Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Release 10-4-23 #1845

Merged
merged 13 commits into from
Oct 4, 2023
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,8 @@ function Invoke-AnalyzerExchangeInformation {
$keyExchangeInformation = Get-DisplayResultsGroupingKey -Name "Exchange Information" -DisplayOrder $Order
$exchangeInformation = $HealthServerObject.ExchangeInformation
$hardwareInformation = $HealthServerObject.HardwareInformation
$getWebServicesVirtualDirectory = $exchangeInformation.VirtualDirectories.GetWebServicesVirtualDirectory |
Where-Object { $_.Name -eq "EWS (Default Web Site)" }

$baseParams = @{
AnalyzedInformation = $AnalyzeResults
Expand Down Expand Up @@ -208,8 +210,8 @@ function Invoke-AnalyzerExchangeInformation {
if ($exchangeInformation.GetExchangeServer.IsEdgeServer -eq $false) {

Write-Verbose "Working on MRS Proxy Settings"
$mrsProxyDetails = $exchangeInformation.GetWebServicesVirtualDirectory.MRSProxyEnabled
if ($exchangeInformation.GetWebServicesVirtualDirectory.MRSProxyEnabled) {
$mrsProxyDetails = $getWebServicesVirtualDirectory.MRSProxyEnabled
if ($getWebServicesVirtualDirectory.MRSProxyEnabled) {
$mrsProxyDetails = "$mrsProxyDetails`n`r`t`tKeep MRS Proxy disabled if you do not plan to move mailboxes cross-forest or remote"
$mrsProxyWriteType = "Yellow"
} else {
Expand Down Expand Up @@ -294,10 +296,10 @@ function Invoke-AnalyzerExchangeInformation {
}
Add-AnalyzedResultInformation @params

if (-not ([string]::IsNullOrWhiteSpace($exchangeInformation.GetWebServicesVirtualDirectory.InternalNLBBypassUrl))) {
if (-not ([string]::IsNullOrWhiteSpace($getWebServicesVirtualDirectory.InternalNLBBypassUrl))) {
$params = $baseParams + @{
Name = "EWS Internal Bypass URL Set"
Details = "$($exchangeInformation.GetWebServicesVirtualDirectory.InternalNLBBypassUrl) - Can cause issues after KB 5001779"
Details = "$($getWebServicesVirtualDirectory.InternalNLBBypassUrl) - Can cause issues after KB 5001779"
DisplayWriteType = "Red"
}
Add-AnalyzedResultInformation @params
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -76,4 +76,33 @@ function Invoke-AnalyzerOrganizationInformation {
}
Add-AnalyzedResultInformation @params
}

if ($null -ne $organizationInformation.GetDynamicDgPublicFolderMailboxes -and
$organizationInformation.GetDynamicDgPublicFolderMailboxes.Count -ne 0) {
$displayWriteType = "Green"

if ($organizationInformation.GetDynamicDgPublicFolderMailboxes.Count -gt 1) {
$displayWriteType = "Red"
}

$params = $baseParams + @{
Name = "Dynamic Distribution Group Public Folder Mailboxes Count"
Details = $organizationInformation.GetDynamicDgPublicFolderMailboxes.Count
DisplayWriteType = $displayWriteType
}

Add-AnalyzedResultInformation @params

if ($displayWriteType -ne "Green") {
$params = $baseParams + @{
Details = "More Information: https://aka.ms/HC-DynamicDgPublicFolderMailboxes"
DisplayCustomTabNumber = 2
DisplayWriteType = "Yellow"
}

Add-AnalyzedResultInformation @params
}
} else {
Write-Verbose "No Dynamic Distribution Group Public Folder Mailboxes found to review."
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,8 @@ function Invoke-AnalyzerSecurityCve-2021-1730 {
$SecurityObject.IsEdgeServer -eq $false) {

$downloadDomainsEnabled = $SecurityObject.OrgInformation.EnableDownloadDomains
$owaVDirObject = $SecurityObject.ExchangeInformation.GetOwaVirtualDirectory
$owaVDirObject = $SecurityObject.ExchangeInformation.VirtualDirectories.GetOwaVirtualDirectory |
Where-Object { $_.Name -eq "owa (Default Web Site)" }
$displayWriteType = "Green"

if (-not ($downloadDomainsEnabled)) {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -100,10 +100,18 @@ function Invoke-AnalyzerSecuritySerializedDataSigningState {
}
Add-AnalyzedResultInformation @params

if ($null -ne $additionalSerializedDataSigningDisplayValue) {
# Always display if not true
if (-not ($serializedDataSigningState -eq $true)) {
$addLine = "This may pose a security risk to your servers`r`n`t`tMore Information: https://aka.ms/HC-SerializedDataSigning"

if ($null -ne $additionalSerializedDataSigningDisplayValue) {
$details = "$additionalSerializedDataSigningDisplayValue`r`n`t`t$addLine"
} else {
$details = $addLine
}

