What's going on with the domain?

M

MaxxDamage2021-02-26 09:52:47

Windows Server

MaxxDamage, 2021-02-26 09:52:47

Please help me with another problem. Something happened to the domain server (aka DNS server, aka DHCP server). There are literally some glitches with it - errors of entering network shares are pouring in, I tried to remove one machine from the domain, when I add it back I get an error - the network path was not found. Can you tell me what to check first? Desirable in detail.

UPD
It turned out that the CD was infected with some rubbish. After treatment with Cureit, it did not get better, but in addition, the ability to connect to it via RDP disappeared. The picture is similar on other computers infected with the same rubbish. Where to dig now and what to repair is an open question ...

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

D

Dmitry, 2021-02-26
@mexxy

Windows Logs (System, Security)

M

Maxim Grishin, 2021-03-01
@vesper-bot

Where to dig and what to fix - I would simply re-create the domain, enter still uninfected machines into the new domain, and turn off the old CD and erase it if it is a VM. And on the new CD, at least I would set a policy that prohibits SMB1 for the server, especially if it's 2008R2 - most likely, a worm came through SMB1. If this is not possible, deploy another CD, enter dcpromo into the domain, transfer roles, then stop the broken CD and check if the domain is working. If yes, OK, otherwise fix the replication and then still kill the instance eaten by the virus.