Update Invoke-AnalyzerIISInformation.ps1 to verify Exchange Back End website binding [Issue #2209]#2272
Merged
Merged
Conversation
Member
|
@shasagar let's make the commit name more appropriate, Let's also include the issue number in the main PR comment to have it be linked. |
shasagar
changed the title
shasagar
changed the title
| Write-Verbose "Working on IIS Web Sites" | ||
| $outputObjectDisplayValue = New-Object System.Collections.Generic.List[object] | ||
| $problemCertList = New-Object System.Collections.Generic.List[string] | ||
| $exchangeBackEndBindings = @() |
Contributor
There was a problem hiding this comment.
Can we use a List<T> here instead of an array?
Member
There was a problem hiding this comment.
Yeah, probably should being that the other lists above are that way. I was going to say, there is only going to be a few items at most in this list so there really isn't a performance benefit, but it will make more sense if we do it that way based off the other code.
Member
|
/azp run |
|
Azure Pipelines successfully started running 1 pipeline(s). |
Member
|
/azp run |
|
Azure Pipelines successfully started running 1 pipeline(s). |
Modified the code to verify Exchange Backend Site binding and notify if website is bind with single IP.
shasagar
force-pushed
the
ShasagarUpdated-HCIISBindingsCheck
branch
from
eb93f82 to
24dd1d5
Compare
Member
|
/azp run |
|
Azure Pipelines successfully started running 1 pipeline(s). |
dpaulson45
approved these changes
Jan 22, 2025
Member
|
@microsoft-github-policy-service rerun |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Modified the code to verify Exchange Backend Site binding and notify if website is bind with single IP.
Issue:
Healthchecker should check if IIS bindings are correctly configured, especially on the backend website.
Binding should be "all unassigned" and not for a specific IP address.
Reason:
The correct default values on backend should be like this:
Exchange Back End Started False http - *:81: - NULL
https - *:444: - 69DE5CA602D04D03939DA4E2F5BE2D076609B906
Incorrect setting on backend:
Exchange Back End Started False http - *:81: - NULL
https - 192.168.10.48:444: - 69DE5CA602D04D03939DA4E2F5BE2D076609B906
This becomes important when extended protection is enabled. When it is, and the binding is set to a specific IP address of the server the backend will drop the connection with the well known SEC_E_BAD_BNDINGS error; 2148074310.
Fix:
Updated "Diagnostics/HealthChecker/Analyzer/Invoke-AnalyzerIISInformation.ps1" to check Exchange Back End website binding
Resolved #2209
Validation:
Performed test in Lab by removing 'All Unassigned' binding from Exchange Back End website and binding single ip address with port 444