Event>

I've played around with this some more, and it appears to only happen with a specific On MohterBoard Network Card from Intel. Once I put in a second NIC, an intel PCI card,and used that the problem went away. When I went back to the on-motherboard Intel card the problem would re-occur. I've checked around Intel's site and they have no mention of it, and so far have not offered any help on it. So far I've just had to turn off IPv6 on that particular card in order to get around the problem. So if you have this problem check to see if it is an Intel on-motherboard card, if it is try disabling the IPv6 on it to see if that makes a difference, otherwise try a different network card.

I'm not sure if this will be much help to you because I'm not quite as technically adept, but I've been having a similar problem so I'll explain what's going on with me. Also, I've been searching for for a solution to this problem for a couple months now and this is the first time I've seen anything remotely related.In my case, I'm running an AMD processor on an ABIT or Asus mobo (I don't remember which because I have a few computers and don't want to go open the one up at the moment). About once a day, but sometimes more often and sometimes not, my network connection will just shut down. It says it is still connected but no information enters or leaves my computer. Since this has been happening to me over the last few months and occurs rather frequently, I've had noticed a few patterns. It tends to happen at the following times:1. About 2 out of 3 times I use WinRar to extract a large file.2. About half the time I use VLC media player to watch a movie in full screen, although it happened more frequently when I was using the Windows Aero theme and it had to switch to play the movie.3. Almost everytime my computer goes to sleep.4. Sometimes it just happens for no reason at all.For a while I thought it might be because I use bittorrent and the connections were piling up and killing the NIC, but sometimes I would restart my computer and open Firefox, only to have the network crash again after I navigated to a second or third page. I should note that the only way I have found to fix the problem is to restart my computer. Restarting has fixed the problem every time except for one day when I couldn't get internet access for about 6 hours, so I attribute that to a problem from my provider. I should also point out that I am in an apartment building with fiber optic 10MB up and down to each room, and I don't know much about how my network runs besides that.I wish I could provide some better advice, but internet specifics are not my strong point. Hopefully that information will help someone else somewhere down the line.

I have the same problem with my new HP9260nr Laptop.........flooded with bogus MAC addresses. My router (D-Link wireless) shuts itself down and stops broadcasting. Got the router up and unning again. Laptop recognizes. Vista says no problems with my connection thoughI cannot access the net on the laptop.However,I do have access viathe hard wired PC I am writing this on. Scratching my head.

Thanks a lot for the nice analysis, GodOfLions I was breaking my head off on this issue. I have an HP dv6500 laptop with Vista Business and on board Intel wireless network card and I'm having same problem with . Following your instructions to turn of IPv6 seemed to have solved the problem. That is, when my laptop comes back from the sleep mode, my router and internet connection is fine. BUT when it goes into sleep again for a second or third time and comes back same thing again happends and router goes down. The router is Belkin Wireless G router. Even the computers connected to router through wire can't access internet after this. Any further help is much appreciated. Thanks,Raman

I think i have all the same problems. But I really need some help. I have a dell computer with vista home and i just put ina wireless router to work with my vonage. i'm not sure if it's a vonage problem or a vista sleep mode problem but anytime it tries to connect to the network it can never find the right network. it's always an unidentified network and has limited access. any ideas would be great.. thanks.

I am not a techie but I have similar problems and I am using a Wireless router with a PS3, two laptops (one mac and one Pc) and a desktop. The desktop and Pc laptop use Vista. I think the PS3 interaction with the Router is part of the problem. The IP address also is problematic. I guess I will try disabling theip v6. I just uninstalled Limewire i saw someone mention that.

Wow! What a GEM this post was. My situation wasn't the same but it worked for me. I've been unable to use VMWare Workstation for months on my Vista Ultimate machine until this post. Thank you.http://briandrab.spaces.live.com/blog/cns!B69C8C4D664E3F01!207.entry

Well it was good to see that the post helped someone. I'm still not sure what is in the IPv6 component that would be doing this and why in the world it would start the spouting when the system comes out of sleep mode (or at least that is the only time I can reproduce the problem). I've not heard a peep from Microsoft about this issue, and I've not had a chance to go back and see if any of the patches since I posted the "workaround" would fix this problem. I'm not in any rush to jump to Vista, I just have to support it.