Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

EXOInboundConnector not in desired state output false but the settings where correctly applied/configured in a tenant #2180

Closed
atdheekurteshi opened this issue Aug 5, 2022 · 5 comments · Fixed by #2212 or #2245
Closed

EXOInboundConnector not in desired state output false but the settings where correctly applied/configured in a tenant #2180

atdheekurteshi opened this issue Aug 5, 2022 · 5 comments · Fixed by #2212 or #2245
Assignees
@malauter
Labels
Exchange Online Pending Information

Comments

@atdheekurteshi
Copy link

atdheekurteshi commented Aug 5, 2022
edited

Details of the scenario you tried and the problem that is occurring

EXOInboundConnector below settings are correctly applied/configured in our tenant but I don't understand why are they 'NotInDesiredState'.

When I run the following commands in the Power-Shell everything seems to be working fine for EXOInboundConnector:

Publish-DscConfiguration -Path C:\...\MOFs\MainConfig -Force
Start-DscConfiguration -UseExisting -Force -Verbose -Wait
$res=Test-DscConfiguration -ComputerName localhost -Detailed -Verbose

but the following Power-Shell command

PS C:\Windows\system32> $res.ResourcesNotInDesiredState

ConfigurationName     : MainConfig
DependsOn             :
ModuleName            : Microsoft365DSC
ModuleVersion         : 1.22.720.1
PsDscRunAsCredential  :
ResourceId            : [EXOInboundConnector]Container-91-d8c53542-f7cf-440a-aaca-03948fa774e9
SourceInfo            : ::144::3::EXOInboundConnector
DurationInSeconds     : 0.922
Error                 :
FinalState            :
InDesiredState        : False
InitialState          :
InstanceName          : Container-91-d8c53542-f7cf-440a-aaca-03948fa774e9
RebootRequested       : False
ResourceName          : EXOInboundConnector
StartDate             : 8/5/2022 11:36:35 AM
StateChanged          : False
PSComputerName        : localhost
CimClass              : root/Microsoft/Windows/DesiredStateConfiguration:MSFT_ResourceNotInDesiredState
CimInstanceProperties : {ConfigurationName, DependsOn, ModuleName, ModuleVersion...}
CimSystemProperties   : Microsoft.Management.Infrastructure.CimSystemProperties

ConfigurationName     : MainConfig
DependsOn             :
ModuleName            : Microsoft365DSC
ModuleVersion         : 1.22.720.1
PsDscRunAsCredential  :
ResourceId            : [EXOInboundConnector]Container-92-f064efa7-fa4e-471d-b572-e89a85a98c52
SourceInfo            : ::159::3::EXOInboundConnector
DurationInSeconds     : 0.641
Error                 :
FinalState            :
InDesiredState        : False
InitialState          :
InstanceName          : Container-92-f064efa7-fa4e-471d-b572-e89a85a98c52
RebootRequested       : False
ResourceName          : EXOInboundConnector
StartDate             : 8/5/2022 11:36:36 AM
StateChanged          : False
PSComputerName        : localhost
CimClass              : root/Microsoft/Windows/DesiredStateConfiguration:MSFT_ResourceNotInDesiredState
CimInstanceProperties : {ConfigurationName, DependsOn, ModuleName, ModuleVersion...}
CimSystemProperties   : Microsoft.Management.Infrastructure.CimSystemProperties


PS C:\Windows\system32> $res.ResourcesNotInDesiredState | select ResourceId

ResourceId
----------
[EXOInboundConnector]Container-91-d8c53542-f7cf-440a-aaca-03948fa774e9
[EXOInboundConnector]Container-92-f064efa7-fa4e-471d-b572-e89a85a98c52

outputs the EXOInboundConnector not in desired state

The DSC configuration that is used to reproduce the issue (as detailed as possible)

MOF file extract:

