Tag Archives: unattended setup

Rebuild your Exchange Server (after HAFNIUM infection)

If you are unlucky and your Exchange server is infected because of the HAFNIUM zero-day vulnerability, you must nuke your Exchange server and rebuild it. And I already got the first questions on how to do this. It is not that difficult and does not take days of time if some prerequisites are met of course.

Note. This blog was written with the HAFNIUM infected machines in mind, but from a procedural point of view it can be used for every disaster recovery scenario of course. Also, I used Windows 2012 R2 and Exchange 2013 for this blog, but this procedure can also be used for Exchange 2016 and Exchange 2019.

Basically, what happens is that the old server is forcibly removed (shutdown, delete VM) but that the computer account in AD is not deleted but reset (shown in screenshot below). A new server is built, same OS, same patching, same configuration, same computername and joined to the domain. This way the SID will remain the same, which makes recovering a lot easier.

Rebuilding Windows server including all prerequisite software and Windows patches will take most of the time in this entire process.

You must use the same server version when rebuilding the server. So, if you old server was running Windows 2012 R2, then you MUST use Windows 2021 R2 again. If you try different, bad things will happen.

Exchange is a bit more flexible these days. You can use the /RecoverServer option with a newer Cumulative Update. For example, when your old server is running Exchange 2016 CU11, you can do a /RecoverServer with Exchange 2016 CU19. The only drawback here is that the CU11 version information is stored in Active Directory, and even when CU19 is used, it will show up as CU11 for the AdminDisplayVersion. But that’s cosmetic and will automatically be corrected the next time a new CU is installed.

What you CANNOT do is use /RecoverServer to upgrade to a newer version of Exchange, like upgrading from Exchange 2013 to Exchange 2016. Again, bad things will happen.

Storage with Mailbox database need of course to be kept. If configured on separate disks of VHD’s you must connect these to the new server. Use the same drive letters or mount points. In the screenshot below the old disk with the Mailbox database is mounted to the new VM with Windows 2012 R2. Exchange 2013 is not yet installed on this server.

Note. Instead of my approach (connecting the existing storage) it is also possible to recover the server and restore the mailbox database later from backup. This can range from any backup application to a file level backup of your .EDB file. The latter needs extensive knowledge about the Mailbox database internals and how to deal with that.

When Windows is up and running it is time to install the server. Use the same Cumulative Update for this and use the unattended setup of Exchange with the RecoverServer option. Open a command prompt with elevated privileges and execute the following command:

Z:> Setup.exe /mode:RecoverServer /IAcceptExchangeServerLicenseTerms

Z:\ in this case is the DVD drive letter, but you can use a different drive letter of course.

There’s one catch here. If Exchange is installed in a different location, for example on the D:\ drive, you must use the /TargetDir option to specify the location where the Exchange binaries must be installed.

The /RecoverServer will retrieve all configuration information from Active Directory (instead of using the default settings) and install Exchange using this configuration. For example, all Mailbox database information is stored in Active Directory, so when setup has finished, the ‘new’ server has all the correct Mailbox database information. Even better, after a reboot it will even automatically mount the Mailbox databases.

Some settings are not stored in Active Directory, especially when looking at server specific configuration that are stored in local .config files. OWA customization and SSL Certificates for example that are configured on the server are lost. So, existing documentation of the Exchange server is vital here to quickly rebuild the Exchange server.

After reinstallation, the server was rebooted, I had to mount the Mailbox database manually (but without issues). The following settings I had to configure manually:

  • Import the SSL certificate and bind it to the Exchange services.
  • Set the Exchange Virtual Directories (I did not expect this one).
  • Relocate the SMTP Queue database.

To my surprise the SMTP relay connector that was configured on the Exchange server was available instantly and working correctly.


If you have to rebuild your Exchange server, whether it be it crashed or got infected or something, you can use the Setup.exe /RecoverServer option of Exchange (Exchange 2013 and up). This will retrieve a lot of the information from Active Directory, and if you have the Mailbox databases available you can use these directly without any restore from backup activities.

There are some settings that are still manually configured after the server is recovered, so proper documentation is important to have to make life much easier when recovering.

