From d530f4df52120b29f8ac91d34a866bf0fe7292d9 Mon Sep 17 00:00:00 2001 From: David Paulson Date: Fri, 29 Sep 2023 12:25:24 -0500 Subject: [PATCH 1/4] Collect applicationHost.config with Log Collector --- .../Write/Write-LargeDataObjectsOnMachine.ps1 | 46 +++++++++++++++++++ 1 file changed, 46 insertions(+) diff --git a/Diagnostics/ExchangeLogCollector/Write/Write-LargeDataObjectsOnMachine.ps1 b/Diagnostics/ExchangeLogCollector/Write/Write-LargeDataObjectsOnMachine.ps1 index 117b3f9714..9e682e70e5 100644 --- a/Diagnostics/ExchangeLogCollector/Write/Write-LargeDataObjectsOnMachine.ps1 +++ b/Diagnostics/ExchangeLogCollector/Write/Write-LargeDataObjectsOnMachine.ps1 @@ -138,6 +138,52 @@ function Write-LargeDataObjectsOnMachine { if (Test-Path $machineConfig) { Copy-Item $machineConfig -Destination ("{0}\{1}_machine.config" -f $webAppPoolsSaveRoot, $env:COMPUTERNAME) } + + $siteConfigs = @{} + # always try to get the hardcoded default + $siteConfigs.Add("applicationHost.config", "$($env:WINDIR)\System32\inetSrv\config\applicationHost.config") + + try { + # default location normally your applicationHost.config + try { + $defaultLocation = Get-WebConfigFile + + if (-not $siteConfigs.ContainsKey($defaultLocation.Name)) { + $siteConfigs.Add($defaultLocation.Name, $defaultLocation.FullName) + } + } catch { + Write-Verbose "Failed to get default web config file path. $_" + } + + $sitesContent.Keys | + ForEach-Object { + try { + $name = $_ + $siteWebFileConfig = Get-WebConfigFile "IIS:\Sites\$($name)" + + $keyName = if ($siteWebFileConfig.Name -eq "web.config") { "$name`_web.config" } else { $siteWebFileConfig.Name } + + if (-not $siteConfigs.ContainsKey($keyName)) { + $siteConfigs.Add($keyName, $siteWebFileConfig.FullName) + } + } catch { + Write-Verbose "Failed to get web config for $name. $_" + } + } + } catch { + Write-Verbose "Failed to get the web config file for the sites. $_" + # remote context, cant call catch actions + } finally { + if ($null -ne $siteConfigs -and + $siteConfigs.Count -gt 0) { + $siteConfigs.Keys | + ForEach-Object { + if ((Test-Path $siteConfigs[$_])) { + Copy-Item $siteConfigs[$_] -Destination ("{0}\{1}_{2}" -f $webAppPoolsSaveRoot, $env:COMPUTERNAME, $_) + } + } + } + } } } From 0a337829e54ace0d73cf20294a1860466d14eca1 Mon Sep 17 00:00:00 2001 From: David Paulson Date: Fri, 29 Sep 2023 15:49:19 -0500 Subject: [PATCH 2/4] Include Pipeline tracing logs in Log Collector --- .../ExchangeLogCollector/ExchangeLogCollector.ps1 | 1 + .../Helpers/Get-ArgumentList.ps1 | 1 + .../Helpers/Test-PossibleCommonScenarios.ps1 | 4 +++- .../RemoteScriptBlock/Invoke-RemoteMain.ps1 | 12 ++++++++++++ docs/Diagnostics/ExchangeLogCollector.md | 3 ++- 5 files changed, 19 insertions(+), 2 deletions(-) diff --git a/Diagnostics/ExchangeLogCollector/ExchangeLogCollector.ps1 b/Diagnostics/ExchangeLogCollector/ExchangeLogCollector.ps1 index b6cf64ea7b..64d213330e 100644 --- a/Diagnostics/ExchangeLogCollector/ExchangeLogCollector.ps1 +++ b/Diagnostics/ExchangeLogCollector/ExchangeLogCollector.ps1 @@ -43,6 +43,7 @@ param ( [switch]$OABLogs, [switch]$OrganizationConfig, [switch]$OWALogs, + [switch]$PipelineTracingLogs, [switch]$PopLogs, [switch]$PowerShellLogs, [switch]$QueueInformation, diff --git a/Diagnostics/ExchangeLogCollector/Helpers/Get-ArgumentList.ps1 b/Diagnostics/ExchangeLogCollector/Helpers/Get-ArgumentList.ps1 index 1e9511ae12..e5ecd88eb4 100644 --- a/Diagnostics/ExchangeLogCollector/Helpers/Get-ArgumentList.ps1 +++ b/Diagnostics/ExchangeLogCollector/Helpers/Get-ArgumentList.ps1 @@ -64,6 +64,7 @@ function Get-ArgumentList { MitigationService = $MitigationService OABLogs = $OABLogs OWALogs = $OWALogs + PipelineTracingLogs = $PipelineTracingLogs PopLogs = $PopLogs PowerShellLogs = $PowerShellLogs QueueInformation = $QueueInformation diff --git a/Diagnostics/ExchangeLogCollector/Helpers/Test-PossibleCommonScenarios.ps1 b/Diagnostics/ExchangeLogCollector/Helpers/Test-PossibleCommonScenarios.ps1 index 842d793539..e8374ea014 100644 --- a/Diagnostics/ExchangeLogCollector/Helpers/Test-PossibleCommonScenarios.ps1 +++ b/Diagnostics/ExchangeLogCollector/Helpers/Test-PossibleCommonScenarios.ps1 @@ -50,6 +50,7 @@ function Test-PossibleCommonScenarios { $Script:MailboxConnectivityLogs = $true $Script:FrontEndProtocolLogs = $true $Script:MailboxDeliveryThrottlingLogs = $true + $Script:PipelineTracingLogs = $true } if ($ConnectivityLogs) { @@ -121,7 +122,8 @@ function Test-PossibleCommonScenarios { $MailboxDeliveryThrottlingLogs -or $TransportAgentLogs -or $TransportRoutingTableLogs -or - $DefaultTransportLogging) { + $DefaultTransportLogging -or + $PipelineTracingLogs) { $Script:AnyTransportSwitchesEnabled = $true } diff --git a/Diagnostics/ExchangeLogCollector/RemoteScriptBlock/Invoke-RemoteMain.ps1 b/Diagnostics/ExchangeLogCollector/RemoteScriptBlock/Invoke-RemoteMain.ps1 index e73f64db83..672ca814cb 100644 --- a/Diagnostics/ExchangeLogCollector/RemoteScriptBlock/Invoke-RemoteMain.ps1 +++ b/Diagnostics/ExchangeLogCollector/RemoteScriptBlock/Invoke-RemoteMain.ps1 @@ -192,6 +192,18 @@ function Invoke-RemoteMain { Add-DefaultLogCopyTaskAction "$Script:localExInstall`Logging\MailboxAssistantsDatabaseSlaLog" "Mailbox_Assistants_Database_Sla_Logs" } } + + if ($PassedInfo.PipelineTracingLogs) { + + if ($Script:localServerObject.Hub -or + $Script:localServerObject.Edge) { + Add-LogCopyFullTaskAction $Script:localServerObject.TransportInfo.HubLoggingInfo.PipelineTracingPath "Hub_Pipeline_Tracing_Logs" + } + + if ($Script:localServerObject.Mailbox) { + Add-LogCopyFullTaskAction $Script:localServerObject.TransportInfo.MBXLoggingInfo.PipelineTracingPath "Mailbox_Pipeline_Tracing_Logs" + } + } } ############################################ diff --git a/docs/Diagnostics/ExchangeLogCollector.md b/docs/Diagnostics/ExchangeLogCollector.md index 7ff4f00b8c..711b16b4f2 100644 --- a/docs/Diagnostics/ExchangeLogCollector.md +++ b/docs/Diagnostics/ExchangeLogCollector.md @@ -71,7 +71,7 @@ AutoDLogs | Enable to collect AutoDiscover Logs. Location: `V15\Logging\Autodisc CollectFailoverMetrics | Enable to run the `CollectOverMetrics.ps1` script against the DAG. Only able to be run on an Exchange tools box or an Exchange Server. DAGInformation | Enable to collect the DAG Information from all different DAGs that are in the list of servers. DailyPerformanceLogs | Enable to collect Daily Performance Logs. Default Location: `V15\Logging\Diagnostics\DailyPerformanceLogs` -DefaultTransportLogging | Enables the following switches and their logs to be collected. `FrontEndConnectivityLogs`, `FrontEndProtocolLogs`, `HubConnectivityLogs`, `MailboxConnectivityLogs`, `MailboxDeliveryThrottlingLogs`, `MessageTrackingLogs`, `QueueInformation`, `ReceiveConnectors`, `SendConnectors`, and `TransportConfig` +DefaultTransportLogging | Enables the following switches and their logs to be collected. `FrontEndConnectivityLogs`, `FrontEndProtocolLogs`, `HubConnectivityLogs`, `MailboxConnectivityLogs`, `MailboxDeliveryThrottlingLogs`, `MessageTrackingLogs`, `PipelineTracingLogs`, `QueueInformation`, `ReceiveConnectors`, `SendConnectors`, and `TransportConfig` EASLogs | Enable to collect Exchange Active Sync Logging. Location: `V15\Logging\HttpProxy\Eas` ECPLogs | Enable to collect ECP Logs. Location: `V15\Logging\ECP` and `V15\Logging\HttpProxy\Ecp` EWSLogs | Enable to collect EWS Logs. Location: `V15\Logging\HttpProxy\Ews` and `V15\Logging\Ews` @@ -97,6 +97,7 @@ MitigationService | Enable to collect the Mitigation Service logs. Location: `V1 OABLogs | Enable to collect OAB Logs. Location: `V15\Logging\HttpProxy\OAB`, `V15\Logging\OABGeneratorLog`, `V15\Logging\OABGeneratorSimpleLog`, and `V15\Logging\MAPI AddressBook Service` OrganizationConfig | Enable to collect the Organization Configuration from the environment. OWALogs | Enable to collect OWA Logs. Location: `V15\Logging\OWA`, `Logging\HttpProxy\OwaCalendar`, and `V15\Logging\HttpProxy\Owa` +PipelineTracingLogs | Enable to collect the Pipeline Tracing Logs. Location `(Get-TransportService $server).PipelineTracingPath`, and `(Get-MailboxTransportService $server).PipelineTracingPath` PopLogs | Enable to collect POP logging. Location: `(Get-PopSettings -Server $server).LogFileLocation` PowerShellLogs | Enable to collect the PowerShell Logs. Location: `V15\Logging\HttpProxy\PowerShell` QueueInformation | Enable to collect the historical queue information. Location: `(Get-TransportService $server).QueueLogPath` From 94307676c22b83cabac90f739c837b21cd960865 Mon Sep 17 00:00:00 2001 From: David Paulson Date: Fri, 29 Sep 2023 16:06:28 -0500 Subject: [PATCH 3/4] Include web app ids in log collector --- .../Write/Write-LargeDataObjectsOnMachine.ps1 | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/Diagnostics/ExchangeLogCollector/Write/Write-LargeDataObjectsOnMachine.ps1 b/Diagnostics/ExchangeLogCollector/Write/Write-LargeDataObjectsOnMachine.ps1 index 9e682e70e5..02c9b3ce70 100644 --- a/Diagnostics/ExchangeLogCollector/Write/Write-LargeDataObjectsOnMachine.ps1 +++ b/Diagnostics/ExchangeLogCollector/Write/Write-LargeDataObjectsOnMachine.ps1 @@ -184,6 +184,16 @@ function