Exchange 2016 - Two nodes - One compromised

Michael Shavel 21 Reputation points
2021-04-02T16:54:09.907+00:00

Hi,
I have Ex 2016 running on Two node - Ex 2016-1 and Ex2016-2 running a DAG.
My users connect to -1 and all of my DB's are currently on -1.

It appears my -2 node has been infected with the new Hafnium compromise.
I am not able to log into my -2 server and have that verified with my server company Rackspace.
They are bringing Microsoft into it to determine if it is Hafnium.

My question is this:
What do I have to do (in as much detail as possible), to remove/disentangle my -2 server from my set up and, for the time being, only have the -1 server running.

I am able to connect to -1 and have Exchange running fine on it with my DB's all on -1.

I would think all I need to do is break the DAG and then I can power off -2 and get the OS reinstalled and then re-create a DAG with -1 later.

Thanks
Mike

Exchange Server Management
Exchange Server Management
Exchange Server: A family of Microsoft client/server messaging and collaboration software.Management: The act or process of organizing, handling, directing or controlling something.
7,284 questions
0 comments No comments
{count} votes

Accepted answer
  1. Andy David - MVP 139.8K Reputation points MVP
    2021-04-02T18:16:46.777+00:00

    Remove the databases from the server2 ( you can do this from Server1)

    https://learn.microsoft.com/en-us/exchange/high-availability/manage-ha/remove-db-copies?view=exchserver-2019

    Then remove Server 2 from the DAG:

    https://learn.microsoft.com/en-us/exchange/high-availability/manage-ha/dag-memberships?view=exchserver-2019#use-the-exchange-management-shell-to-manage-database-availability-group-membership

    If it wont let you, remove via the configuration switch:

    Example:
    Remove-DatabaseAvailabilityGroupServer -Identity DAG2 -MailboxServer Server2 -ConfigurationOnly

    Now remove Server1 from the DAG as well using the steps above if you want.
    The DAG can remain as is with no members

    0 comments No comments

0 additional answers

Sort by: Most helpful