-1

We have a Windows Server 2016 version 1607 build 14393.3274 instance running on a Dell R710 with H700 11TB array, 128GB RAM and 2x X5680 @3.33GHz 6-core each. Over the last 7-10 days, it has started "deteriorating".

  • First, some Windows programs on workstations (running latest Windows 10) like Quickbooks start crashing for no reason. We thought it was the workstation at fault, so we built a new workstation from scratch, it works fine, then starts displaying the same symptoms as soon as it joins the domain.
  • Second, on the DC itself, some Window UI elements are broken. start menu
  • Third, yesterday the RRAS broke and we were left unable to connect to it using L2TP like we had been able to before.

This morning, we restored the registry to a backup from 7 days ago. This brought VPN back, and some UI elements were fixed, but some are still broken. We were thinking of performing a full image restore to something like 7 days ago, but it is risky by itself - hopefully somebody can suggest possible solutions!

Mr. TA
  • 109
  • 1
  • 5
  • What attachment? – InterLinked Nov 23 '19 at 20:05
  • How is "we have A server" compatible with best practices and documentation demanding a minimum of 2? – TomTom Nov 24 '19 at 09:18
  • @TomTom do you mean a minimum of 2 DCs? Good point. We're a small business with less than 10 workstations. These things aren't free, you know. – Mr. TA Nov 24 '19 at 14:44
  • 4
    I know. We are a small company with 5 people. We STILL have 2 domain controllers because guess what, I care about having enough uptime. They are not free, but 3 developers loosing a day of work is a LOT more expensive than a 2nd standard license. – TomTom Nov 24 '19 at 16:11
  • Also, a standard license allows running two virtual machines on Hyper-V. That's how you can avoid running all 3rd party services on a DC even with limited hardware. If you can only afford one physical server, you could e.g. do that & run a secondary DC on a lightweight Azure VM subscription. – Esa Jokinen Nov 24 '19 at 16:47
  • Also, given `Dell R710 with H700 11TB array, 128GB RAM and 2x X5680` that IS expensive and could easily be split into two less expensive servers, so that's a bad excuse. – Esa Jokinen Nov 24 '19 at 16:49
  • Sounds like you have a domain controller exposed to the internet with a lot of other services running on it. This could be malware related or some other compromise. – Appleoddity Nov 25 '19 at 05:23

1 Answers1

1

We solved it by performing a full restore to a 20-day old Acronis backup, then restoring AD to a current backup.

As commenters noted, having a single DC is risky. We will be converting the server to VMware ESXi and running 2 VM DCs, as well as other VMs to run other non-AD services, to reduce these risks.

Thanks all.

Mr. TA
  • 109
  • 1
  • 5