Merge pull request #1850 from microsoft/main

Release 10-10-23

Calendar/Get-CalendarDiagnosticObjectsSummary.ps1

@@ -29,7 +29,7 @@ param(
 )
 
 function GetCalendarDiagnosticObjects {
-    $CustomPropertyNameList = "AppointmentCounterProposal", "AppointmentRecurring", "CalendarItemType", "CalendarProcessed", "ClientIntent", "DisplayAttendeesCc", "DisplayAttendeesTo", "EventEmailReminderTimer", "ExternalSharingMasterId", "FreeBusyStatus", "From", "HasAttachment", "IsAllDayEvent", "IsCancelled", "IsMeeting", "MapiEndTime", "MapiStartTime", "OnlineMeetingConfLink", "OnlineMeetingExternalLink", "OnlineMeetingInternalLink", "SentRepresentingDisplayName", "SentRepresentingEmailAddress";
+    $CustomPropertyNameList = "AppointmentCounterProposal", "AppointmentRecurring", "CalendarItemType", "CalendarProcessed", "ClientIntent", "DisplayAttendeesCc", "DisplayAttendeesTo", "EventEmailReminderTimer", "ExternalSharingMasterId", "FreeBusyStatus", "From", "HasAttachment", "IsAllDayEvent", "IsCancelled", "IsMeeting", "MapiEndTime", "MapiStartTime", "NormalizedSubject", "SentRepresentingDisplayName", "SentRepresentingEmailAddress";
     if ($Identity -and $Subject -and $MeetingID) {
         $script:GetCDO = Get-CalendarDiagnosticObjects -Identity $Identity -MeetingID $MeetingID -CustomPropertyNames $CustomPropertyNameList -WarningAction Ignore -MaxResults 2000;
     }
@@ -165,7 +165,7 @@ function BuildCSV {
         'IPM.Schedule.Meeting.Resp.Pos'                        = "RespPos"
     }
 
-    $SCN = @{
+    $ShortClientNameProcessor = @{
         'Client=Hub Transport'                       = "Transport"
         'Client=MSExchangeRPC'                       = "Outlook"
         'Lync for Mac'                               = "LyncMac"
@@ -187,7 +187,7 @@ function BuildCSV {
         'Client=OutlookService;Outlook-iOS'          = "OutlookiOS"
     }
 
-    $RT = @{
+    $ResponseTypeOptions = @{
         '0' = "None"
         "1" = "Organizer"
         '2' = "Tentative"
@@ -203,7 +203,7 @@ function BuildCSV {
         $ItemType = $CalendarItemTypes.($CalLog.ItemClass);
         $ShortClientName = @();
         $script:KeyInput = $CalLog.ClientInfoString;
-        $ResponseType = $RT.($CalLog.ResponseType.ToString());
+        $ResponseType = $ResponseTypeOptions.($CalLog.ResponseType.ToString());
 
         if (!$CalLog.ClientInfoString) {
             $ShortClientName = "NotFound";
@@ -249,7 +249,7 @@ function BuildCSV {
                 $ShortClientName = "Rest";
             }
         } else {
-            $ShortClientName = findMatch -PassedHash $SCN;
+            $ShortClientName = findMatch -PassedHash $ShortClientNameProcessor;
         }
 