$params = $baseParams + @{
Details = $additionalSerializedDataSigningDisplayValue +
"`r`n`t`tThis may pose a security risk to your servers`r`n`t`tMore Information: https://aka.ms/HC-SerializedDataSigning"
Details = $details
DisplayWriteType = $serializedDataSigningWriteType
DisplayCustomTabNumber = 2
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@
. $PSScriptRoot\Get-ExchangeServerCertificates.ps1
. $PSScriptRoot\Get-ExchangeServerMaintenanceState.ps1
. $PSScriptRoot\Get-ExchangeUpdates.ps1
. $PSScriptRoot\Get-ExchangeVirtualDirectories.ps1
. $PSScriptRoot\Get-ExSetupDetails.ps1
. $PSScriptRoot\Get-FIPFSScanEngineVersionState.ps1
. $PSScriptRoot\Get-ServerRole.ps1
Expand Down Expand Up @@ -55,13 +56,7 @@ function Get-ExchangeInformation {
Invoke-CatchActions
}

try {
$getOwaVirtualDirectory = Get-OwaVirtualDirectory -Identity ("{0}\owa (Default Web Site)" -f $Server) -ADPropertiesOnly -ErrorAction Stop
$getWebServicesVirtualDirectory = Get-WebServicesVirtualDirectory -Server $Server -ErrorAction Stop
} catch {
Write-Verbose "Failed to get OWA or EWS virtual directory"
Invoke-CatchActions
}
$getExchangeVirtualDirectories = Get-ExchangeVirtualDirectories -Server $Server

$registryValues = Get-ExchangeRegistryValues -MachineName $Server -CatchActionFunction ${Function:Invoke-CatchActions}
$serverExchangeBinDirectory = [System.Io.Path]::Combine($registryValues.MsiInstallPath, "Bin\")
Expand Down Expand Up @@ -161,9 +156,8 @@ function Get-ExchangeInformation {
return [PSCustomObject]@{
BuildInformation = $buildInformation
GetExchangeServer = $getExchangeServer
VirtualDirectories = $getExchangeVirtualDirectories
GetMailboxServer = $getMailboxServer
GetOwaVirtualDirectory = $getOwaVirtualDirectory
GetWebServicesVirtualDirectory = $getWebServicesVirtualDirectory
ExtendedProtectionConfig = $extendedProtectionConfig
ExchangeConnectors = $exchangeConnectors
ExchangeServicesNotRunning = [array]$exchangeServicesNotRunning
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,111 @@
# Copyright (c) Microsoft Corporation.
# Licensed under the MIT License.

. $PSScriptRoot\..\..\..\..\Shared\ErrorMonitorFunctions.ps1

function Get-ExchangeVirtualDirectories {
param(
[Parameter(Mandatory = $true)]
[string]$Server
)
begin {
Write-Verbose "Calling: $($MyInvocation.MyCommand)"

$failedString = "Failed to get {0} virtual directory."
$getActiveSyncVirtualDirectory = $null
$getAutoDiscoverVirtualDirectory = $null
$getEcpVirtualDirectory = $null
$getMapiVirtualDirectory = $null
$getOabVirtualDirectory = $null
$getOutlookAnywhere = $null
$getOwaVirtualDirectory = $null
$getPowerShellVirtualDirectory = $null
$getWebServicesVirtualDirectory = $null
$paramsNoShow = @{
Server = $Server
ErrorAction = "Stop"
ADPropertiesOnly = $true
}
$params = $paramsNoShow + @{
ShowMailboxVirtualDirectories = $true
}
}
process {
try {
$getActiveSyncVirtualDirectory = Get-ActiveSyncVirtualDirectory @params
} catch {
Write-Verbose ($failedString -f "EAS")
Invoke-CatchActions
}

try {
$getAutoDiscoverVirtualDirectory = Get-AutodiscoverVirtualDirectory @params
} catch {
Write-Verbose ($failedString -f "Autodiscover")
Invoke-CatchActions
}

try {
$getEcpVirtualDirectory = Get-EcpVirtualDirectory @params
} catch {
Write-Verbose ($failedString -f "ECP")
Invoke-CatchActions
}

try {
# Doesn't have ShowMailboxVirtualDirectories
$getMapiVirtualDirectory = Get-MapiVirtualDirectory @paramsNoShow
} catch {
Write-Verbose ($failedString -f "Mapi")
Invoke-CatchActions
}

try {
$getOabVirtualDirectory = Get-OabVirtualDirectory @params
} catch {
Write-Verbose ($failedString -f "OAB")
Invoke-CatchActions
}

try {
$getOutlookAnywhere = Get-OutlookAnywhere @params
} catch {
Write-Verbose ($failedString -f "Outlook Anywhere")
Invoke-CatchActions
}

try {
$getOwaVirtualDirectory = Get-OwaVirtualDirectory @params
} catch {
Write-Verbose ($failedString -f "OWA")
Invoke-CatchActions
}

