As part of our monthly disaster test, I restored our SBS 2003 server onto a duplicate server in my attic.
The test worked fine, except I noticed some warnings in the event log.
Now, most of the warnings are to be expected. For instance, my attic backup server cannot really function as a domain server because the production server i s elsewhere.
But, there was one event id that had a very strange IP address.
Actually 2 suspicious eventids repeat about ever 100 minutes. There is no system failure so normal forums like eventid.net are not being very helpful, so I need some advice.
smtp could not connect to any DNS server.
That is strange, because my attic server is connected to the internet using time warner road runner, and most things works fine.
SMTP could not connect to the DNS server 188.8.131.52. The protocol used was 'UDP'. It may be down or inaccessible.
nslookup shows the following
DNS request timed out.
timeout was 2 seconds.
*** Request to dns-cac-lb-01.rr.com timed-out
A whois on the IP address says tehcnical contact is firstname.lastname@example.org with whom we have absolutely no ties. Also, a whois on ford.com shows technical contact of email@example.com. Note the slight difference in names
A regedit search reveal controlset001 has a tcp interface
5d3e2539 49b5 4559 8f26 539BDFA7BE44 with NameServer value 184.108.40.206
I went to the production server and did not find any SMTPSVC events, so I think this may simply be some weirdness assocated with using road runner in my attic. In particular, the rr.com SERVERer address shown from nslookup.
But, the weird IP address still bothers me.
Does anybody have advice? Am I wasting my time worrying about this?