         if ($CalLog.ClientInfoString -like "*InternalCalendarSharing*" -and $CalLog.ClientInfoString -like "*OWA*") {
@@ -381,12 +381,7 @@ function BuildCSV {
             'IsException'                  = $CalLog.IsException
             'IsOrganizerProperty'          = $CalLog.IsOrganizerProperty
             'EventEmailReminderTimer'      = $CalLog.EventEmailReminderTimer
-            'EstimatedAcceptCount'         = $CalLog.EstimatedAcceptCount
-            'EstimatedTentativeCount'      = $CalLog.EstimatedTentativeCount
-            'EstimatedDeclineCount'        = $CalLog.EstimatedDeclineCount
-            'OnlineMeetingConfLink'        = $CalLog.OnlineMeetingConfLink
-            'OnlineMeetingExternalLink'    = $CalLog.OnlineMeetingExternalLink
-            'OnlineMeetingInternalLink'    = $CalLog.OnlineMeetingInternalLink
+            'ExternalSharingMasterId'      = $CalLog.ExternalSharingMasterId
         }
     }
     $script:Results = $GCDOResults;
@@ -570,36 +565,6 @@ function BuildTimeline {
                         MeetingSummary -Time " " -MeetingChanges $TimeLineText
                     }
 
-                    if ($CalLog.EstimatedAcceptCount -ne $PreviousCalLog.EstimatedAcceptCount) {
-                        [Array]$TimeLineText = "The Estimated Accept Count changed from [$($PreviousCalLog.EstimatedAcceptCount)] to: [$($CalLog.EstimatedAcceptCount)]"
-                        MeetingSummary -Time " " -MeetingChanges $TimeLineText
-                    }
-
-                    if ($CalLog.EstimatedTentativeCount -ne $PreviousCalLog.EstimatedTentativeCount) {
-                        [Array]$TimeLineText = "The Estimated Tentative Count changed from [$($PreviousCalLog.EstimatedTentativeCount)] to: [$($CalLog.EstimatedTentativeCount)]"
-                        MeetingSummary -Time " " -MeetingChanges $TimeLineText
-                    }
-
-                    if ($CalLog.EstimatedDeclineCount -ne $PreviousCalLog.EstimatedDeclineCount) {
-                        [Array]$TimeLineText = "The Estimated Declined Count changed from [$($PreviousCalLog.EstimatedDeclineCount)] to: [$($CalLog.EstimatedDeclineCount)]"
-                        MeetingSummary -Time " " -MeetingChanges $TimeLineText
-                    }
-
-                    if ($CalLog.OnlineMeetingConfLink -ne $PreviousCalLog.OnlineMeetingConfLink) {
-                        [Array]$TimeLineText = "The Online Meeting Conference Link changed from [$($PreviousCalLog.OnlineMeetingConfLink)] to: [$($CalLog.OnlineMeetingConfLink)]"
-                        MeetingSummary -Time " " -MeetingChanges $TimeLineText
-                    }
-
-                    if ($CalLog.OnlineMeetingExternalLink -ne $PreviousCalLog.OnlineMeetingExternalLink) {
-                        [Array]$TimeLineText = "The Online Meeting External Link changed from [$($PreviousCalLog.OnlineMeetingExternalLink)] to: [$($CalLog.OnlineMeetingExternalLink)]"
-                        MeetingSummary -Time " " -MeetingChanges $TimeLineText
-                    }
-
-                    if ($CalLog.OnlineMeetingInternalLink -ne $PreviousCalLog.OnlineMeetingInternalLink) {
-                        [Array]$TimeLineText = "The Online Meeting Internal Link changed from [$($PreviousCalLog.OnlineMeetingInternalLink)] to: [$($CalLog.OnlineMeetingInternalLink)]"
-                        MeetingSummary -Time " " -MeetingChanges $TimeLineText
-                    }
-
                     if ($CalLog.SenderEmailAddress -ne $PreviousCalLog.SenderEmailAddress) {
                         [Array]$TimeLineText = "The Sender Email Address changed from [$($PreviousCalLog.SenderEmailAddress)] to: [$($CalLog.SenderEmailAddress)]"
                         MeetingSummary -Time " " -MeetingChanges $TimeLineText
@@ -904,7 +869,7 @@ $UniqueMeetingID = $GlobalObjectId | Select-Object -Unique;
 if ($UniqueMeetingID.count -gt 1) {
     $UniqueMeetingID | ForEach-Object {
         $MeetingID = $_;
-        $script:GCDO = Get-CalendarDiagnosticObjects -Identity $Identity -MeetingID $MeetingID -CustomPropertyNames AppointmentCounterProposal, AppointmentRecurring, CalendarItemType, CalendarProcessed, ClientIntent, DisplayAttendeesCc, DisplayAttendeesTo, EventEmailReminderTimer, ExternalSharingMasterId, FreeBusyStatus, From, HasAttachment, IsAllDayEvent, IsCancelled, IsMeeting, MapiEndTime, MapiStartTime, OnlineMeetingConfLink, OnlineMeetingExternalLink, OnlineMeetingInternalLink, SentRepresentingDisplayName, SentRepresentingEmailAddress -WarningAction Ignore -MaxResults 2000;
+        $script:GCDO = Get-CalendarDiagnosticObjects -Identity $Identity -MeetingID $MeetingID -CustomPropertyNames AppointmentCounterProposal, AppointmentRecurring, CalendarItemType, CalendarProcessed, ClientIntent, DisplayAttendeesCc, DisplayAttendeesTo, EventEmailReminderTimer, ExternalSharingMasterId, FreeBusyStatus, From, HasAttachment, IsAllDayEvent, IsCancelled, IsMeeting, MapiEndTime, MapiStartTime, NormalizedSubject, SentRepresentingDisplayName, SentRepresentingEmailAddress -WarningAction Ignore -MaxResults 2000;
         BuildCSV;
         BuildTimeline;
     }

