This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
We have 2 Exchange 2019 Servers.(DAG) single site 2 nodes only
Server1 infected with ProxyShell infection (CU8)
Server2 infected with ProxyShell and halfnium Issue as well ( we had shutdown this server for 12 days now) we installeed CU10 but still same.
now i need to rebuild both exchange servers one by one taking down time
Step1 : Rebuild server1 from recover server mode (downtime will be taken ) email services will be down
Step 2 : redbuild server 2 from recover server mode
Question1 : we should keep the dag or not
Question2 : we can attach same Storage to the new VMs with fresh OS disk correct? both servers?
Question3 : server2 will start replicating the old DBs ( how much days lag can be ?) 12 days its not being repliated now
Thanks , its clear now , i will work on it accordingly
Hi anonymous user ,
For your questions:
Question1 : we should keep the dag or not
Note that running a DAG with different version servers is not suggested. For a DAG node upgreading, better to set the server to maintance mode.
I think for your situation, you should remove the copies, remove the nodes and then remove the DAG. And then install the SU or CU patch separatelyto defende the halfnium. https://techcommunity.microsoft.com/t5/exchange-team-blog/proxyshell-vulnerabilities-and-your-exchange-server/ba-p/2684705
Question2 : we can attach same Storage to the new VMs with fresh OS disk correct? both servers?
I'm not sure, do you mean you want to move the server disk to a new OS? Isn't it installed in C? I believe the AD/DC won't allow us to do that or I didn't get what you mean, please tell me the details.
Question3 : server2 will start replicating the old DBs ( how much days lag can be ?) 12 days its not being repliated now
As I said, two different version servers in one DAG is not suggested, I don't know if that's the reason, but I think you could try restarting the MSExchange Repl service and also check other Exchange related services.
Actually my suggestion is firstly installing the CU10 and July SU to both servers, and then check it with HealthyChecker.
Best regards,
Lou
If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Dear ZhengqiLou-MSFT ,
Thanks for the reply ,
Questoin 2 : we will create new VM with fresh OS disk and attach existing drives of DB to Server1 ( install in recover server mode)
Hi anonymous user ,
Yes, you can do that, and you could recover the legacy server to the latest CU, please read these two articles:
Recover Exchange servers & Recover a database availability group member server in Exchange Server
Best regards,
Lou