Solved

Re-installing Windows Server 2012 Essentials - the best way?

Posted on 2016-10-19
5
28 Views
Last Modified: 2016-10-24
A have a Server running Windows 2012 R2 Essentials. It has been likely struck with some software that has turned it into a Zombie as it is uploading vast amounts of data.

I have not been able to solve this issue and have therefore made the decision to re-install the Server. (See my other question for further details regarding this )

Can anyone please advise the best way to do this to avoid minimal re-configuration?

General Information
1.      The Server has 4TB raid configuration with two partition - a 500GB partition for the OS and all programs. The rest of the data is on the other partition
2.      The server is essentially a Domain controller and file server looking after 10 workstations. All the users are using folder redirection. Email is supplied by Exchange Online.
3.      The backup is done onto external hard drive using the built-in backup of Windows essentials.  I don’t want to use it to fully restore the server as the problem started after the last backup and I am worried it would bring the problem back.

My main concern is the user data and re-logging in of the user. If, for example, I re-install on the OS partition and leave the data partition as is and set folder redirection to point to the folder on this partition, will the user log in OK and pick up their data as before?

Any advice very much appreciated.
0
Comment
Question by:Markieboy1
  • 2
  • 2
5 Comments
 
LVL 78

Accepted Solution

by:
David Johnson, CD, MVP earned 250 total points
Comment Utility
The best solution that I can think of is to create a new server on different hardware (not server essentials) a trial of standard will work for this scenario.make it an additional domain controller, create a DFS share for your user data, let it replicate, change your redirected folders gpo to point to the DFS share
Seize the fsmo roles from essentials to the new server
export the dhcp server and import it into the new server
now you can remove and reinstall the Essentials Server. setup DFS and point it to the redirected folder location(s) you setup now reverse the steps, after the redirected folders are now pointing to the essentials server you can remove the DFS link to the standard server,
Better if you can find the problem.
0
 
LVL 24

Assisted Solution

by:lionelmm
lionelmm earned 250 total points
Comment Utility
Since this is such a small network, 1 server and 10 workstations and because your Server is compromised I would simply
1) copy any user data to an external drive
2) export your GPOs
3) export any printers and
4) make a final full server backup
and then shutdown the compromised server and start over. I would do a full reformat of the drives to make sure that the offending/compromising "whatever" that caused this problem is gone.

In terms of total time this is the quickest and easiest to get yourself operational again. The fact that you say it is compromised and a "zombie" means to me you are much better off to "kill the zombie" as soon as possible so that it doesn't spread to any of your workstations. Essentials is very easy to setup and will take much less time this way.
0
 

Author Comment

by:Markieboy1
Comment Utility
Many thanks for your comments. I was hoping to avoid copying the user data as a couple of the users have masses of data!

However, It seems I may not need to do anything. Since I left yesterday, the problem has gone away and all is looking good.

I have obviously done something but I am keeping an open mind and see how things go for the next few days. I will therefore keep this question open until I am sure all is well.
0
 
LVL 24

Expert Comment

by:lionelmm
Comment Utility
Well if the server was "doing something" and uploading "masses of data" and you can't find the cause then I would be very, very concerned. Your server may actually be hacked and controlled by a "bot" of some sort. I would still consider reformatting the drives and starting over but at least you should run virus and spyware checkers, use more than 1 of each, 2 or 3 of each--use spybot, malwarebytes and then your virus software and then one other. You may even want to use a USB or DVD boot drive with a virus scanner to be 100% sure, especially if you can't find what was causing the uploading of masses of data.
0
 

Author Closing Comment

by:Markieboy1
Comment Utility
All seems to be working well - as the threat has now removed - so the need to do this is no longer relevant.

If needed in the future - and let's hope not - your comments will be useful.
0

Featured Post

Why do Marketing keep bothering you?

Is your marketing department constantly asking for new email signature updates? Are they requesting a different design for every department? Do they need yet another banner added? Don’t let it get you down! There is an easy way to manage all of these requests...

Join & Write a Comment

Preface There are many applications where some computing systems need have their system clocks running synchronized within a small margin and eventually need to be in sync with the global time. There are different solutions for this, i.e. the W3…
The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
In this Micro Tutorial viewers will learn how to use Boot Corrector from Paragon Rescue Kit Free to identify and fix the boot problems of Windows 7/8/2012R2 etc. As an example is used Windows 2012R2 which lost its active partition flag (often happen…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now