/*
@TargetNode='localhost'
@GeneratedBy=xxx
@GenerationDate=
@GenerationHost=xxx
*/

instance of MSFT_EXOOutboundConnector as $MSFT_EXOOutboundConnector1ref
{
TenantId = "";
 ResourceID = "[EXOOutboundConnector]Container-93-053055ea-84b5-4ce2-9670-2c1d64cbf324";
 ConnectorType = "OnPremises";
 TlsDomain = "";
 Ensure = "Present";
 SourceInfo = "::102::3::EXOOutboundConnector";
 Identity = "To Tor (Restmandant)";
 AllAcceptedDomains = True;
 CertificateThumbprint = "";
 ApplicationId = "";
 ModuleVersion = "1.22.720.1";
 ModuleName = "Microsoft365DSC";
 SmartHosts = {
    ""
};
 UseMXRecord = False;
 TlsSettings = "DomainValidation";

 ConfigurationName = "MainConfig";

};
instance of MSFT_EXOOutboundConnector as $MSFT_EXOOutboundConnector2ref
{
TenantId = "";
 ResourceID = "[EXOOutboundConnector]Container-94-2ab8a4b5-d0e8-4f56-b923-bab200baacb2";
 ConnectorType = "Partner";
 TlsDomain = "";
 Ensure = "Present";
 IsTransportRuleScoped = True;
 SourceInfo = "::116::3::EXOOutboundConnector";
 Identity = "To Tor (iQSuite)";
 CertificateThumbprint = "";
 ApplicationId = "";
 ModuleVersion = "1.22.720.1";
 ModuleName = "Microsoft365DSC";
 SmartHosts = {
    ""
};
 UseMXRecord = False;
 TlsSettings = "DomainValidation";

 ConfigurationName = "MainConfig";

};
instance of MSFT_EXOOutboundConnector as $MSFT_EXOOutboundConnector3ref
{
RecipientDomains = {
    "*"
};
 TenantId = "";
 ResourceID = "[EXOOutboundConnector]Container-95-fe55d70d-739d-4fee-bc68-129031e30133";
 ConnectorType = "Partner";
 TlsDomain = "";
 Ensure = "Present";
 SourceInfo = "::130::3::EXOOutboundConnector";
 Identity = "To Bac (Extern)";
 CertificateThumbprint = "";
 ApplicationId = "";
 ModuleVersion = "1.22.720.1";
 ModuleName = "Microsoft365DSC";
 SmartHosts = {
    ""
};
 UseMXRecord = False;
 TlsSettings = "DomainValidation";

 ConfigurationName = "MainConfig";

};
instance of MSFT_EXOInboundConnector as $MSFT_EXOInboundConnector1ref
{
SenderDomains = {
    "*"
};
 TenantId = "";
 RestrictDomainsToCertificate = True;
 ResourceID = "[EXOInboundConnector]Container-91-d8c53542-f7cf-440a-aaca-03948fa774e9";
 TlsSenderCertificateName = "";
 ConnectorType = "Partner";
 Ensure = "Present";
 Comment = "Reject mail not routed through ";
 SourceInfo = "::144::3::EXOInboundConnector";
 Identity = "Allow From iQSuite Only";
 CertificateThumbprint = "";
 ApplicationId = "";
 ModuleVersion = "1.22.720.1";
 ModuleName = "Microsoft365DSC";
 RequireTls = True;
 EFSkipLastIP = True;

 ConfigurationName = "MainConfig";

};
instance of MSFT_EXOInboundConnector as $MSFT_EXOInboundConnector2ref
{
SenderDomains = {
    "*"
};
 TenantId = "";
 TreatMessagesAsInternal = True;
 ResourceID = "[EXOInboundConnector]Container-92-f064efa7-fa4e-471d-b572-e89a85a98c52";
 TlsSenderCertificateName = "";
 ConnectorType = "OnPremises";
 Ensure = "Present";
 SourceInfo = "::159::3::EXOInboundConnector";
 Identity = "From iQSuite";
 CertificateThumbprint = "";
 ApplicationId = "";
 ModuleVersion = "1.22.720.1";
 ModuleName = "Microsoft365DSC";
 RequireTls = True;
 EFSkipLastIP = True;

 ConfigurationName = "MainConfig";

