This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(137.6, 50%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESE%3C/text%3E%3C/svg%3E)
Hi All,
We found an issue in our client OAB URL, the default URL is randomly changed by itself like this capture below:
The impact of this issue is on every Outlook user it will automatically ask to re-login and the Autodiscover will be detected as a Trojan on our client Antivirus:
Our temporary solution is changing the affected URL on OAB to our client's default URL, and sometimes we need to restart our client Node (mailbox server) which was affected, then the URL returns to normal.
This repeatedly happens at random, please tell us if there's a permanent solution for this issue.
Thank you.
Sure you the server is not compromised?
Have you applied the lasest CU plus SU plus the needed mitigations?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(73.60000000000001, 94%, 17%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ELM%3C/text%3E%3C/svg%3E)
Hi @Support Eranyacloud ,
What is your Exchange server version?
It looks like your server has been attacked.
First, it is recommended to remove and rebuild the OAB virtual directory:
To delete an existing OAB virtual directory:
Remove-OabVirtualDirectory -Identity "EX01-2016\OAB (Default Web Site)" -Confirm:$false -Force
To rebuild the OAB virtual directory:
New-OabVirtualDirectory -Server "EX01-2016" -InternalUrl "https://mail.exoip.com/OAB" -ExternalUrl "https://mail.exoip.com/OAB"
Second, if your Exchange version is not up to date, some vulnerabilities in Exchange can cause attacks on your server, so it is recommended that you upgrade to the latest SU and then verify whether the issue still occurs.
If an Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Hi,
Just checking if your issue has any update, if it has been resolved, please kindly mark the helpful post or share your solution, which would benefit others who also has this issue.
Warm thanks.