J
JFriesz83
Earlier this Fall we had a attack that encrypted some of our servers and we are seeing some of the repercussions now. We paid to have get the key to decyrpt the files and I believe some of these cleanup efforts may of broken a few of our 2016 servers. Some of the cleanup was running a application with psexec at system level to decrypt files.
Here is what behavior we are seeing mainly on file servers and a DC.
Shares are not accessible. Only way we have found to allow this as a workaround is stop the BFE service.
It seems the Firewall service is also corrupt because when we attempt to start the service it fails with "Windows could not start the Windows Firewall on Local Computer...... error code 2.
When the attack occurred it deleted the Cryptographic and Windows Firewall reg keys. I exported from a healthy Windows 2016 Standard server and after restarting the services would work.
About 2 months ago these servers started to show issues with the above BFE were known to cause issues from troubleshooting file share access issues.
I have ran all DISM commands and sfc /scannow but these issues still prevail. I have also reviewed the steps to check permissions in the registry for shareaccess and BFE and MpsSvc permissions and its all as it should be.
I am stumped and I don't want to rebuild 3 servers if anyone has a clue about where I can look next. I have good backups for 2 but one is a DC and I don't think that will be a option its c drive.
Continue reading...
Here is what behavior we are seeing mainly on file servers and a DC.
Shares are not accessible. Only way we have found to allow this as a workaround is stop the BFE service.
It seems the Firewall service is also corrupt because when we attempt to start the service it fails with "Windows could not start the Windows Firewall on Local Computer...... error code 2.
When the attack occurred it deleted the Cryptographic and Windows Firewall reg keys. I exported from a healthy Windows 2016 Standard server and after restarting the services would work.
About 2 months ago these servers started to show issues with the above BFE were known to cause issues from troubleshooting file share access issues.
I have ran all DISM commands and sfc /scannow but these issues still prevail. I have also reviewed the steps to check permissions in the registry for shareaccess and BFE and MpsSvc permissions and its all as it should be.
I am stumped and I don't want to rebuild 3 servers if anyone has a clue about where I can look next. I have good backups for 2 but one is a DC and I don't think that will be a option its c drive.
Continue reading...