SIGforum.com    Main Page  Hop To Forum Categories  The Lounge    Microsoft Exchange Issue
Go
New
Find
Notify
Tools
Reply
  
Microsoft Exchange Issue Login/Join 
I have lived the
greatest adventure
Picture of AUTiger89
posted
Okay, we use Exchange on our in-house mail server. It's running on Windows Server 2012 R2.

Saturday night it stopped working. I checked Sunday and a bunch of the Exchange services aren't started, and won't start manually. I tried to run Windows Update, and it tells me there's a security update for Exchange. When I try and run it, I get error 80070643, which I find indicates that there is an issue with the .NET Framework installation. So I try and run the .NET Framework repair tool, and it tells me it can't repair the installation.

Things I have tried:
1. Renaming the SoftwareDistribution folder (stopping WUAUSERV and BITS).
2. Rebooting
3. Shutting down my anti-virus while doing all of this. I did run AV just to check for viruses.
4. Running the .NET Framework Repair Tool. It un-registers, re-registers, and re-starts the Windows Installer service, then tries to repair the framework (v4.8), but doesn't fix the problem. I checked the logs, but didn't see anything that jumps out at me.
5. I ran SFC to see if it could repair the system files. Found no files in need of repair.

Any suggestions?




Phone's ringing, Dude.
 
Posts: 6199 | Location: Upstate SC | Registered: April 06, 2011Reply With QuoteReport This Post
Member
Picture of Shaql
posted Hide Post
You're aware of the massive exchange hack, right?

https://www.cbsnews.com/news/m...r-hack-what-to-know/





Hedley Lamarr: Wait, wait, wait. I'm unarmed.
Bart: Alright, we'll settle this like men, with our fists.
Hedley Lamarr: Sorry, I just remembered . . . I am armed.
 
Posts: 6915 | Location: Atlanta | Registered: April 23, 2006Reply With QuoteReport This Post
I have lived the
greatest adventure
Picture of AUTiger89
posted Hide Post
quote:
Originally posted by Shaql:
You're aware of the massive exchange hack, right?

https://www.cbsnews.com/news/m...r-hack-what-to-know/

No, I wasn't. Ugh.

But I kept my servers updated.

Working on the response measures now. Thanks for the heads-up!




Phone's ringing, Dude.
 
Posts: 6199 | Location: Upstate SC | Registered: April 06, 2011Reply With QuoteReport This Post
quarter MOA visionary
Picture of smschulz
posted Hide Post
What is your Exchange version?
 
Posts: 23408 | Location: Houston, TX | Registered: June 11, 2006Reply With QuoteReport This Post
I have lived the
greatest adventure
Picture of AUTiger89
posted Hide Post
quote:
Originally posted by smschulz:
What is your Exchange version?

2013




Phone's ringing, Dude.
 
Posts: 6199 | Location: Upstate SC | Registered: April 06, 2011Reply With QuoteReport This Post
member
Picture of henryaz
posted Hide Post
quote:
Originally posted by AUTiger89:
No, I wasn't. Ugh.

But I kept my servers updated.

Thousands were compromised before MS could get the patches out. Also in the brief period before patches were applied. Many have been hacked by multiple hacking groups. There are still many out there that are unpatched. Frown The compromise gives the hacker complete Administrative access to the server. ASFAIK, nuke and pave is the solution, and keep it off the Internet until all patches are applied.
 
I remember the earlier versions of Exchange server (prior to OWA), where MS strongly recommended that the Exchange server NOT be Internet facing. We used a Linux machine as our MX, which forwarded mail to and from the internal Exchange server.



When in doubt, mumble
 
Posts: 10887 | Location: South Congress AZ | Registered: May 27, 2006Reply With QuoteReport This Post
I have lived the
greatest adventure
Picture of AUTiger89
posted Hide Post
quote:
Originally posted by henryaz:
quote:
Originally posted by AUTiger89:
No, I wasn't. Ugh.

But I kept my servers updated.

Thousands were compromised before MS could get the patches out. Also in the brief period before patches were applied. Many have been hacked by multiple hacking groups. There are still many out there that are unpatched. Frown The compromise gives the hacker complete Administrative access to the server. ASFAIK, nuke and pave is the solution, and keep it off the Internet until all patches are applied.
 
I remember the earlier versions of Exchange server (prior to OWA), where MS strongly recommended that the Exchange server NOT be Internet facing. We used a Linux machine as our MX, which forwarded mail to and from the internal Exchange server.

Yep, that's what I'm finding. Nothing I have tried has worked yet, but I'm still working on it.

Looks like we're going to have to move to an e-mail service provider.




Phone's ringing, Dude.
 
Posts: 6199 | Location: Upstate SC | Registered: April 06, 2011Reply With QuoteReport This Post
Member
posted Hide Post
OS level, can you reapply the latest Service Pack and then retry .NET?


There is something good and motherly about Washington, the grand old benevolent National Asylum for the helpless.
- Mark Twain The Gilded Age

#CNNblackmail #CNNmemewar
 
Posts: 706 | Location: Seacoast in USA | Registered: September 24, 2007Reply With QuoteReport This Post
quarter MOA visionary
Picture of smschulz
posted Hide Post
It is unlikely that a hack is causing this.
However, since this can ver very involved with many variables I ws hesitant to offer a solution.
I did find this in a Google search (in the olden days we were give CD's and then DVD's with KB on them called Technet) but I digress:

https://info.summit7systems.co...-patch-fix-kb4045655

There are other online sources too.

Good Luck
 
Posts: 23408 | Location: Houston, TX | Registered: June 11, 2006Reply With QuoteReport This Post
Info Guru
Picture of BamaJeepster
posted Hide Post
We moved away from on premise so long ago I don't have any relevant info that would be helpful and like smschulz says, there are so many variables it would be almost impossible to go back and forth in this format and be of any help. However, on this point

quote:
Originally posted by AUTiger89:
Looks like we're going to have to move to an e-mail service provider.


When you switch to O365 (or any provider), make sure you enable multifactor authentication or you will get compromised within the first few weeks of conversion. I've seen it first hand multiple times - don't let your users complaints and bellyaches sway you - suck it up and do it from the get go and they will get used to it, otherwise go ahead and brush off your breach response plan because it will happen sooner rather than later.



“Facts are stubborn things; and whatever may be our wishes, our inclinations, or the dictates of our passions, they cannot alter the state of facts and evidence.”
- John Adams
 
Posts: 29408 | Location: In the red hinterlands of Deep Blue VA | Registered: June 29, 2001Reply With QuoteReport This Post
I have lived the
greatest adventure
Picture of AUTiger89
posted Hide Post
Okay, so I was never able to get any of Microsoft's mitigation steps to work, so we migrated to Office 365. All we have left is to import our old Exchange EDB file.

Man, what an exhausting few days.

Thanks for all the help and advice, everyone!




Phone's ringing, Dude.
 
Posts: 6199 | Location: Upstate SC | Registered: April 06, 2011Reply With QuoteReport This Post
  Powered by Social Strata  
 

SIGforum.com    Main Page  Hop To Forum Categories  The Lounge    Microsoft Exchange Issue

© SIGforum 2024