DCom Error Messages EventID 10009
Posted on 2014-03-28
The error log on a server is showing an error every few minutes that indicates a connection cannot be made to server on the web. WHOIS says the server is a google server.
The error reads:
DCOM was unable to communicate with the computer 220.127.116.11 using any of the configured protocols.
In tracing the process it is coming from process ID 768. 768 is Svchost.exe and is coming from the services RpcSs and RpcEptMapper.
Help says to open up port 135 in the firewall. But researching this seems to be a bad idea since DCOM has been know to be a virus back door. For the life of me, I don't know what this is trying to do and why would a google server need to communicate this way.
My questions are:
1) Should the port be opened.
2) Is there anyway to tell what this is trying to do?
Any insight would be appreciated.