Re-installing Windows Server 2012 Essentials - the best way?

Posted on 2016-10-19
Last Modified: 2016-10-24
A have a Server running Windows 2012 R2 Essentials. It has been likely struck with some software that has turned it into a Zombie as it is uploading vast amounts of data.

I have not been able to solve this issue and have therefore made the decision to re-install the Server. (See my other question for further details regarding this )

Can anyone please advise the best way to do this to avoid minimal re-configuration?

General Information
1.      The Server has 4TB raid configuration with two partition - a 500GB partition for the OS and all programs. The rest of the data is on the other partition
2.      The server is essentially a Domain controller and file server looking after 10 workstations. All the users are using folder redirection. Email is supplied by Exchange Online.
3.      The backup is done onto external hard drive using the built-in backup of Windows essentials.  I don’t want to use it to fully restore the server as the problem started after the last backup and I am worried it would bring the problem back.

My main concern is the user data and re-logging in of the user. If, for example, I re-install on the OS partition and leave the data partition as is and set folder redirection to point to the folder on this partition, will the user log in OK and pick up their data as before?

Any advice very much appreciated.
Question by:Markieboy1
  • 2
  • 2
LVL 80

Accepted Solution

David Johnson, CD, MVP earned 250 total points
ID: 41851522
The best solution that I can think of is to create a new server on different hardware (not server essentials) a trial of standard will work for this scenario.make it an additional domain controller, create a DFS share for your user data, let it replicate, change your redirected folders gpo to point to the DFS share
Seize the fsmo roles from essentials to the new server
export the dhcp server and import it into the new server
now you can remove and reinstall the Essentials Server. setup DFS and point it to the redirected folder location(s) you setup now reverse the steps, after the redirected folders are now pointing to the essentials server you can remove the DFS link to the standard server,
Better if you can find the problem.
LVL 25

Assisted Solution

by:Lionel MM
Lionel MM earned 250 total points
ID: 41851823
Since this is such a small network, 1 server and 10 workstations and because your Server is compromised I would simply
1) copy any user data to an external drive
2) export your GPOs
3) export any printers and
4) make a final full server backup
and then shutdown the compromised server and start over. I would do a full reformat of the drives to make sure that the offending/compromising "whatever" that caused this problem is gone.

In terms of total time this is the quickest and easiest to get yourself operational again. The fact that you say it is compromised and a "zombie" means to me you are much better off to "kill the zombie" as soon as possible so that it doesn't spread to any of your workstations. Essentials is very easy to setup and will take much less time this way.

Author Comment

ID: 41851881
Many thanks for your comments. I was hoping to avoid copying the user data as a couple of the users have masses of data!

However, It seems I may not need to do anything. Since I left yesterday, the problem has gone away and all is looking good.

I have obviously done something but I am keeping an open mind and see how things go for the next few days. I will therefore keep this question open until I am sure all is well.
LVL 25

Expert Comment

by:Lionel MM
ID: 41852275
Well if the server was "doing something" and uploading "masses of data" and you can't find the cause then I would be very, very concerned. Your server may actually be hacked and controlled by a "bot" of some sort. I would still consider reformatting the drives and starting over but at least you should run virus and spyware checkers, use more than 1 of each, 2 or 3 of each--use spybot, malwarebytes and then your virus software and then one other. You may even want to use a USB or DVD boot drive with a virus scanner to be 100% sure, especially if you can't find what was causing the uploading of masses of data.

Author Closing Comment

ID: 41856854
All seems to be working well - as the threat has now removed - so the need to do this is no longer relevant.

If needed in the future - and let's hope not - your comments will be useful.

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Every now and then, Microsoft does something that totally impresses me. It doesn't happen often, but in this case I must say I am thoroughly impressed with Windows Server Backup. One of the long time issues with Windows Backup has been the ability t…
The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
In this Micro Tutorial viewers will learn how to use Windows Server Backup to create full image of their system. Tutorial shows how to install Windows Server Backup Feature on Windows 2012R2 and how to configure scheduled Bare Metal Recovery backup.…
In this Micro Tutorial viewers will learn how they can get their files copied out from their unbootable system without need to use recovery services. As an example non-bootable Windows 2012R2 installation is used which has boot problems.

821 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question