Solved

DFS Replication After a Crytowall

Posted on 2015-02-20
6
91 Views
Last Modified: 2015-03-31
A remove branch user was infected by CryptoWall.   It encrypted the remote DFS server.  The server only synced a few directories to the main DFS server.   We disabled the replication between the servers (via DFS Management) and rebooted the servers to stop replication.   We also restored from backup the encrypted files to the main DFS Server.

How do I go about restarting the DFS Replication with the main server as the correct server for files?
0
Comment
Question by:edwardq
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
6 Comments
 
LVL 42

Assisted Solution

by:kevinhsieh
kevinhsieh earned 250 total points
ID: 40622732
Remove the branch server from the DFS replication group, and then add it back it. The other server(s) will be considered authoritative.
0
 
LVL 27

Assisted Solution

by:Steve
Steve earned 250 total points
ID: 40623043
safest way is to stop the DFS service on the remote server and make changes to the main server (and allow AD replication to occur between sites) before re-enabling the serviced on the remote server.
best to remove the replication group and create it again from scratch (delete or move the files from the remote server)
0
 
LVL 4

Author Comment

by:edwardq
ID: 40626495
Ok.. I did that. And it took the other server as authoritative and started PreExisting backup of folders on the main server.
0
Creating Instructional Tutorials  

For Any Use & On Any Platform

Contextual Guidance at the moment of need helps your employees/users adopt software o& achieve even the most complex tasks instantly. Boost knowledge retention, software adoption & employee engagement with easy solution.

 
LVL 27

Expert Comment

by:Steve
ID: 40646988
nice one. did that solve the issue?
0
 
LVL 4

Accepted Solution

by:
edwardq earned 0 total points
ID: 40689934
No it did not solved the issue.     I was hoping for it to start duplication with main server as authoritative.   I did both what Kevinhsieh and totallytoto suggested.  It would still take the bad server as authoritative.

Since it was a Virtual server, How I solved it was to build a new VM server locally, set it up in the DFS replication group. When it finished replicated.  I copyed the VM Server to a removable disk drive and drove it down to the branch and copied it/replaced the bad one.  It took a few days since it took about 4 hours to copy it the disk drive and 4 hours to copy it to the remote server.
0
 
LVL 4

Author Closing Comment

by:edwardq
ID: 40697884
I selected my solution because it was the only one that worked.
0

Featured Post

Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

OfficeMate Freezes on login or does not load after login credentials are input.
A safe way to clean winsxs folder from your windows server 2008 R2 editions
The viewer will learn how to simulate a series of coin tosses with the rand() function and learn how to make these “tosses” depend on a predetermined probability. Flipping Coins in Excel: Enter =RAND() into cell A2: Recalculate the random variable…
The viewer will learn how to simulate a series of sales calls dependent on a single skill level and learn how to simulate a series of sales calls dependent on two skill levels. Simulating Independent Sales Calls: Enter .75 into cell C2 – “skill leve…

729 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question