Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Connecting workstations to Server 2012 Standard after Ransomware

Posted on 2016-08-22
4
40 Views
Last Modified: 2016-10-27
Hi guys,

A client's network has one Server 2012 Standard and several client workstations connected to it via a single domain. This server is the only server on their network, so is also the Domain Controller and DNS server. Over the weekend, the server was attacked by Ransomware which caused all data on it to become encrypted. As no 'fix' for that Ransomware had yet been developed which didn't involve paying, we opted to pull a server image from a local daily backup which is run via Acronis Backup & Restore v11.5. Unfortunately, they'd not been switching daily between their two local backup drives, so the one connected to the machine during the attack, which has the last month's-worth of backups on it, was encrypted. As a side note, I thought Acronis' .TIB files couldn't be encrypted, but that is clearly incorrect (on a machine running Acronis, at very least). Anyway, we restored a backup from July 19th 2016 to the server and got the server back to that point with very little issue.

The current issue, however, is that two users who weren't already logged in (most users don't turn their PCs off or even log off from their session almost ever) are now unable to access the server. The one logged into the domain gets one of the two following error when they try to login:

1. The User Profile Service service failed to login. User profile cannot be loaded.
2. The trust relationship between this workstation and the primary domain failed.

This is a Windows 7 Pro workstation, for what it's worth.

One of the machines, a Windows 10 workstation, is a new machine which was deployed only last week. It was connected to the domain last week but then, when this issue happened, I tried disconnecting it from the domain, restarting the PC and reconnecting. Now, it doesn't reconnect, giving me one of the two messages:

1. The following error occurred attempting to join domain "<domain_name>":   The specified domain either does not exist or could not be contacted.
2. An Active Directory Domain Controller (AD DC) for the domain '<domain_name>" could not be contacted. Ensure the domain name is typed correctly. If the name is correct, click Details for troubleshooting information.

These alternate messages occurred at different times during my attempted fixes on the server. So far, I have attempted the fixes from the following URLs (in order):

http://www.tomshardware.com/faq/id-1943765/windows-server-2012-dns-server-accessible-unable-resolve-dns-queries.html
https://blog.blksthl.com/2013/03/18/fix-the-trust-relationship-between-this-workstation-and-the-primary-domain-failed/
https://redmondmag.com/articles/2014/04/21/domain-trust-issues.aspx

With the new machine, knowing that it wasn't around at the time the Server was restored to, I even tried adding in the Computer name in Active Directory > Users and Computers > Computers, but to no avail. With the other (Windows 7 PC), I even found a solution which suggested that in this same location I find the users PC which was already in the list, right-click on it and select 'Reset Account'. This, too, produced no results.

So, I'm out of my depth and need some assistance - please help. I suspect the fix isn't hard... I just don't know what it is.
0
Comment
Question by:Servant-Leggie
  • 2
4 Comments
 

Expert Comment

by:Waahid Joomun
ID: 41766439
Hello Sir,

Try to remove the computer in your AD and re join to your domain on both PC. This should fix the problem.

W
0
 

Accepted Solution

by:
Servant-Leggie earned 0 total points
ID: 41766807
Waahid Joomun, I have done that EXCEPT FOR removing the computer first, which sounds like the important part. I will go ahead and do that and will let you know how I go.
0
 
LVL 80

Expert Comment

by:David Johnson, CD, MVP
ID: 41767537
For what it's worth,  you should adjust the permissions on your backup locations so that ONLY the account that Acronis is using should have read/write/modify permissions.  Administrators don't need access, Users definitely don't need access. That or do a mount share / backup / dismount share. Or have a machine that you can set the bios or send a WOL magic packet so the machine that holds the backup share starts, do your agent scheduled backups, upon completion do an automated shutdown of the machine. This will decrease your exposure time

Ransomware will encrypt ANY file that the miscreant thinks is valuable. We relied on shadow copies, they now delete shadow copies, they only went after common file types i.e. Office Documents and Image Files.. Backup's were "safe" now they also target common backup file extensions as well.
0
 

Author Closing Comment

by:Servant-Leggie
ID: 41793902
Thanks Waahid Joomun, this worked a treat! Sorry for my slow reply.
0

Featured Post

Ransomware: The New Cyber Threat & How to Stop It

This infographic explains ransomware, type of malware that blocks access to your files or your systems and holds them hostage until a ransom is paid. It also examines the different types of ransomware and explains what you can do to thwart this sinister online threat.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When you try to share a printer , you may receive one of the following error messages. Error message when you use the Add Printer Wizard to share a printer: Windows could not share your printer. Operation could not be completed (Error 0x000006…
Windows 10 came with  a lot of built in applications, Some organisations leave them there, some will control them using GPO's. This Article is useful for those who do not want to have any applications in their image (example:me).
This Micro Tutorial will give you basic overview of the control panel section on Windows 7. It will depth in Network and Internet, Hardware and Sound, etc. This will be demonstrated using Windows 7 operating system.
This Micro Tutorial will give you a introduction in two parts how to utilize Windows Live Movie Maker to its maximum capability. This will be demonstrated using Windows Live Movie Maker on Windows 7 operating system.

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question