May 12, 2021
In early 1997, the University of North Carolina setup a new Novell server called “Server 54”. After it was set up there was no need to access it physically and it was quickly forgotten. During an audit 4 years later, they could not find the server... anywhere. With help from Novell and Staff IT they traced the connection to a wire that went into a wall. In April of 2001, they found that found the server had been walled in during a remodel. That means that this server had remained on for the entire 4 years completely cut off from any human intervention or ventilation.
You would think that it would be difficult to forget about a server. I personally find that I cannot keep a windows server up for more than a month without some update causing it to reboot. Now imagine a server that could stay up for years without even a hiccup or dropped packet. When I first heard the story about this mythical server, I figured that it was made up, only later to find out it was true.
Working for an MSP (Managed Service Provider) I often find that business owners do not know where their servers are located. Recently I even found myself in a similar situation finding a server without a documented location. Due to COVID a company was forced to lay off their IT staff and with the restriction placed on unemployment benefits this meant that they could not even reach out to their own IT staff. A server was down, let’s call it Server 54, and it was impacting production. Here are the steps I took to find the server and help the company track down the network.
Here are some things to consider before starting.
Do you know the IP or Hostname of the server?Often the company does not even know this.
What is it doing?AD, File, DNS, DHCP, Application hosting, or something else.
How old is it?Most people have a vague idea of this. If it’s more than 10 years old it may not have hardware side connection like ILO, iDRAC or CIMC.
What is the cost of having this server offline?
With this information I began with an IP scan of the entire network using Advanced IP scanner or Angry IP scanner. Each of these tools provides three critical pieces of information: hostname, IP address, and Mac Address.
In this case, I used Advanced IP scanner and sorted for open port 22, 80, and 443. Any device that responds to those ports on the local LAN are suspects in my investigation.
I then crawled through and opened these ports on a web browser to see if I can get more information. Opening the webpage led me to find an iDRAC interface for a dell server. Furthermore, the login for the iDRAC was still the default username and password. This granted me access to power on the virtual host and ultimately the virtual servers.
I now had the MAC address from the scan to locate the server. I used the MAC address to review at the MAC address-tables to track down the port on the switch that it was connected to and then traced the cable from the port to the server. This company had more than one switch, so I started at the ISP demarcation and found the firewall. Then I found the switch and trunk connection going to the other switches using CDP (cisco discovery protocol).
If you need help finding your servers, better documentation, or want to do a server audit please contact NuWave Technology Partners!