Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17


Re-installing Windows Server 2012 Essentials - the best way?

Posted on 2016-10-19
Medium Priority
Last Modified: 2016-10-24
A have a Server running Windows 2012 R2 Essentials. It has been likely struck with some software that has turned it into a Zombie as it is uploading vast amounts of data.

I have not been able to solve this issue and have therefore made the decision to re-install the Server. (See my other question for further details regarding this )

Can anyone please advise the best way to do this to avoid minimal re-configuration?

General Information
1.      The Server has 4TB raid configuration with two partition - a 500GB partition for the OS and all programs. The rest of the data is on the other partition
2.      The server is essentially a Domain controller and file server looking after 10 workstations. All the users are using folder redirection. Email is supplied by Exchange Online.
3.      The backup is done onto external hard drive using the built-in backup of Windows essentials.  I don’t want to use it to fully restore the server as the problem started after the last backup and I am worried it would bring the problem back.

My main concern is the user data and re-logging in of the user. If, for example, I re-install on the OS partition and leave the data partition as is and set folder redirection to point to the folder on this partition, will the user log in OK and pick up their data as before?

Any advice very much appreciated.
Question by:Markieboy1
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
LVL 83

Accepted Solution

David Johnson, CD, MVP earned 1000 total points
ID: 41851522
The best solution that I can think of is to create a new server on different hardware (not server essentials) a trial of standard will work for this scenario.make it an additional domain controller, create a DFS share for your user data, let it replicate, change your redirected folders gpo to point to the DFS share
Seize the fsmo roles from essentials to the new server
export the dhcp server and import it into the new server
now you can remove and reinstall the Essentials Server. setup DFS and point it to the redirected folder location(s) you setup now reverse the steps, after the redirected folders are now pointing to the essentials server you can remove the DFS link to the standard server,
Better if you can find the problem.
LVL 25

Assisted Solution

by:Lionel MM
Lionel MM earned 1000 total points
ID: 41851823
Since this is such a small network, 1 server and 10 workstations and because your Server is compromised I would simply
1) copy any user data to an external drive
2) export your GPOs
3) export any printers and
4) make a final full server backup
and then shutdown the compromised server and start over. I would do a full reformat of the drives to make sure that the offending/compromising "whatever" that caused this problem is gone.

In terms of total time this is the quickest and easiest to get yourself operational again. The fact that you say it is compromised and a "zombie" means to me you are much better off to "kill the zombie" as soon as possible so that it doesn't spread to any of your workstations. Essentials is very easy to setup and will take much less time this way.

Author Comment

ID: 41851881
Many thanks for your comments. I was hoping to avoid copying the user data as a couple of the users have masses of data!

However, It seems I may not need to do anything. Since I left yesterday, the problem has gone away and all is looking good.

I have obviously done something but I am keeping an open mind and see how things go for the next few days. I will therefore keep this question open until I am sure all is well.
LVL 25

Expert Comment

by:Lionel MM
ID: 41852275
Well if the server was "doing something" and uploading "masses of data" and you can't find the cause then I would be very, very concerned. Your server may actually be hacked and controlled by a "bot" of some sort. I would still consider reformatting the drives and starting over but at least you should run virus and spyware checkers, use more than 1 of each, 2 or 3 of each--use spybot, malwarebytes and then your virus software and then one other. You may even want to use a USB or DVD boot drive with a virus scanner to be 100% sure, especially if you can't find what was causing the uploading of masses of data.

Author Closing Comment

ID: 41856854
All seems to be working well - as the threat has now removed - so the need to do this is no longer relevant.

If needed in the future - and let's hope not - your comments will be useful.

Featured Post

NFR key for Veeam Agent for Linux

Veeam is happy to provide a free NFR license for one year.  It allows for the non‑production use and valid for five workstations and two servers. Veeam Agent for Linux is a simple backup tool for your Linux installations, both on‑premises and in the public cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

You might have come across a situation when you have Exchange 2013 server in two different sites (Production and DR). After adding the Database copy in ECP console it displays Database copy status unknown for the DR exchange server. Issue is strange…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
In this Micro Tutorial viewers will learn how to use Boot Corrector from Paragon Rescue Kit Free to identify and fix the boot problems of Windows 7/8/2012R2 etc. As an example is used Windows 2012R2 which lost its active partition flag (often happen…
In this Micro Tutorial viewers will learn how to restore their server from Bare Metal Backup image created with Windows Server Backup feature. As an example Windows 2012R2 is used.

721 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question