Windows 7 Releases a random MAC address


  • Hi,

    When i goto Network and sharing center & click on Show Full Map, the computer issues a random mac address.

    The switch is configured to block unauthorized mac addresses. Due to this the port is blocked and the user has no access to the network.The MAC coming up in the logs of the switch is different than the actual MAC address.

    The drivers are updated.

    Cisco switch is being used without NAC.
    The Network Card is of Intel 82566DM-2.

    LAN Switch LOG capture details :
    Nov 17 11:18:28.011 IST: %PM-4-ERR_DISABLE: psecure-violation error detected on Gi4/14, putting Gi4/14 in err-disable state
    Nov 17 11:18:28.015 IST: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 000d.3adb.8600 on port GigabitEthernet4/14.
    Nov 17 11:18:29.011 IST: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet4/14, changed state to down.

    This issue is there in Windows 7 only have checked a Vista machine for this issue and it is working fine. The MAC address which is coming up in the logs is of Microsoft. I checcked it on this website. .
    • Edited by Jawwad Sayed Wednesday, December 02, 2009 3:38 PM mistake
    Wednesday, December 02, 2009 3:37 PM

All replies

  • Hi,


    To make the issue clear, please capture a screenshot on where you noticed this issue for our further research:


    Capture a screenshot


    1)   Press the Print Screen key (PrtScn) on your keyboard.

    2)   Click the "Start" menu, type "mspaint" in the Search Bar and Press Enter.

    3)   In the Paint program, click the "Edit" menu, click "Paste", click the "File" menu, and click "Save".

    4)   The "Save As" dialogue box will appear. Type a file name in the "File name:" box, for example: "screenshot".

    5)   Make sure "JPEG (*.JPG;*.JPEG;*.JPE;*.JFIF)" is selected in the "Save as type" box, click “Desktop” on the left pane and then click "Save".


    Please upload the screenshot to Windows Live SkyDrive and share its URL with us.



    Nicholas Li - MSFT
    Wednesday, December 09, 2009 10:42 AM
  • Hi Nicholas,
      I work for a MS Partner company and recieved this complain at a customer site. The only details i could collect were the switch log and the screen shot for the LAN card detail on the machine. Have uploaded the capture here is the screen shot
    Wednesday, December 09, 2009 1:39 PM
  • Hi,

    Thank you for your update and I also appreciate your efforts on gathering the information. 

    At this time, I just want to know if there are any virtual machines on the network?

    Nicholas Li - MSFT
    Thursday, December 10, 2009 9:38 AM
  • Hi,
     There are around 4 Virtual machines running in the network. there are about 2 each running on Hyper-V as well as VMware. these VMs were running prior to the Installaion of Windows 7 and no such issue was reported earlier.
    Thursday, December 10, 2009 12:20 PM
  • Hi,

    Thank you for your update and I also appreciate your efforts on gathering the information. 

    At this time, I just want to know if there are any virtual machines on the network?

    Nicholas Li - MSFT

    Is this issue related to a bug that I discovered in that Win7 misreads NIC MAC addresses?

    Thursday, December 10, 2009 9:40 PM
  • Hi smjavvey,


    Please just check if the MAC Address 00-0D-3A-DB-86-00 comes from one if the virtual machines and let us know.


    Thanks for your efforts.

    Nicholas Li - MSFT
    Friday, December 11, 2009 6:19 AM
  • As of now have been able to find MAC address of only two VMs which are running on Hyper-V.These are not coming up in the switch logs.

    Mac addresses of the virtual machines

    00-15-5D-06-5A-00        MOSS
    00-15-5D-06-5A-05        MOSS-DB

    Just another point, the desktop’s and the VM’s are on two different LAN’s with just port 80 allowed on these VM’s.
    Wil update as soon as i get more Info.

    Thursday, December 17, 2009 10:19 AM
  • I experience the same problem and I'm also connected to Cisco switch which bans me for unknown MAC. Recent events:
    2010-01-05 19:22:27.351642 port-security MAC=00:0D:3A:FD:EA:1B
    2010-01-07 01:51:14.527361 port-security MAC=00:0D:3A:E1:C1:14
    I don't know what caused the MAC generation. I didn't use network and sharing center, at 2 AM I was sleeping, not playing with my computer...
    I have Virtual PC with one virtual machine running Windows XP. But this machine is configured to access network through NAT so it's MAC (00-03-FF-FE-FF-FF) can't be visible. Thus I'm sure it is some strange Windows 7 bug, probably described by MS as a feature... I would be glad to turn it off.
    • Proposed as answer by planchez Wednesday, May 26, 2010 3:00 PM
    Thursday, January 07, 2010 2:31 PM
  • Sorry, I miss proposed Grzegorz answer, I’m new at this.

    As far as I know, what you are looking at is a Windows 7 documented behavior.

    Take a look to de LLDP in


    • Proposed as answer by planchez Wednesday, May 26, 2010 3:16 PM
    Wednesday, May 26, 2010 3:16 PM
  • are you referring the passage on page 7 which identifies reserved topology discovery addresses 00-0D-3A-D7-F1-40 through 00-0D-3A-FF-FF-FF  ?

    you have a sharp eye, friend.  that OUI (MAC)  00-0D-3A-xx-xx-xx  is in fact registered to Microsoft Corp.

    you also have more patience than me.


    so, would you try to solve this problem by turning off Link-Layer Topology Discovery (Mapper and Responder) and QoS Packet Scheduler services in all adapters' Network Connection Properties dialogs?

    Wednesday, May 26, 2010 4:37 PM
  • hi,

    I had read the previous response and I still don't really quite understand, what is the trigger for the LLTD to use/generate the MAC address on the exception of when the user click on  "See full map". As I do like to use file sharing and network discovery function for my environment where laptops will be plug into the switch port.



    • Edited by soongwc Thursday, April 04, 2013 2:52 PM
    Thursday, April 04, 2013 2:52 PM