From 139a1f15ca8ffd2e3c02de6e546075321108f53e Mon Sep 17 00:00:00 2001 From: iserrano76 Date: Tue, 28 Feb 2023 18:53:45 +0100 Subject: [PATCH 1/4] False Warning with ServerList parameter --- .../HealthChecker/Features/Get-LoadBalancingReport.ps1 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Diagnostics/HealthChecker/Features/Get-LoadBalancingReport.ps1 b/Diagnostics/HealthChecker/Features/Get-LoadBalancingReport.ps1 index 5bb2d41404..df7e6b09a4 100644 --- a/Diagnostics/HealthChecker/Features/Get-LoadBalancingReport.ps1 +++ b/Diagnostics/HealthChecker/Features/Get-LoadBalancingReport.ps1 @@ -26,7 +26,7 @@ function Get-LoadBalancingReport { $CASServers = $getExchangeServer | Where-Object { ($_.IsClientAccessServer -eq $true) -and ($_.AdminDisplayVersion -Match "^Version 15") } | Sort-Object Name $MBXServers = $getExchangeServer | Where-Object { ($_.IsMailboxServer -eq $true) -and ($_.AdminDisplayVersion -Match "^Version 15") } | Sort-Object Name } else { - Write-Grey("Custom server list is being used. Only servers specified after the -ServerList parameter will be used in the report.") + Write-Grey("Custom server list is being used. Only servers specified after the -ServerList parameter will be used in the report.") $CASServers = $getExchangeServer | Where-Object { ($_.IsClientAccessServer -eq $true) -and ( ($_.Name -in $ServerList) -or ($_.FQDN -in $ServerList) ) } | Sort-Object Name $MBXServers = $getExchangeServer | Where-Object { ($_.IsMailboxServer -eq $true) -and ( ($_.Name -in $ServerList) -or ($_.FQDN -in $ServerList) ) } | Sort-Object Name } @@ -43,7 +43,7 @@ function Get-LoadBalancingReport { } foreach ($server in $ServerList) { - if ($server -notin $CASServers -and $server -notin $MBXServers) { + if ($server -notin $CASServers.Name -and $server -notin $MBXServers.Name) { Write-Warning "$server was not found as an Exchange server." } } From ce2f088fc484bce06cccd19b9c96347a4d360100 Mon Sep 17 00:00:00 2001 From: iserrano76 Date: Wed, 1 Mar 2023 12:00:54 +0100 Subject: [PATCH 2/4] Reduced the objects MBXServers and CASServers --- .../Features/Get-LoadBalancingReport.ps1 | 22 +++++++++---------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/Diagnostics/HealthChecker/Features/Get-LoadBalancingReport.ps1 b/Diagnostics/HealthChecker/Features/Get-LoadBalancingReport.ps1 index df7e6b09a4..8a2046f0d5 100644 --- a/Diagnostics/HealthChecker/Features/Get-LoadBalancingReport.ps1 +++ b/Diagnostics/HealthChecker/Features/Get-LoadBalancingReport.ps1 @@ -7,28 +7,28 @@ function Get-LoadBalancingReport { Write-Verbose "Calling: $($MyInvocation.MyCommand)" $CASServers = @() $MBXServers = @() - $getExchangeServer = Get-ExchangeServer + $getExchangeServer = Get-ExchangeServer | Select-Object Name, Site, IsClientAccessServer, IsMailboxServer, AdminDisplayVersion, FQDN if ($SiteName -ne [string]::Empty) { Write-Grey("Site filtering ON. Only Exchange 2013+ CAS servers in {0} will be used in the report." -f $SiteName) $CASServers = $getExchangeServer | Where-Object { ($_.IsClientAccessServer -eq $true) -and ($_.AdminDisplayVersion -Match "^Version 15") -and - ([System.Convert]::ToString($_.Site).Split("/")[-1] -eq $SiteName) } | Sort-Object Name + ([System.Convert]::ToString($_.Site).Split("/")[-1] -eq $SiteName) } | Select-Object Name, Site | Sort-Object Name Write-Grey("Site filtering