Calendar/Get-RBASummary.ps1

@@ -48,7 +48,7 @@ function ValidateMailbox {
         if ($script:Mailbox.ResourceType -eq "Workspace") {
             $script:Workspace = $true;
         }
-        Write-Host -ForegroundColor Green "The mailbox is valid for RBA will work with.";
+        Write-Host -ForegroundColor Green "The mailbox is valid for RBA will work with."
     }
 
     # Get-Place does not cross forest boundaries so we will get an error here if we are not in the right forest.
@@ -57,17 +57,16 @@ function ValidateMailbox {
 
     if ($null -eq $script:Place) {
         Write-Error "Error: Get-Place returned Null for $Identity."
-        Write-Host -ForegroundColor Red "Make sure you are running from the Correct forest.  Get-Place does not cross forest boundaries."
+        Write-Host -ForegroundColor Red "Make sure you are running from the correct forest.  Get-Place does not cross forest boundaries."
         Write-Error "Exiting Script."
-        exit
+        exit;
     }
 
     Write-Host -ForegroundColor Yellow "For more information see https://learn.microsoft.com/en-us/powershell/module/exchange/get-mailbox?view=exchange-ps";
-    Write-Host ;
+    Write-Host;
 }
 
 # Validate that there are not delegate rules that will block RBA functionality
-#TODO this fails if you do not have PII access to the mailbox
 function ValidateInboxRules {
     Write-Host "Checking for Delegate Rules that will block RBA functionality..."
     Write-Host -NoNewline "Running : "; Write-Host -ForegroundColor Cyan "Get-InboxRule -mailbox $Identity -IncludeHidden"
@@ -79,8 +78,7 @@ function ValidateInboxRules {
         Write-Host -ForegroundColor Red "$($rules.Name -like "Delegate Rule*")"
         Write-Host -ForegroundColor Red "Exiting script."
         exit;
-    }
-    if ($rules.Name -like "REDACTED-*") {
+    } elseif ($rules.Name -like "REDACTED-*") {
         Write-Host -ForegroundColor Yellow "Warning: No PII Access to MB so cannot check for Delegate Rules."
         Write-Host -ForegroundColor Red " --- Inbox Rules needs to be checked manually for any Delegate Rules. --"
         Write-Host -ForegroundColor Yellow "To gain PII access, Mailbox is located on $($mailbox.Database) on server $($mailbox.ServerName)"
@@ -91,6 +89,7 @@ function ValidateInboxRules {
             Write-Host -ForegroundColor Yellow "Warning: Multiple rules have been found on this resource mailbox. Only the Default Junk Mail rule is expected.  Depending on the rules setup, this may block RBA functionality."
             Write-Host -ForegroundColor Yellow "Warning: Please remove the rule(s) via Remove-InboxRule cmdlet and re-run this script."
         }
+    } else {
         Write-Host -ForegroundColor Green "Delegate Rules check passes."
     }
 }
@@ -109,21 +108,22 @@ function GetCalendarProcessing {
         exit;
     }
 