};
instance of MSFT_EXOTransportRule as $MSFT_EXOTransportRule1ref
{
RejectMessageReasonText = "Die Mailfunktion steht aktuell nicht zur Verfügung.";
 TenantId = "";
 Priority = "0";
 Name = "Bounce All Mails";
 ResourceID = "[EXOTransportRule]Container-117-bae617de-725d-4313-a317-029cd5c5eb0c";
 SetAuditSeverity = "DoNotAudit";
 Comments = "Mailfunktion unterbinden für Pilotuser";
 Ensure = "Present";
 SourceInfo = "::173::3::EXOTransportRule";
 CertificateThumbprint = "";
 ApplicationId = "";
 ModuleVersion = "1.22.720.1";
 ModuleName = "Microsoft365DSC";

 ConfigurationName = "MainConfig";

};
instance of MSFT_EXOTransportRule as $MSFT_EXOTransportRule2ref
{
RejectMessageReasonText = "Bitte die Mailempfänger überprüfen, da eine ungültige Adresse gefunden wurde.";
 TenantId = "";
 Priority = "1";
 Name = "Bounce Mails to ";
 ResourceID = "[EXOTransportRule]Container-96-e95685d7-60a1-427e-9e73-b3fc1f9effd0";
 SetAuditSeverity = "DoNotAudit";
 Comments = "E-Mails adressiert an ‚‘ verwerfen. Diese Adresse taucht als Antwortadresse bei migrierten Mails auf, die nicht aufgelöst werden konnten.";
 Ensure = "Present";
 RecipientDomainIs = {
    ""
};
 SourceInfo = "::185::3::EXOTransportRule";
 CertificateThumbprint = "";
 ApplicationId = "";
 ModuleVersion = "1.22.720.1";
 ModuleName = "Microsoft365DSC";

 ConfigurationName = "MainConfig";

};
instance of MSFT_EXOTransportRule as $MSFT_EXOTransportRule3ref
{
RejectMessageReasonText = "Die automatische Weiterleitung von E-Mails an einen externen Empfänger ist aus Sicherheitsgründen nicht gestattet.";
 TenantId = "";
 Priority = "2";
 Name = "Automatische Mailweiterleitung verbieten";
 ResourceID = "[EXOTransportRule]Container-97-a6184a12-8723-4d8d-b98d-9e665b84326e";
 SentToScope = "NotInOrganization";
 SetAuditSeverity = "DoNotAudit";
 Comments = "Verbietet die Automatische Weiterleitung an externe Adressen";
 Ensure = "Present";
 SourceInfo = "::198::3::EXOTransportRule";
 CertificateThumbprint = "";
 ApplicationId = "";
 ModuleVersion = "1.22.720.1";
 ModuleName = "Microsoft365DSC";
 MessageTypeMatches = "AutoForward";

 ConfigurationName = "MainConfig";

};
instance of MSFT_EXOTransportRule as $MSFT_EXOTransportRule4ref
{
TenantId = "";
 SetHeaderValue = "Bypass";
 Name = "Bypass iQ.Suite für Teams Channel Meetings";
 Priority = "3";
 SetAuditSeverity = "DoNotAudit";
 ResourceID = "[EXOTransportRule]Container-98-7d5697f7-a8d3-425a-89c2-543c2fce0876";
 SetHeaderName = "X-RZ-IQSuite";
 Ensure = "Present";
 RecipientDomainIs = {
    ""
};
 SourceInfo = "::212::3::EXOTransportRule";
 CertificateThumbprint = "";
 ApplicationId = "";
 ModuleVersion = "1.22.720.1";
 ModuleName = "Microsoft365DSC";
 StopRuleProcessing = True;
 MessageTypeMatches = "Calendaring";
 FromScope = "InOrganization";

 ConfigurationName = "MainConfig";

