Sure you the server is not compromised?
Have you applied the lasest CU plus SU plus the needed mitigations?
Microsoft Exchange 2016 Server - OAB URL issue
Hi All,
We found an issue in our client OAB URL, the default URL is randomly changed by itself like this capture below:
The impact of this issue is on every Outlook user it will automatically ask to re-login and the Autodiscover will be detected as a Trojan on our client Antivirus:
Our temporary solution is changing the affected URL on OAB to our client's default URL, and sometimes we need to restart our client Node (mailbox server) which was affected, then the URL returns to normal.
This repeatedly happens at random, please tell us if there's a permanent solution for this issue.
Thank you.
2 answers
Sort by: Most helpful
-
Andy David - MVP 145.6K Reputation points MVP
2022-10-28T12:00:21.267+00:00 -
LilyLi2-MSFT 1,981 Reputation points
2022-10-31T06:44:25.823+00:00 Hi @Support Eranyacloud ,
What is your Exchange server version?
It looks like your server has been attacked.First, it is recommended to remove and rebuild the OAB virtual directory:
To delete an existing OAB virtual directory:Remove-OabVirtualDirectory -Identity "EX01-2016\OAB (Default Web Site)" -Confirm:$false -Force
To rebuild the OAB virtual directory:
New-OabVirtualDirectory -Server "EX01-2016" -InternalUrl "https://mail.exoip.com/OAB" -ExternalUrl "https://mail.exoip.com/OAB"
Second, if your Exchange version is not up to date, some vulnerabilities in Exchange can cause attacks on your server, so it is recommended that you upgrade to the latest SU and then verify whether the issue still occurs.
If an Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.