Write-LargeDataObjectsOnMachine { } } } + + # list the app pools ids + $ids = & $appCmd list wp + $fileName = ("{0}\{1}_Web_App_IDs.txt" -f $webAppPoolsSaveRoot, $env:COMPUTERNAME) + + if ($null -ne $ids) { + $ids > $fileName + } else { + "No Data" > $fileName + } } } From e7e0f99c9919694f5de7e52cd1b97c2410a70d05 Mon Sep 17 00:00:00 2001 From: David Paulson Date: Mon, 2 Oct 2023 11:12:18 -0500 Subject: [PATCH 4/4] Include Get-AcceptedDomain, Get-RemoteDomain, and Get-TransportRule in log collector --- .../ExchangeLogCollector.ps1 | 2 ++ .../Helpers/Get-ArgumentList.ps1 | 2 ++ .../Helpers/Test-PossibleCommonScenarios.ps1 | 8 ++++++- .../Write-DataOnlyOnceOnMasterServer.ps1 | 22 +++++++++++++++++++ docs/Diagnostics/ExchangeLogCollector.md | 4 +++- 5 files changed, 36 insertions(+), 2 deletions(-) diff --git a/Diagnostics/ExchangeLogCollector/ExchangeLogCollector.ps1 b/Diagnostics/ExchangeLogCollector/ExchangeLogCollector.ps1 index 64d213330e..89097c38c2 100644 --- a/Diagnostics/ExchangeLogCollector/ExchangeLogCollector.ps1 +++ b/Diagnostics/ExchangeLogCollector/ExchangeLogCollector.ps1 @@ -8,6 +8,7 @@ param ( [Parameter(Mandatory = $false, ValueFromPipeline = $true, ValueFromPipelineByPropertyName = $true)] [Alias('Fqdn')] [string[]]$Servers = @($env:COMPUTERNAME), + [switch]$AcceptedRemoteDomain, [switch]$ADDriverLogs, [bool]$AppSysLogs = $true, [bool]$AppSysLogsToXml = $true, @@ -56,6 +57,7 @@ param ( [switch]$TransportAgentLogs, [switch]$TransportConfig, [switch]$TransportRoutingTableLogs, + [switch]$TransportRules, [switch]$WindowsSecurityLogs, [switch]$AllPossibleLogs, [Alias("CollectAllLogsBasedOnDaysWorth")] diff --git a/Diagnostics/ExchangeLogCollector/Helpers/Get-ArgumentList.ps1 b/Diagnostics/ExchangeLogCollector/Helpers/Get-ArgumentList.ps1 index e5ecd88eb4..fc93bb7175 100644 --- a/Diagnostics/ExchangeLogCollector/Helpers/Get-ArgumentList.ps1 +++ b/Diagnostics/ExchangeLogCollector/Helpers/Get-ArgumentList.ps1 @@ -24,6 +24,7 @@ function Get-ArgumentList { } return [PSCustomObject]@{ + AcceptedRemoteDomain = $AcceptedRemoteDomain ADDriverLogs = $ADDriverLogs AnyTransportSwitchesEnabled = $Script:AnyTransportSwitchesEnabled AppSysLogs = $AppSysLogs @@ -79,6 +80,7 @@ function Get-ArgumentList { TransportAgentLogs = $TransportAgentLogs TransportConfig = $TransportConfig TransportRoutingTableLogs = $TransportRoutingTableLogs + TransportRules = $TransportRules WindowsSecurityLogs = $WindowsSecurityLogs } } diff --git a/Diagnostics/ExchangeLogCollector/Helpers/Test-PossibleCommonScenarios.ps1 b/Diagnostics/ExchangeLogCollector/Helpers/Test-PossibleCommonScenarios.ps1 index e8374ea014..13bdaf0285 100644 --- a/Diagnostics/ExchangeLogCollector/Helpers/Test-PossibleCommonScenarios.ps1 +++ b/Diagnostics/ExchangeLogCollector/Helpers/Test-PossibleCommonScenarios.ps1 @@ -51,6 +51,8 @@ function Test-PossibleCommonScenarios { $Script:FrontEndProtocolLogs = $true $Script:MailboxDeliveryThrottlingLogs = $true $Script:PipelineTracingLogs = $true + $Script:TransportRules = $true + $Script:AcceptedRemoteDomain = $true } if ($ConnectivityLogs) { @@ -87,6 +89,8 @@ function Test-PossibleCommonScenarios { $Script:MessageTrackingLogs = $true $Script:QueueInformation = $true $Script:TransportConfig = $true + $Script:TransportRules = $true + $Script:AcceptedRemoteDomain = $true } if ($OutlookConnectivityIssues) { @@ -123,7 +127,9 @@ function Test-PossibleCommonScenarios { $TransportAgentLogs -or $TransportRoutingTableLogs -or $DefaultTransportLogging -or - $PipelineTracingLogs) { + $PipelineTracingLogs -or + $TransportRules -or + $AcceptedRemoteDomain) { $Script:AnyTransportSwitchesEnabled = $true } diff --git a/Diagnostics/ExchangeLogCollector/Write/Write-DataOnlyOnceOnMasterServer.ps1 b/Diagnostics/ExchangeLogCollector/Write/Write-DataOnlyOnceOnMasterServer.ps1 index 121e1974a6..9fef524eae 100644 --- a/Diagnostics/ExchangeLogCollector/Write/Write-DataOnlyOnceOnMasterServer.ps1 +++ b/Diagnostics/ExchangeLogCollector/Write/Write-DataOnlyOnceOnMasterServer.ps1 @@ -41,6 +41,28 @@ function Write-DataOnlyOnceOnMasterServer { Save-DataInfoToFile -dataIn $data -SaveToLocation $target -AddServerName $false } + if ($TransportRules) { + $target = $RootCopyToDirectory + "\TransportRules" + $data = Get-TransportRule + + # If no rules found, we want to report that. + if ($null -ne $data) { + Save-DataInfoToFile -dataIn $data -SaveToLocation $target -AddServerName $false + } else { + Save-DataInfoToFile -dataIn "No Transport Rules Found" -SaveXMLFile $false -SaveToLocation $target -AddServerName $false + } + } + + if ($AcceptedRemoteDomain) { + $target = $RootCopyToDirectory + "\AcceptedDomain" + $data = Get-AcceptedDomain + Save-DataInfoToFile -dataIn $data -SaveToLocation $target -AddServerName $false + + $target = $RootCopyToDirectory + "\RemoteDomain" + $data = Get-RemoteDomain + Save-DataInfoToFile -dataIn $data -SaveToLocation $target -AddServerName $false + } + if ($Error.Count -ne 0) { Save-DataInfoToFile -DataIn $Error -SaveToLocation ("$RootCopyToDirectory\AllErrors") Save-DataInfoToFile -DataIn (Get-UnhandledErrors) -SaveToLocation ("$RootCopyToDirectory\UnhandledErrors") diff --git a/docs/Diagnostics/ExchangeLogCollector.md b/docs/Diagnostics/ExchangeLogCollector.md index 711b16b4f2..9422d86da7 100644 --- a/docs/Diagnostics/ExchangeLogCollector.md +++ b/docs/Diagnostics/ExchangeLogCollector.md @@ -64,6 +64,7 @@ Parameter | Description | ----------|-------------| FilePath | The Location of where you would like the data to be copied over to. This location **must** be the same and accessible on all servers if you use the Servers parameter. Default value: C:\MS_Logs_Collection | Servers | An array of servers that you would like to collect data from. +AcceptedRemoteDomain | Enable to collect `Get-AcceptedDomain` and `Get-RemoteDomain`. ADDriverLogs | Enable to collect AD Driver Logs. Location: `V15\Logging\ADDriver` AppSysLogs | Collects the Windows Event Application, System, and MSExchange Management Logs. Default value `$true` AppSysLogsToXml | Collects the Windows Event Application and System and saves them out to