Muhammad Asif
asked on
Ways to move ahead after Ransomware has afftected the Exchange server?
We have DAG with 3 Exchange servers. Today morning one server has been affected by Ransomware and we have shutdown the server immeditialy and we are not going to on the server again.
Now what should we need to do?
Case1 : Do we need to build the new server again and will install the Exchange on it. After it we will try to remove the server? If this is best approach then can you please let us know any best method to remove the server from the DAG and then from Exchange environment?
Case 2: Can we restore the server from snapshot or from backup software? Is it fine to restore the server from backup in DAG environment? As I have heared or read somewhere that resote of server from snapshot can be catastrophic. Please comment.
Now what should we need to do?
Case1 : Do we need to build the new server again and will install the Exchange on it. After it we will try to remove the server? If this is best approach then can you please let us know any best method to remove the server from the DAG and then from Exchange environment?
Case 2: Can we restore the server from snapshot or from backup software? Is it fine to restore the server from backup in DAG environment? As I have heared or read somewhere that resote of server from snapshot can be catastrophic. Please comment.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hi Everyone,
I am going to install the Exchange on brand new machine. However, Exchange 2016 CU1 is installed on other servers and I am not able to find the download of Exchange 2016 CU1 as it seems that this is not available on Microsoft website.
What should I need to do now? If I install the latest Exchange 2016 CU8 on one server then I have to update all other servers as well?
I am going to install the Exchange on brand new machine. However, Exchange 2016 CU1 is installed on other servers and I am not able to find the download of Exchange 2016 CU1 as it seems that this is not available on Microsoft website.
What should I need to do now? If I install the latest Exchange 2016 CU8 on one server then I have to update all other servers as well?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks to all for your guidance on this case.
@btan, thanks for your guidance on this case in detail. Can you please let me know or guide me how ransomeware can be injected in Exchange server?
Question 1: Some infected user has access the Exchange server and transfer some files which have ransomeware or is there any other way to transfer the virus or ransomware to Exchange server?
Question 2: Can you guys please let me know how to remove the affacted server which has been shutdown, from DAG and Exchange environment?
Question 3: Is it fine or easy to recover the server with the command: Setup /m:RecoverServer /IAcceptExchangeServerLice