exchage server 2012 services are showing starting ..but not started even after reboot the server.
user outlook status are disconnected.
exchage server 2012 services are showing starting ..but not started even after reboot the server.
user outlook status are disconnected.
Hi, your issue is more related to Exchange server, I will add the Exchange server related tag and remove our network related tag. Thanks for your understanding.
To narrow down the issue, I need to ask the following questions:
1.What is the current CU version of your Exchange server?
You may check it via Control panel > Programs > Programs and Features.
2.Did it work fine before?
If so, what changes have been done before the issue occurs?
For example, did you install security updates?
3.Can you find some error events generated in the Event Viewer > Application log?
If any, please post the detailed information of the events.
(Note: please don't forget to hide your personal information for security)
hi ,
we noticed in our exchange server DNS changing automatically to open DNS (8.8.8.8).we didn't changed but it switchover automatically even after put back our AD IP address as a DNS.
it happening two-three times in a day and email totally not working until revert back the my original DNS.
also noticed some power shell command was running in the server it takes more CPU performance also.
NOTE:
1.curent Cu version is CU14 ,
2.it is working before without any issue ,
3.didnt install any security updates,
Thanks for the information.
Since the current CU version is CU14 which is quite an old version, it is strongly recommended to upgrade to the latest version (CU 23) and install the security updates to protect your server from attack.
Here is a link with more details:
Released: May 2021 Exchange Server Security Updates
Below are some links indicating that DNS being automatically changed to 8.8.8.8 may be caused by HAFNIUM.
Also I noticed you mentioned there are some powershell commands running on the server.
Exchange Server where hacked - Hafnium
Exchange 2016 CU12 compromised
Compromised by HAFNIUM, cleaned using established tools, still see PS events
(Note: Since the websites are not hosted by Microsoft, the links may change without notice. Microsoft does not guarantee the accuracy of this information)
Please go through and follow the advice in this link to determine if the server has been compromised.
Guidance for responders: Investigating and remediating on-premises Exchange Server vulnerabilities
If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Hi Kaelyao and falcon,
Thanks for your support regarding the issues and now we are trying to migrating to new server with version CU23 as suggested.
could you please share some good exchange installation and migration documents because i am not much experienced in to that so it helps me to avoid such errors;
thank you
Hello,
I have to agree with KaelYao that the likelihood that this server has been compromised is extremely high given the CU version it was running, indicating that it has not been properly maintained. I would not only clean up the server as per Kael's instructions, but also advise users to check their mailboxes for contents that if viewed can lead to further compromises in other systems
-Miguel Fra
https://www.falconitservices.com/security/
The general steps of installing a new Exchange 2013 CU23 server would be like:
1.make sure the new hardware meets the Exchange 2013 system requirements
2.install Exchange 2013 prerequisites on the new hardware
You may need to restart the server for a few times.
install the required Windows components.
install .NET Framework 4.8 (instead of .NET Framework 4.7.2) which is required to install security updates later
install Windows Management Framework 4.0
install Microsoft Unified Communications Managed API 4.0, Core Runtime 64-bit
install Visual C++ Redistributable Package for Visual Studio 2012
install Visual C++ Redistributable Package for Visual Studio 2013
3.download Exchange 2013 CU23
4.prepare Schema/AD/Domain with the setup.exe file
follow the three steps in this document: Prepare Active Directory and domains
check if the preparation succeeded via ADSI edit : How do you know this worked?
5.use the setup wizard(click to run setup.exe) or unattended mode (run this command in Powershell: setup.exe /iacceptexchangeserverlicenseterms /mode:install /role:ClientAccess,Mailbox) to install Exchange
References:
Install Exchange 2013 using the Setup wizard
Install Exchange 2013 using unattended mode
6.After you successfully installed Exchange 2013 CU23, please follow this link to install the May 2021 Security Update:
Description of the security update for Microsoft Exchange Server 2019, 2016, and 2013: May 11, 2021 (KB5003435)
download Download Security Update For Exchange Server 2013 Cumulative Update 23 (KB5003435)
don't forget to follow the guide in the link to use Command Prompt and run as administrator to install the security update (the Issue 1 part)
After the new Exchange 2013 CU23 server with the latest security update is installed, you may follow the Exchange Deployment Assistant to migrate the mailboxes.
The assistant will guide you to migrate to a higher version of Exchange server (Exchange 2016 or 2019), but the general steps are similar.
So I suppose you may also follow the guide to migrate to the new server (choose deploy Exchange 2016 and upgrade from Exchange 2013 when asked for information)
The general steps would be like:
Configure external and internal URLs on the new server and install certificate on it
move arbitration mailboxes to the new server
set the SCP record and DNS records to point to the new server
move all the user mailboxes to the new server
shutdown the old server for a few days to check if there are some problems with mail flow or client access
decommission the old server
hi ,
New Exchange 2013 CU23 server is installed on windows 2012 R2 server and all mailbox are migrated .
now the major problem again the power shell command are running in new server and dns changing automatically .if dns changed then client outlook asking password once revert back then mails back normal on outlook client side.
we shutdown the old exchange server after migration .
Hi,
now the major problem again the power shell command are running in new server and dns changing automatically
Please follow the advice in this link: Guidance for responders: Investigating and remediating on-premises Exchange Server vulnerabilities
You may need to use tools by Microsoft (For example, Exchange On-premises Mitigation Tool) to scan your server and remove the malicious scripts on your server.
hi ,
thanks for your valuable support , now the exchange server is normal after install the security patch and updates.
And small issues on some outlook clients because while doing users email migration to new server some users emails are not migrated successfully so , if i send email to that particular account getting bounce back said delivery has failed .
so , i inform that guy to send one test email to me and reply back that email then it works fine or I have to clear my email cache ..
is there any way to clear this issue ? or i have to send test email to every users to make it working.
thanks
now the exchange server is normal after install the security patch and updates.
Glad to hear that!
And small issues on some outlook clients because while doing users email migration to new server some users emails are not migrated successfully so , if i send email to that particular account getting bounce back said delivery has failed .
Please note that our forum recommends asking only one question in one thread, unless the questions are related.
Since this question is not related to the original question, please feel free to create a new thread for this question.
It may help you get quality answers and be helpful to other community members as well.
Thanks for your understanding.
Before creating a new thread, I would recommend adding the following information to the post so that we can get some more information to troubleshoot the problem:
1. How did you move the users? Did you use migration batch in EAC or run new-moverequest in EMS?
2. Did the migration fail on that user mailbox? Is there any detailed error message?
3. Did you receive any NDR messages indicating the failed delivery? Please post a screenshot or in text. (Note: Don't forget to hide your personal information for security)
4. How did you clear the email cache? Did you create a new Outlook profile?
7 people are following this question.