question

DennisWade-7156 avatar image
0 Votes"
DennisWade-7156 asked DennisWade-7156 action

Issue with Exchange Server 2016 after Win32/IISExchgSpawnCMD.A

Hello all, First, thanks in advance for reading my post, and I welcome any and all responses. Tolerance would be appreciated as this is very new to me but I am the only one available to try to get this problem corrected. On to the issue; our on-premises Exchange 2016 server was compromised and showed infection with several viruses. The most difficult to deal with was Win32/IISExchgSpawnCMD.A . I am confident that all traces of the viruses have been removed, but am still unable to get mail flowing to/from our server at this time. MS connectivity tool tells me that port 25 is blocked. I suspect there is a DNS issue - in looking through the log files /TransportRoles/Frontend/Connectivity I can see a clear demarcation between before and after. Before the server FQDN was giving a local address (10.0.0.x) and after it gives the public address (216.131.x.x). The hosts file has an entry for our local server, the NIC has the local server address as well (it is our internal DNS server). I am at a loss as to where to go to correct this problem. Can anyone offer tips on what/where to fix this problem? Dennis

windows-dhcp-dnsoffice-exchange-server-itpro
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.


Please run netstat -aon|findstr "25" to make sure port 25 is in listening status. Also Temporarily turn off the firewall to see if the issue still occurs.

0 Votes 0 ·

0 Answers