};
instance of MSFT_EXOTransportRule as $MSFT_EXOTransportRule5ref
{
TenantId = "";
 Priority = "4";
 Name = "Weiterleitung zu TOR (iQSuite)";
 ResourceID = "[EXOTransportRule]Container-99-cf9063a2-fc90-4f5e-8937-20280dba9052";
 ExceptIfHeaderMatchesPatterns = {
    "^test223"
};
 SetAuditSeverity = "DoNotAudit";
 RouteMessageOutboundConnector = "To Tor (iQSuite)";
 SetHeaderName = "x-iq-tenantid";
 Ensure = "Present";
 SetHeaderValue = "test223";
 SourceInfo = "::228::3::EXOTransportRule";
 CertificateThumbprint = "";
 ApplicationId = "";
 ModuleVersion = "1.22.720.1";
 ModuleName = "Microsoft365DSC";
 ExceptIfHeaderMatchesMessageHeader = "X-RZ-MMDONE";
 RuleErrorAction = "Defer";

 ConfigurationName = "MainConfig";

};
instance of MSFT_EXOTransportRule as $MSFT_EXOTransportRule6ref
{
TenantId = "";
 Priority = "5";
 Name = "Spamfilterung umgehen (nach IQ.Suite)";
 ResourceID = "[EXOTransportRule]Container-100-93adbcb5-175e-493e-95e8-9dd94bebfc5c";
 HeaderMatchesMessageHeader = "X-RZ-MMDONE";
 HeaderMatchesPatterns = {
    "^test223"
};
 SetSCL = "-1";
 Ensure = "Present";
 SourceInfo = "::244::3::EXOTransportRule";
 SetAuditSeverity = "DoNotAudit";
 CertificateThumbprint = "";
 ApplicationId = "";
 ModuleVersion = "1.22.720.1";
 ModuleName = "Microsoft365DSC";

 ConfigurationName = "MainConfig";

};
instance of MSFT_EXOTransportRule as $MSFT_EXOTransportRule7ref
{
TenantId = "";
 Priority = "6";
 Name = "X-Header X-RZ-MMDONE entfernen";
 ResourceID = "[EXOTransportRule]Container-101-6038502c-d64e-4959-9588-f9653948bbc7";
 HeaderMatchesMessageHeader = "X-RZ-MMDONE";
 RemoveHeader = "X-RZ-MMDONE";
 HeaderMatchesPatterns = {
    "^test223"
};
 Ensure = "Present";
 SourceInfo = "::257::3::EXOTransportRule";
 SetAuditSeverity = "DoNotAudit";
 CertificateThumbprint = "";
 ApplicationId = "";
 ModuleVersion = "1.22.720.1";
 ModuleName = "Microsoft365DSC";

 ConfigurationName = "MainConfig";

};
instance of OMI_ConfigurationDocument


                    {
 Version="2.0.0";
 

                        MinimumCompatibleVersion = "1.0.0";
 

                        CompatibleVersionAdditionalProperties= {"Omi_BaseResource:ConfigurationName"};
 

                        Author="";
 

                        GenerationDate="";
 

                        GenerationHost="xxx";


                        ContentType="PasswordEncrypted";
 

                        Name="MainConfig";


                    };

#### The operating system the target node is running
<!--
    Please provide as much as possible about the target node, for example
    edition, version, build and language.
    On OS with WMF 5.1 the following command can help get this information.

OsName               : Microsoft Windows 10 Pro
OsOperatingSystemSKU : 48
OsArchitecture       : 64-bit
WindowsVersion       : 2009
WindowsBuildLabEx    : 19041.1.amd64fre.vb_release.191206-1406
OsLanguage           : en-US
OsMuiLanguages       : {en-US, de-DE}

-->

#### Version of the DSC module that was used ('dev' if using current dev branch)
1.22.720.1
@atdheekurteshi atdheekurteshi changed the title EXOInboundConnector, SPOSharingSettings not in desired state output false but the settings where correctly configured in a tenant EXOInboundConnector, SPOSharingSettings not in desired state output false but the settings where correctly applied/configured in a tenant Aug 5, 2022
@andikrueger
Copy link
Collaborator

Could you share the verbose log of the Test-DSCConfiguration or the Event Log items? Within the Windows Event Log there should be a full overview of which settings are marked as drifted.