try {
$getPowerShellVirtualDirectory = Get-PowerShellVirtualDirectory @params
} catch {
Write-Verbose ($failedString -f "PowerShell")
Invoke-CatchActions
}

try {
$getWebServicesVirtualDirectory = Get-WebServicesVirtualDirectory @params
} catch {
Write-Verbose ($failedString -f "EWS")
Invoke-CatchActions
}
}
end {
return [PSCustomObject]@{
GetActiveSyncVirtualDirectory = $getActiveSyncVirtualDirectory
GetAutoDiscoverVirtualDirectory = $getAutoDiscoverVirtualDirectory
GetEcpVirtualDirectory = $getEcpVirtualDirectory
GetMapiVirtualDirectory = $getMapiVirtualDirectory
GetOabVirtualDirectory = $getOabVirtualDirectory
GetOutlookAnywhere = $getOutlookAnywhere
GetOwaVirtualDirectory = $getOwaVirtualDirectory
GetPowerShellVirtualDirectory = $getPowerShellVirtualDirectory
GetWebServicesVirtualDirectory = $getWebServicesVirtualDirectory
}
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -66,6 +66,13 @@ function Get-OrganizationInformation {
$wellKnownSecurityGroups = Get-ExchangeWellKnownSecurityGroups
$isSplitADPermissions = Get-ExchangeADSplitPermissionsEnabled -CatchActionFunction ${Function:Invoke-CatchActions}

try {
$getDdgPublicFolders = @(Get-DynamicDistributionGroup "PublicFolderMailboxes*" -IncludeSystemObjects -ErrorAction "Stop")
} catch {
Write-Verbose "Failed to get the dynamic distribution group for public folder mailboxes."
Invoke-CatchActions
}

try {
$rootDSE = [ADSI]("LDAP://$([System.DirectoryServices.ActiveDirectory.Domain]::GetComputerDomain().Name)/RootDSE")
$directorySearcher = New-Object System.DirectoryServices.DirectorySearcher
Expand Down Expand Up @@ -123,18 +130,19 @@ function Get-OrganizationInformation {
}
} end {
return [PSCustomObject]@{
GetOrganizationConfig = $organizationConfig
DomainsAclPermissions = $domainsAclPermissions
WellKnownSecurityGroups = $wellKnownSecurityGroups
AdSchemaInformation = $adSchemaInformation
GetHybridConfiguration = $getHybridConfiguration
EnableDownloadDomains = $enableDownloadDomains
GetAcceptedDomain = $getAcceptedDomain
MapiHttpEnabled = $mapiHttpEnabled
SecurityResults = $securityResults
IsSplitADPermissions = $isSplitADPermissions
ADSiteCount = $adSiteCount
GetSettingOverride = $getSettingOverride
GetOrganizationConfig = $organizationConfig
DomainsAclPermissions = $domainsAclPermissions
WellKnownSecurityGroups = $wellKnownSecurityGroups
AdSchemaInformation = $adSchemaInformation
GetHybridConfiguration = $getHybridConfiguration
EnableDownloadDomains = $enableDownloadDomains
GetAcceptedDomain = $getAcceptedDomain
MapiHttpEnabled = $mapiHttpEnabled
SecurityResults = $securityResults
IsSplitADPermissions = $isSplitADPermissions
ADSiteCount = $adSiteCount
GetSettingOverride = $getSettingOverride
GetDynamicDgPublicFolderMailboxes = $getDdgPublicFolders
}
}
}
2 changes: 2 additions & 0 deletions Diagnostics/HealthChecker/Features/Get-HealthCheckerData.ps1
Original file line number Diff line number Diff line change
Expand Up @@ -113,6 +113,8 @@ function Get-HealthCheckerData {
} catch {
Write-Red "Failed to Health Checker against $serverName"
$failedServerList.Add($serverName)
# Try to handle the issue so we don't get a false positive report.
Invoke-CatchActions
continue
}

Expand Down
2 changes: 2 additions & 0 deletions Diagnostics/HealthChecker/HealthChecker.ps1
Original file line number Diff line number Diff line change
Expand Up @@ -172,6 +172,7 @@ begin {
. $PSScriptRoot\..\..\Shared\LoggerFunctions.ps1
. $PSScriptRoot\..\..\Shared\OutputOverrides\Write-Host.ps1
. $PSScriptRoot\..\..\Shared\OutputOverrides\Write-Verbose.ps1
. $PSScriptRoot\..\..\Shared\OutputOverrides\Write-Warning.ps1
. $PSScriptRoot\..\..\Shared\ScriptUpdateFunctions\Test-ScriptVersion.ps1

$BuildVersion = ""
Expand All @@ -192,6 +193,7 @@ begin {
-ErrorAction SilentlyContinue
SetProperForegroundColor
SetWriteVerboseAction ${Function:Write-DebugLog}
SetWriteWarningAction ${Function:Write-DebugLog}
} process {
$Server | ForEach-Object { $Script:ServerNameList.Add($_.ToUpper()) }
} end {
Expand Down
Loading