Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1117
  • Last Modified:

What is xp013.itsupport247.net? - Warning in my DNS logs Event1014, DNS CLient Events

Hello, I sometimes receive this DNS Event Log that I cannot put my fingers on. The site in question (xp013.itsupport247.net ) does not load and I think I know what it might be, but would like thoughts and opinions from EE.

I was thinking that this is a webpage for XP computers to get updates or something. Now that XP is no longer supported the site may be down and we can no longer connect when a machine is attempting to do so, throwing this DNS Event Warning.
(I fully understand that XP should be phased out so please do not make comments about how I should have upgraded all machines from XP).

Thoughts/ Ideas?

---------------------------------------------------------------------------------
Log Name:      System
Source:        Microsoft-Windows-DNS-Client
Date:          9/17/2014 2:06:07 AM
Event ID:      1014
Task Category: None
Level:         Warning
Keywords:      
User:          NETWORK SERVICE
Computer:     ServName.Domain.local
Description:
Name resolution for the name xp013.itsupport247.net timed out after none of the configured DNS servers responded.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-DNS-Client" Guid="{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}" />
    <EventID>1014</EventID>
    <Version>0</Version>
    <Level>3</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x4000000000000000</Keywords>
    <TimeCreated SystemTime="2014-09-17T06:06:07.504251200Z" />
    <EventRecordID>206950</EventRecordID>
    <Correlation />
    <Execution ProcessID="452" ThreadID="3228" />
    <Channel>System</Channel>
    <Computer>ServName.Domain.local</Computer>
    <Security UserID="S-1-5-20" />
  </System>
  <EventData>
    <Data Name="QueryName">xp013.itsupport247.net</Data>
    <Data Name="AddressLength">16</Data>
    <Data Name="Address">02000035C0A80B220000000000000000</Data>
  </EventData>
-</Event>
------------------------------------------------------------------------

Thanks All!
0
Michael Machie
Asked:
Michael Machie
1 Solution
 
it_saigeDeveloperCommented:
itsupport247.net is a managed services company (I believe its Zenith Infotech).  That event means that you probably either do use them or at one time used them and that one of your computers on the domain still has their monitoring client installed.  The monitoring client is still trying to phone home.

-saige-
0
 
David Johnson, CD, MVPOwnerCommented:
they are on many mail blacklists
0
 
Michael MachieFull-time technical multi-taskerAuthor Commented:
We did have Zenith Infotech software at one point in the past so this must be it - makes total sense... and the events did start around the time we changed over to another solution.

Time to speak to my BDR vendor for more cleanup!
0

Featured Post

Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now