@atdheekurteshi atdheekurteshi changed the title EXOInboundConnector, SPOSharingSettings not in desired state output false but the settings where correctly applied/configured in a tenant EXOInboundConnector not in desired state output false but the settings where correctly applied/configured in a tenant Aug 8, 2022
@atdheekurteshi
Copy link
Author

atdheekurteshi commented Aug 8, 2022
edited

@andikrueger

Here it is:

Log Name: M365DSC
Source: MSFT_EXOInboundConnector
Date: 8/5/2022 11:32:18 AM
Event ID: 1
Task Category: (1)
Level: Warning
Keywords: Classic
User: N/A
Computer:
Description:



smtp:;1



From iQSuite
OnPremises
True
True


True
Present
True


Event Xml:



1
0
3
1
0
0x80000000000000

1977


M365DSC




<M365DSCEvent>
<ConfigurationDrift Source="MSFT_EXOInboundConnector">
<ParametersNotInDesiredState>
<Param Name="SenderDomains"><CurrentValue>smtp:;1</CurrentValue><DesiredValue></DesiredValue></Param>
</ParametersNotInDesiredState>
</ConfigurationDrift>
<DesiredValues>
<Param Name ="Identity">From iQSuite</Param>
<Param Name ="ConnectorType">OnPremises</Param>
<Param Name ="EFSkipLastIP">True</Param>
<Param Name ="RequireTls">True</Param>
<Param Name ="SenderDomains"></Param>
<Param Name ="TlsSenderCertificateName"></Param>
<Param Name ="TreatMessagesAsInternal">True</Param>
<Param Name ="Ensure">Present</Param>
<Param Name ="Verbose">True</Param>
</DesiredValues>
</M365DSCEvent>

Log Name: M365DSC
Source: MSFT_EXOInboundConnector
Date: 8/5/2022 11:32:17 AM
Event ID: 1
Task Category: (1)
Level: Warning
Keywords: Classic
User: N/A
Computer:
Description:



smtp:;1



Allow From iQSuite Only
Reject mail not routed through Atruvia
Partner
True
True
True


Present
True


Event Xml:



1
0
3
1
0
0x80000000000000

1976


M365DSC




<M365DSCEvent>
<ConfigurationDrift Source="MSFT_EXOInboundConnector">
<ParametersNotInDesiredState>
<Param Name="SenderDomains"><CurrentValue>smtp:;1</CurrentValue><DesiredValue></DesiredValue></Param>
</ParametersNotInDesiredState>
</ConfigurationDrift>
<DesiredValues>
<Param Name ="Identity">Allow From iQSuite Only</Param>
<Param Name ="Comment">Reject mail not routed through Atruvia</Param>
<Param Name ="ConnectorType">Partner</Param>
<Param Name ="EFSkipLastIP">True</Param>
<Param Name ="RequireTls">True</Param>
<Param Name ="RestrictDomainsToCertificate">True</Param>
<Param Name ="SenderDomains"></Param>
<Param Name ="TlsSenderCertificateName"></Param>
<Param Name ="Ensure">Present</Param>
<Param Name ="Verbose">True</Param>
</DesiredValues>
</M365DSCEvent>

@andikrueger
Copy link
Collaborator

This one marks the value of SenderDomains to be not in desired state. The current value is smtp:;1 @malauter Do you have an idea about the root cause of this issue?

@malauter
Copy link
Member

Sorry, I was out of office. I will have a look on this during the next days.

@malauter
Copy link
Member

EXO stores the value of sender domains as smtp:;1 e.g. contoso.com is smtp:contoso.com;1 or * is smtp:*;1
It is working if you use this syntax also in your DSC configuration file.
I will try to add something to the code to convert the values for the comparison.

@malauter malauter self-assigned this Aug 23, 2022
@malauter malauter mentioned this issue Aug 24, 2022
Merged
@NikCharlebois NikCharlebois mentioned this issue Sep 1, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@malauter malauter

Labels
Exchange Online Pending Information
Projects
None yet
Milestone
No milestone
3 participants
@atdheekurteshi @andikrueger @malauter