Go Premium for a chance to win a PS4. Enter to Win


Re-installing Windows Server 2012 Essentials - the best way?

Posted on 2016-10-19
Medium Priority
Last Modified: 2016-10-24
A have a Server running Windows 2012 R2 Essentials. It has been likely struck with some software that has turned it into a Zombie as it is uploading vast amounts of data.

I have not been able to solve this issue and have therefore made the decision to re-install the Server. (See my other question for further details regarding this )

Can anyone please advise the best way to do this to avoid minimal re-configuration?

General Information
1.      The Server has 4TB raid configuration with two partition - a 500GB partition for the OS and all programs. The rest of the data is on the other partition
2.      The server is essentially a Domain controller and file server looking after 10 workstations. All the users are using folder redirection. Email is supplied by Exchange Online.
3.      The backup is done onto external hard drive using the built-in backup of Windows essentials.  I don’t want to use it to fully restore the server as the problem started after the last backup and I am worried it would bring the problem back.

My main concern is the user data and re-logging in of the user. If, for example, I re-install on the OS partition and leave the data partition as is and set folder redirection to point to the folder on this partition, will the user log in OK and pick up their data as before?

Any advice very much appreciated.
Question by:Markieboy1
  • 2
  • 2
LVL 84

Accepted Solution

David Johnson, CD, MVP earned 1000 total points
ID: 41851522
The best solution that I can think of is to create a new server on different hardware (not server essentials) a trial of standard will work for this scenario.make it an additional domain controller, create a DFS share for your user data, let it replicate, change your redirected folders gpo to point to the DFS share
Seize the fsmo roles from essentials to the new server
export the dhcp server and import it into the new server
now you can remove and reinstall the Essentials Server. setup DFS and point it to the redirected folder location(s) you setup now reverse the steps, after the redirected folders are now pointing to the essentials server you can remove the DFS link to the standard server,
Better if you can find the problem.
LVL 26

Assisted Solution

by:Lionel MM
Lionel MM earned 1000 total points
ID: 41851823
Since this is such a small network, 1 server and 10 workstations and because your Server is compromised I would simply
1) copy any user data to an external drive
2) export your GPOs
3) export any printers and
4) make a final full server backup
and then shutdown the compromised server and start over. I would do a full reformat of the drives to make sure that the offending/compromising "whatever" that caused this problem is gone.

In terms of total time this is the quickest and easiest to get yourself operational again. The fact that you say it is compromised and a "zombie" means to me you are much better off to "kill the zombie" as soon as possible so that it doesn't spread to any of your workstations. Essentials is very easy to setup and will take much less time this way.

Author Comment

ID: 41851881
Many thanks for your comments. I was hoping to avoid copying the user data as a couple of the users have masses of data!

However, It seems I may not need to do anything. Since I left yesterday, the problem has gone away and all is looking good.

I have obviously done something but I am keeping an open mind and see how things go for the next few days. I will therefore keep this question open until I am sure all is well.
LVL 26

Expert Comment

by:Lionel MM
ID: 41852275
Well if the server was "doing something" and uploading "masses of data" and you can't find the cause then I would be very, very concerned. Your server may actually be hacked and controlled by a "bot" of some sort. I would still consider reformatting the drives and starting over but at least you should run virus and spyware checkers, use more than 1 of each, 2 or 3 of each--use spybot, malwarebytes and then your virus software and then one other. You may even want to use a USB or DVD boot drive with a virus scanner to be 100% sure, especially if you can't find what was causing the uploading of masses of data.

Author Closing Comment

ID: 41856854
All seems to be working well - as the threat has now removed - so the need to do this is no longer relevant.

If needed in the future - and let's hope not - your comments will be useful.

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

OfficeMate Freezes on login or does not load after login credentials are input.
Eseutil Hard Recovery is part of exchange tool and ensures Exchange mailbox data recovery when mailbox gets corrupt due to some problem on Exchange server.
In this Micro Tutorial viewers will learn how to use Windows Server Backup to create full image of their system. Tutorial shows how to install Windows Server Backup Feature on Windows 2012R2 and how to configure scheduled Bare Metal Recovery backup.…
This tutorial will walk an individual through the process of installing of Data Protection Manager on a server running Windows Server 2012 R2, including the prerequisites. Microsoft .Net 3.5 is required. To install this feature, go to Server Manager…
Suggested Courses

824 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question