question

MichaelShavel-4752 avatar image
0 Votes"
MichaelShavel-4752 asked AndyDavid rolled back

Exchange 2016 - Two nodes - One compromised

Hi,
I have Ex 2016 running on Two node - Ex 2016-1 and Ex2016-2 running a DAG.
My users connect to -1 and all of my DB's are currently on -1.

It appears my -2 node has been infected with the new Hafnium compromise.
I am not able to log into my -2 server and have that verified with my server company Rackspace.
They are bringing Microsoft into it to determine if it is Hafnium.

My question is this:
What do I have to do (in as much detail as possible), to remove/disentangle my -2 server from my set up and, for the time being, only have the -1 server running.

I am able to connect to -1 and have Exchange running fine on it with my DB's all on -1.

I would think all I need to do is break the DAG and then I can power off -2 and get the OS reinstalled and then re-create a DAG with -1 later.

Thanks
Mike

office-exchange-server-administration
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

AndyDavid avatar image
0 Votes"
AndyDavid answered AndyDavid rolled back

Remove the databases from the server2 ( you can do this from Server1)

https://docs.microsoft.com/en-us/exchange/high-availability/manage-ha/remove-db-copies?view=exchserver-2019


Then remove Server 2 from the DAG:

https://docs.microsoft.com/en-us/exchange/high-availability/manage-ha/dag-memberships?view=exchserver-2019#use-the-exchange-management-shell-to-manage-database-availability-group-membership

If it wont let you, remove via the configuration switch:

Example:
Remove-DatabaseAvailabilityGroupServer -Identity DAG2 -MailboxServer Server2 -ConfigurationOnly



Now remove Server1 from the DAG as well using the steps above if you want.
The DAG can remain as is with no members







5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.