XML. The time range only is from the time the script run and the value set on `LogAge`. Default value: `$true` @@ -71,7 +72,7 @@ AutoDLogs | Enable to collect AutoDiscover Logs. Location: `V15\Logging\Autodisc CollectFailoverMetrics | Enable to run the `CollectOverMetrics.ps1` script against the DAG. Only able to be run on an Exchange tools box or an Exchange Server. DAGInformation | Enable to collect the DAG Information from all different DAGs that are in the list of servers. DailyPerformanceLogs | Enable to collect Daily Performance Logs. Default Location: `V15\Logging\Diagnostics\DailyPerformanceLogs` -DefaultTransportLogging | Enables the following switches and their logs to be collected. `FrontEndConnectivityLogs`, `FrontEndProtocolLogs`, `HubConnectivityLogs`, `MailboxConnectivityLogs`, `MailboxDeliveryThrottlingLogs`, `MessageTrackingLogs`, `PipelineTracingLogs`, `QueueInformation`, `ReceiveConnectors`, `SendConnectors`, and `TransportConfig` +DefaultTransportLogging | Enables the following switches and their logs to be collected. `AcceptedRemoteDomain`, `FrontEndConnectivityLogs`, `FrontEndProtocolLogs`, `HubConnectivityLogs`, `MailboxConnectivityLogs`, `MailboxDeliveryThrottlingLogs`, `MessageTrackingLogs`, `PipelineTracingLogs`, `QueueInformation`, `ReceiveConnectors`, `SendConnectors`, `TransportConfig`, `TransportRoutingTableLogs`, and `TransportRules` EASLogs | Enable to collect Exchange Active Sync Logging. Location: `V15\Logging\HttpProxy\Eas` ECPLogs | Enable to collect ECP Logs. Location: `V15\Logging\ECP` and `V15\Logging\HttpProxy\Ecp` EWSLogs | Enable to collect EWS Logs. Location: `V15\Logging\HttpProxy\Ews` and `V15\Logging\Ews` @@ -109,6 +110,7 @@ ServerInformation | Enable to collect general server information. TransportAgentLogs | Enable to collect the Agent Logs. Location: `(Get-TransportService $server).AgentLogPath`, `(Get-FrontendTransportService $server).AgentLogPath`, `(Get-MailboxTransportService $server).MailboxSubmissionAgentLogPath`, and `(Get-MailboxTransportService $server).MailboxDeliveryAgentLogPath` TransportConfig | Enable to collect the Transport Configuration files from the Server and `Get-TransportConfig` from the org. Files: `EdgeTransport.exe.config`, `MSExchangeFrontEndTransport.exe.config`, `MSExchangeDelivery.exe.config`, and `MSExchangeSubmission.exe.config` TransportRoutingTableLogs | Enable to collect the Routing Table Logs. Location: `(Get-TransportService $server).RoutingTableLogPath`, `(Get-FrontendTransportService $server).RoutingTableLogPath`, and `(Get-MailboxTransportService $server).RoutingTableLogPath` +TransportRules | Enable to collect `Get-TransportRule`. WindowsSecurityLogs | Enable to collect the Windows Security Logs. Default Location: `'C:\Windows\System32\WinEvt\Logs\Security.evtx'` AllPossibleLogs | Enables the collection of all default logging collection on the Server. CollectAllLogsBasedOnLogAge | Boolean to determine if you collect all the logs based off the log's age or all the logs in that directory. Default value `$true`