Disable Exchange Services for version 2013-keep server running though

Copper Contributor

We have Exchange Server 2013 on a Windows 2012 R2 server running but we no longer use the exchange software for email--the services are still running however. We still need the server for other reasons (DC) and do not want it compromised by Hafnium. What services can we disable to protect the server?

6 Replies

Hi @SOS4SOS ,

 

Note: This is not the best practice to keep DC and exchange on the same server.

 

If the exchange service is completely blocked from the internet, it’s basically safe. But Microsoft still suggests doing the patching ASAP.

 

I will suggest stopping all the Exchange services and DISABLED them permanently to avoid any risk in the future.

 

Thank you,

Regards,
MD

please do like and share this post, if my answer resolved your issue..

Hi @MDadarkar ,

 

Thank you for the reply. Yes we migrated the mailboxes to Exchange online over 2 years ago, but kept exchange services running. Do you mean that by disabling the Exchange Services it is blocked from Internet or is there an additional way to block exchange from Internet-like a port or something? And is there a particular order to disabling services-there are many!

Thank you.

Hi @SOS4SOS ,

 

  1. Disable All Exchange Services 
  2. Block Ports as well.

 

I hope this is informative.

 

Thank you,

Regards,

MD

Will disabliing all services affect any Active Directory functionality since some of the services have some AD services as dependents?

Do you know what ports? thanks

Hi @SOS4SOS ,

 

Do you have a Hybrid configuration??

 

  • If YES, then you cannot disable the Exchange Services.
  • If NO, then you can disable all exchange services.

Please go through with the below link.

 

https://docs.microsoft.com/en-us/exchange/network-ports-for-clients-and-mail-flow-in-exchange-2013-e... 

 

https://practical365.com/exchange-server/how-to-decommission-an-exchange-server-after-office-365-mig... 

 

I hope this is informative..

Thanks again- we will read through the documentation. Not sure yet what you mean by hybrid however. We have migrated to Exchange Online for all email. Would hybrid refer to internal mail, using AD? I believe we used to have that but now we email the external address for internal employees. We are getting rid of this server physically in May and replacing with new DC only.