Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

DFS Replication After a Crytowall

Posted on 2015-02-20
6
Medium Priority
?
94 Views
Last Modified: 2015-03-31
A remove branch user was infected by CryptoWall.   It encrypted the remote DFS server.  The server only synced a few directories to the main DFS server.   We disabled the replication between the servers (via DFS Management) and rebooted the servers to stop replication.   We also restored from backup the encrypted files to the main DFS Server.

How do I go about restarting the DFS Replication with the main server as the correct server for files?
0
Comment
Question by:edwardq
  • 3
  • 2
6 Comments
 
LVL 42

Assisted Solution

by:kevinhsieh
kevinhsieh earned 500 total points
ID: 40622732
Remove the branch server from the DFS replication group, and then add it back it. The other server(s) will be considered authoritative.
0
 
LVL 27

Assisted Solution

by:Steve
Steve earned 500 total points
ID: 40623043
safest way is to stop the DFS service on the remote server and make changes to the main server (and allow AD replication to occur between sites) before re-enabling the serviced on the remote server.
best to remove the replication group and create it again from scratch (delete or move the files from the remote server)
0
 
LVL 4

Author Comment

by:edwardq
ID: 40626495
Ok.. I did that. And it took the other server as authoritative and started PreExisting backup of folders on the main server.
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
LVL 27

Expert Comment

by:Steve
ID: 40646988
nice one. did that solve the issue?
0
 
LVL 4

Accepted Solution

by:
edwardq earned 0 total points
ID: 40689934
No it did not solved the issue.     I was hoping for it to start duplication with main server as authoritative.   I did both what Kevinhsieh and totallytoto suggested.  It would still take the bad server as authoritative.

Since it was a Virtual server, How I solved it was to build a new VM server locally, set it up in the DFS replication group. When it finished replicated.  I copyed the VM Server to a removable disk drive and drove it down to the branch and copied it/replaced the bad one.  It took a few days since it took about 4 hours to copy it the disk drive and 4 hours to copy it to the remote server.
0
 
LVL 4

Author Closing Comment

by:edwardq
ID: 40697884
I selected my solution because it was the only one that worked.
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Sometimes drives fill up and we don't know why.  If you don't understand the best way to use the tools available, you may end up being stumped as to why your drive says it's not full when you have no space left!  Here's how you can find out...
This article explains how to install and use the NTBackup utility that comes with Windows Server.
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
If you’ve ever visited a web page and noticed a cool font that you really liked the look of, but couldn’t figure out which font it was so that you could use it for your own work, then this video is for you! In this Micro Tutorial, you'll learn yo…

971 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question