0

Backup Exec produces a large amount of entries in my firewall. It tries to connect to a host outside my network on TCP Port 135 which is normally used for RPC.

As I noticed this I logged on that server and found ot that the associated socket is owned by beserver.exe which is the RPC Server of Backup exec. The strange thing is that the targeted address has never been backed up by that host and did not even belong to our company.

I know the administrator of that network (its a university network) and he allowed me to scan that host. As it showed the device seems to be a phone. The SIP Port is open. Based on the MAC its a Samsung device. Port 135 is not even open.

To ensure that this is not based on a DNS error I did a lookup of all servers backed up by Backup Exec but none of that servers did resolve to this external address. I looked through the firewall logs and this device has never been a part of our network.

Can anyone make sense out of this?

davidb
  • 246
  • 1
  • 4
  • 16

1 Answers1

0

BackupExec DB can easily get mixed.

Try to check for database error (see below the screenshot on how to do it) or remove backupexec and re-install it. Seem a old device maybe selected to do a backup for testing, but where never removed and now no longer listed (as you don't see it)

To give an actual example. My backupexec on a customer was using a remote site as a media server, but it was not even selected, nor it showed in backupexec. I removed the backupexec instance at the remote site, but the main backupexec was sending data there anyway. I had to fully reinstall to remove any trace of that old server.

To check for database error:

Run beutility.exe

enter image description here

After, select that option over your media server. Sorry for the french picture, but the option mean 'Check database coherence'

enter image description here

yagmoth555
  • 16,300
  • 4
  • 26
  • 48