Go | New | Find | Notify | Tools | Reply |
I have lived the greatest adventure |
Okay, we use Exchange on our in-house mail server. It's running on Windows Server 2012 R2. Saturday night it stopped working. I checked Sunday and a bunch of the Exchange services aren't started, and won't start manually. I tried to run Windows Update, and it tells me there's a security update for Exchange. When I try and run it, I get error 80070643, which I find indicates that there is an issue with the .NET Framework installation. So I try and run the .NET Framework repair tool, and it tells me it can't repair the installation. Things I have tried: 1. Renaming the SoftwareDistribution folder (stopping WUAUSERV and BITS). 2. Rebooting 3. Shutting down my anti-virus while doing all of this. I did run AV just to check for viruses. 4. Running the .NET Framework Repair Tool. It un-registers, re-registers, and re-starts the Windows Installer service, then tries to repair the framework (v4.8), but doesn't fix the problem. I checked the logs, but didn't see anything that jumps out at me. 5. I ran SFC to see if it could repair the system files. Found no files in need of repair. Any suggestions? Phone's ringing, Dude. | ||
|
Member |
You're aware of the massive exchange hack, right? https://www.cbsnews.com/news/m...r-hack-what-to-know/ Hedley Lamarr: Wait, wait, wait. I'm unarmed. Bart: Alright, we'll settle this like men, with our fists. Hedley Lamarr: Sorry, I just remembered . . . I am armed. | |||
|
I have lived the greatest adventure |
No, I wasn't. Ugh. But I kept my servers updated. Working on the response measures now. Thanks for the heads-up! Phone's ringing, Dude. | |||
|
quarter MOA visionary |
What is your Exchange version? | |||
|
I have lived the greatest adventure |
2013 Phone's ringing, Dude. | |||
|
member |
Thousands were compromised before MS could get the patches out. Also in the brief period before patches were applied. Many have been hacked by multiple hacking groups. There are still many out there that are unpatched. The compromise gives the hacker complete Administrative access to the server. ASFAIK, nuke and pave is the solution, and keep it off the Internet until all patches are applied. I remember the earlier versions of Exchange server (prior to OWA), where MS strongly recommended that the Exchange server NOT be Internet facing. We used a Linux machine as our MX, which forwarded mail to and from the internal Exchange server. When in doubt, mumble | |||
|
I have lived the greatest adventure |
Yep, that's what I'm finding. Nothing I have tried has worked yet, but I'm still working on it. Looks like we're going to have to move to an e-mail service provider. Phone's ringing, Dude. | |||
|
Member |
OS level, can you reapply the latest Service Pack and then retry .NET? There is something good and motherly about Washington, the grand old benevolent National Asylum for the helpless. - Mark Twain The Gilded Age #CNNblackmail #CNNmemewar | |||
|
quarter MOA visionary |
It is unlikely that a hack is causing this. However, since this can ver very involved with many variables I ws hesitant to offer a solution. I did find this in a Google search (in the olden days we were give CD's and then DVD's with KB on them called Technet) but I digress: https://info.summit7systems.co...-patch-fix-kb4045655 There are other online sources too. Good Luck | |||
|
Info Guru |
We moved away from on premise so long ago I don't have any relevant info that would be helpful and like smschulz says, there are so many variables it would be almost impossible to go back and forth in this format and be of any help. However, on this point
When you switch to O365 (or any provider), make sure you enable multifactor authentication or you will get compromised within the first few weeks of conversion. I've seen it first hand multiple times - don't let your users complaints and bellyaches sway you - suck it up and do it from the get go and they will get used to it, otherwise go ahead and brush off your breach response plan because it will happen sooner rather than later. “Facts are stubborn things; and whatever may be our wishes, our inclinations, or the dictates of our passions, they cannot alter the state of facts and evidence.” - John Adams | |||
|
I have lived the greatest adventure |
Okay, so I was never able to get any of Microsoft's mitigation steps to work, so we migrated to Office 365. All we have left is to import our old Exchange EDB file. Man, what an exhausting few days. Thanks for all the help and advice, everyone! Phone's ringing, Dude. | |||
|
Powered by Social Strata |
Please Wait. Your request is being processed... |