Last updated: March 10, 2021

Installing Exchange 2013 – Part I

Exchange server 2013 consists of two server roles, the Mailbox Server (sometimes referred to as the back-end) and the Client Access Server (sometimes referred to as the front-end). All clients connect to the CAS Server and the CAS Server proxies the request to the appropriate mailbox server.

It is possible to install the server roles on dedicated servers, multiple Exchange 2013 CAS servers with a hardware load balancer and multiple Exchange 2013 Mailbox servers with a Database Availability Group. This is the preferred way for large companies with lots of mailboxes, lots of servers and maybe multiple (global) datacenter. To be honest, this is where Exchange 2013 is designed for. But it is also possible for smaller organizations to install just two Exchange 2013 server with both roles on it, a DAG for mailbox resiliency and a hardware of software load balancers for the protocol resiliency.

Continue reading Installing Exchange 2013 – Part I

Unattended Setup Exchange 2010

Installing prerequisite software

Before installing the actual Exchange Server the prerequisite software needs to be installed as well. Microsoft has a couple of XML files that can be used with the command-line version of Server Manager, ServerManagerCmd.exe

These XML files can be found in the directory D:\Setup\ServerRoles\Common (where “D” is the installation source, i.e. your DVD or network share) and are named Exchange-Serverrole.XML:


You can start installing the prerequisite by opening a command prompt and execute the following command:

ServerManagerCmd.exe –ip Exchange-Cas.XML

This will install the prerequisite software for the Exchange 2010 Client Access Server. Although the server not always requests to I personally always recommend rebooting the server after installing the prerequisite software.

Preparing Active Directory

To prepare Active Directory for Exchange Server 2010:

setup.com /PrepareExchangeLegacyPermissions

(this step only needs to be performed when upgrading from an earlier version of Exchange)

setup.com /PrepareSchema
setup.com /PrepareAD /OrganizationName:<< name>>

(the /OrganizationName switch can be omitted when upgrading from an earlier version of Exchange)

setup.com /PrepareDomain

Install the Exchange Servers:

To install Exchange 2010 servers from the command line using the setup.com application a number of switches are available:

/mode, can be install, uninstall or upgrade

/role, can be (a combination of) CA, HT, MB, UM, MT (MT = Management Tools)

/UpdatesDir – location on disk where the setup can fine update (i.e. Update Rollup fixes) that will be included when installing Exchange Servers. This does not work when upgrading servers (unfortunately)

/LegacyRoutingServer – The Exchange 2003 SMTP server the Hub Transport Server is using to create a Legacy Routing Group Connector (only used for the 1st Hub Transport Server in an existing Exchange 2003 environment)

/LanguagePack – location on disk where the setup application can find the Language Pack files. Of course these need to be downloaded first

/ExternalCASServerDomain – The external URL the Client Access Server is using for clients accessing the server from the Internet (CAS Server only)

/EnableLecayOutlook – Creates a Public Folder database needed for Outlook 2003 clients (Mailbox Server only)

To install a combined CAS and HUB server:

setup.com /mode:install /role:CA,HT /UpdatesDir:\\InstallShare\ExchangeUpdates /LanguagePack:\\InstallShare\ExchangeLanguagePack\LanguagePackBundle.exe /ExternalCASServerDomain:webmail.contoso.com

To install a Hub Server and connect it to Exchange 2003:

setup.com /mode:install /role:HT /UpdatesDir:\\InstallShare\ExchangeUpdates /LanguagePack:\\InstallShare\ExchangeLanguagePack\LanguagePackBundle.exe /LegacyRoutingServer:2003SMTP.contoso.com

To install a Mailbox Server:

setup.com /mode:install /role:MB /UpdatesDir:\\ InstallShare \ExchangeUpdates /LanguagePack:\\ InstallShare \ExchangeLanguagePack\LanguagePackBundle.exe /EnableLegacyOutlook


Use an answer file

It is also possible to use an answer file for the unattended setup with the /Answerfile:c:\answerfile.txt option. you can use the following options in the answer file:












More information can be found on Microsoft TechNet: http://technet.microsoft.com/en-us/library/aa997281.aspx