ON. Only Exchange 2013+ MBX servers in {0} will be used in the report." -f $SiteName) $MBXServers = $getExchangeServer | Where-Object { ($_.IsMailboxServer -eq $true) -and ($_.AdminDisplayVersion -Match "^Version 15") -and - ([System.Convert]::ToString($_.Site).Split("/")[-1] -eq $SiteName) } | Sort-Object Name + ([System.Convert]::ToString($_.Site).Split("/")[-1] -eq $SiteName) } | Select-Object Name, Site | Sort-Object Name } else { if ( ($null -eq $ServerList) ) { Write-Grey("Filtering OFF. All Exchange 2013+ servers will be used in the report.") - $CASServers = $getExchangeServer | Where-Object { ($_.IsClientAccessServer -eq $true) -and ($_.AdminDisplayVersion -Match "^Version 15") } | Sort-Object Name - $MBXServers = $getExchangeServer | Where-Object { ($_.IsMailboxServer -eq $true) -and ($_.AdminDisplayVersion -Match "^Version 15") } | Sort-Object Name + $CASServers = $getExchangeServer | Where-Object { ($_.IsClientAccessServer -eq $true) -and ($_.AdminDisplayVersion -Match "^Version 15") } | Select-Object Name, Site | Sort-Object Name + $MBXServers = $getExchangeServer | Where-Object { ($_.IsMailboxServer -eq $true) -and ($_.AdminDisplayVersion -Match "^Version 15") } | Select-Object Name, Site | Sort-Object Name } else { Write-Grey("Custom server list is being used. Only servers specified after the -ServerList parameter will be used in the report.") - $CASServers = $getExchangeServer | Where-Object { ($_.IsClientAccessServer -eq $true) -and ( ($_.Name -in $ServerList) -or ($_.FQDN -in $ServerList) ) } | Sort-Object Name - $MBXServers = $getExchangeServer | Where-Object { ($_.IsMailboxServer -eq $true) -and ( ($_.Name -in $ServerList) -or ($_.FQDN -in $ServerList) ) } | Sort-Object Name + $CASServers = $getExchangeServer | Where-Object { ($_.IsClientAccessServer -eq $true) -and ( ($_.Name -in $ServerList) -or ($_.FQDN -in $ServerList) ) } | Select-Object Name, Site | Sort-Object Name + $MBXServers = $getExchangeServer | Where-Object { ($_.IsMailboxServer -eq $true) -and ( ($_.Name -in $ServerList) -or ($_.FQDN -in $ServerList) ) } | Select-Object Name, Site | Sort-Object Name } } @@ -97,7 +97,7 @@ function Get-LoadBalancingReport { $totalBackendStats = [ordered]@{} $currentErrors = $Error.Count - foreach ( $CASServer in $CASServers) { + foreach ( $CASServer in $CASServers.Name) { $DefaultIdSite = Invoke-Command -ComputerName $CASServer -ScriptBlock { (Get-Website "Default Web Site").Id } $FECounters = Get-LocalizedCounterSamples -MachineName $CASServer -Counter @( @@ -141,7 +141,7 @@ function Get-LoadBalancingReport { $keyOrders = $displayKeys.Keys | Sort-Object - foreach ( $MBXServer in $MBXServers) { + foreach ( $MBXServer in $MBXServers.Name) { $BackendIdSite = Invoke-Command -ComputerName $MBXServer -ScriptBlock { (Get-Website "Exchange Back End").Id } $BECounters = Get-LocalizedCounterSamples -MachineName $MBXServer -Counter @( @@ -218,7 +218,7 @@ function Get-LoadBalancingReport { $htmlLoadDetails += "$([System.Environment]::NewLine)$([System.Environment]::NewLine)" foreach ($server in $CASServers) { - $serverKey = $server.Name.ToString() + $serverKey = $server.Name Write-Verbose "Working Server for HTML report $serverKey" $htmlLoadDetails += " $($serverKey) @@ -285,7 +285,7 @@ function Get-LoadBalancingReport { $htmlLoadDetailsBackend += "$([System.Environment]::NewLine)$([System.Environment]::NewLine)" foreach ($server in $MBXServers) { - $serverKey = $server.Name.ToString() + $serverKey = $server.Name Write-Verbose "Working Server for HTML report $serverKey" $htmlLoadDetailsBackend += " $($serverKey) From 1b69c3a0b5e5ce8fda15ae342d28e0105f11d428 Mon Sep 17 00:00:00 2001 From: Lukas Sassl Date: Wed, 1 Mar 2023 12:20:26 +0100 Subject: [PATCH 3/4] Display servers on which the Auth Cert is missing --- .../New-ExchangeAuthCertificate.ps1 | 2 +- .../Get-ExchangeAuthCertificateStatus.ps1 | 2 ++ .../MonitorExchangeAuthCertificate.ps1 | 14 ++++++++++++++ 3 files changed, 17 insertions(+), 1 deletion(-) diff --git a/Admin/MonitorExchangeAuthCertificate/ConfigurationAction/New-ExchangeAuthCertificate.ps1 b/Admin/MonitorExchangeAuthCertificate/ConfigurationAction/New-ExchangeAuthCertificate.ps1 index 7cc9159672..0b3b8c8ce2 100644 --- a/Admin/MonitorExchangeAuthCertificate/ConfigurationAction/New-ExchangeAuthCertificate.ps1 +++ b/Admin/MonitorExchangeAuthCertificate/ConfigurationAction/New-ExchangeAuthCertificate.ps1 @@ -64,7 +64,7 @@ function New-ExchangeAuthCertificate { #> Write-Verbose "Calling: $($MyInvocation.MyCommand)" - $confirmationMessage = "The following actions will be performed:" + + $confirmationMessage = "The following actions will be performed without the need to reconfirm:" + "`r`n - The internal transport certificate will be queried" + "`r`n - A new certificate will be generated, it overrides the internal transport certificate" + "`r`n - The internal transport certificate will be set back to the previous one" + diff --git a/Admin/MonitorExchangeAuthCertificate/DataCollection/Get-ExchangeAuthCertificateStatus.ps1 b/Admin/MonitorExchangeAuthCertificate/DataCollection/Get-ExchangeAuthCertificateStatus.ps1 index 6e8774e16e..92b5ec6567 100644 --- a/Admin/MonitorExchangeAuthCertificate/DataCollection/Get-ExchangeAuthCertificateStatus.ps1 +++ b/Admin/MonitorExchangeAuthCertificate/DataCollection/Get-ExchangeAuthCertificateStatus.ps1 @@ -165,6 +165,8 @@ function Get-ExchangeAuthCertificateStatus { ConfigureNextAuthRequired = $configureNextAuthRequired NumberOfUnreachableServers = $exchangeServersUnreachableList.Count UnreachableServersList = $exchangeServersUnreachableList + AuthCertificateMissingOnServers = $currentAuthCertificateMissingOnServersList + NextAuthCertificateMissingOnServers = $nextAuthCertificateMissingOnServersList HybridSetupDetected = ($null -ne $hybridConfiguration) StopProcessingDueToHybrid = $stopProcessingDueToHybrid MultipleExchangeADSites = $multipleExchangeSites diff --git a/Admin/MonitorExchangeAuthCertificate/MonitorExchangeAuthCertificate.ps1 b/Admin/MonitorExchangeAuthCertificate/MonitorExchangeAuthCertificate.ps1 index 343b318229..1cff6fa29d 100644 --- a/Admin/MonitorExchangeAuthCertificate/MonitorExchangeAuthCertificate.ps1 +++ b/Admin/MonitorExchangeAuthCertificate/MonitorExchangeAuthCertificate.ps1 @@ -532,8 +532,22 @@ function Main { if ($authCertStatus.NumberOfUnreachableServers -gt 0) { Write-Host ("Number of unreachable Exchange servers: $($authCertStatus.NumberOfUnreachableServers)") -ForegroundColor Cyan } + if ($authCertStatus.AuthCertificateMissingOnServers.Count -gt 0) { + Write-Host ("The actively used Auth Certificate is missing on the following servers:") -ForegroundColor Cyan + Write-Host ("$([string]::Join(", ", $authCertStatus.AuthCertificateMissingOnServers))") -ForegroundColor Cyan + } + if ($authCertStatus.NextAuthCertificateMissingOnServers.Count -gt 0) { + Write-Host ("The certificate which is configured as next Auth Certificate is missing on the following servers:") -ForegroundColor Cyan + Write-Host ("$([string]::Join(", ", $authCertStatus.NextAuthCertificateMissingOnServers))") -ForegroundColor Cyan + } Write-Host ("") Write-Host ("Test result: $($renewalActionWording)") -ForegroundColor Cyan + if (($authCertStatus.AuthCertificateMissingOnServers.Count -gt 0) -or + ($authCertStatus.NextAuthCertificateMissingOnServers.Count -gt 0)) { + $certificateMissingOnServersWording = ("`r`nYou should copy the Auth Certificate to the missing servers and re-run the script." + + "`r`nA missing Auth Certificate will cause a new one to be generated by the script.") + Write-Host $certificateMissingOnServersWording -ForegroundColor Cyan + } } if (($renewalActionRequired) -and From 9fedd249324f597b08fec0baa4d3a1edd21bb3fd Mon Sep 17 00:00:00 2001 From: Lukas Sassl Date: Wed, 1 Mar 2023 12:37:34 +0100 Subject: [PATCH 4/4] ExchangeAuthCertificateStatus unit test adjusted --- .../Tests/Get-ExchangeAuthCertificateStatus.Tests.ps1 | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/Admin/MonitorExchangeAuthCertificate/DataCollection/Tests/Get-ExchangeAuthCertificateStatus.Tests.ps1 b/Admin/MonitorExchangeAuthCertificate/DataCollection/Tests/Get-ExchangeAuthCertificateStatus.Tests.ps1 index 88d9390066..37598b9f5a 100644 --- a/Admin/MonitorExchangeAuthCertificate/DataCollection/Tests/Get-ExchangeAuthCertificateStatus.Tests.ps1 +++ b/Admin/MonitorExchangeAuthCertificate/DataCollection/Tests/Get-ExchangeAuthCertificateStatus.Tests.ps1 @@ -202,7 +202,8 @@ Describe "Testing Get-ExchangeAuthCertificateStatus.ps1" { Mock Get-ExchangeServerCertificate { throw [System.InvalidOperationException]::New() } -ParameterFilter { - $Thumbprint -eq "E1BDF9AE58C93C75E76C9DD882138FB8FF0FA786" + ($Thumbprint -eq "E1BDF9AE58C93C75E76C9DD882138FB8FF0FA786") -and + ($Server -eq "E2k16-2.Contoso.lab") } $Script:results = Get-ExchangeAuthCertificateStatus } @@ -212,6 +213,8 @@ Describe "Testing Get-ExchangeAuthCertificateStatus.ps1" { $results.ReplaceRequired | Should -Be $true $results.ConfigureNextAuthRequired | Should -Be $false $results.NumberOfUnreachableServers | Should -Be 0 + $results.AuthCertificateMissingOnServers.Count | Should -Be 1 + $results.AuthCertificateMissingOnServers | Should -Contain "E2k16-2.Contoso.lab" } } @@ -222,7 +225,8 @@ Describe "Testing Get-ExchangeAuthCertificateStatus.ps1" { Mock Get-ExchangeServerCertificate { throw [System.InvalidOperationException]::New() } -ParameterFilter { - $Thumbprint -eq "BC6BF924D6EF046E64F8D1987DC1D7D2F4C0042A" + ($Thumbprint -eq "BC6BF924D6EF046E64F8D1987DC1D7D2F4C0042A") -and + ($Server -eq "E2k16-1.Contoso.lab") } $Script:results = Get-ExchangeAuthCertificateStatus } @@ -233,6 +237,8 @@ Describe "Testing Get-ExchangeAuthCertificateStatus.ps1" { $results.ReplaceRequired | Should -Be $false $results.ConfigureNextAuthRequired | Should -Be $true $results.NumberOfUnreachableServers | Should -Be 0 + $results.NextAuthCertificateMissingOnServers.Count | Should -Be 1 + $results.NextAuthCertificateMissingOnServers | Should -Contain "E2k16-1.Contoso.lab" } }