-    Write-Host -ForegroundColor Yellow "For more information see
-                https://learn.microsoft.com/en-us/powershell/module/exchange/set-calendarprocessing?view=exchange-ps";
-    Write-Host ;
-
     $RbaSettings | Format-List
+
+    Write-Host -ForegroundColor Yellow "For more information on Set-CalendarProcessing see
+                https://learn.microsoft.com/en-us/powershell/module/exchange/set-calendarprocessing?view=exchange-ps";
+    Write-Host;
 }
 
 function EvaluateCalProcessing {
 
     if ($RbaSettings.AutomateProcessing -ne "AutoAccept") {
-        Write-Host -ForegroundColor Red "AutomateProcessing is not set to AutoAccept. RBA will not work as configured. "
-        Write-Host -ForegroundColor Red "AutomateProcessing is set to"$RbaSettings.AutomateProcessing
+        Write-Host -ForegroundColor Red "Error: AutomateProcessing is not set to AutoAccept. RBA will not work as configured."
+        Write-Host -ForegroundColor Red "Error: For RBA to do anything AutomateProcessing must be set to AutoAccept."
+        Write-Host -ForegroundColor Red "Error: AutomateProcessing is set to $($RbaSettings.AutomateProcessing)."
         Write-Host -ForegroundColor Yellow "Use 'Set-CalendarProcessing -Identity $Identity -AutomateProcessing AutoAccept' to set AutomateProcessing to AutoAccept."
         Write-Host -ForegroundColor Red "Exiting script."
-        exit
+        exit;
     } else {
         Write-Host -ForegroundColor Green "AutomateProcessing is set to AutoAccept. RBA will analyze the meeting request."
     }
@@ -662,9 +662,9 @@ function Write-DashLineBoxColor {
 ValidateMailbox
 ValidateInboxRules
 GetCalendarProcessing
+EvaluateCalProcessing
 ValidateWorkspace
 ValidateRoomListSettings
-EvaluateCalProcessing
 ProcessingLogic
 RBACriteria
 RBAProcessingValidation

Diagnostics/AVTester/Test-ExchAVExclusions.ps1

@@ -373,26 +373,29 @@ Write-SimpleLogFile -string "Testing for AV loaded in processes" -name $LogFile
 # Test Exchange Processes for unexpected modules
 $ProcessList = Get-ExchAVExclusionsProcess -ExchangePath $ExchangePath -MsiProductMinor ([byte]$serverExchangeInstallDirectory.MsiProductMinor)
 
+# Include w3wp process in the analysis
+$ProcessList += (Join-Path $env:SystemRoot '\System32\inetSrv\W3wp.exe')
+
 # Gather all processes on the computer
-$ServerProcess = Get-Process
+$ServerProcess = Get-Process | Sort-Object -Property ProcessName
 
 # Module allow list
 $ModuleAllowList = New-Object Collections.Generic.List[string]
 
 # cSpell:disable
-$ModuleAllowList.add("Google.Protobuf.ni.dll")
-$ModuleAllowList.add("Microsoft.RightsManagementServices.Core.ni.dll")
-$ModuleAllowList.add("Newtonsoft.Json.ni.dll")
-$ModuleAllowList.add("Microsoft.Cloud.InstrumentationFramework.Events.ni.dll")
+$ModuleAllowList.add("Google.Protobuf.dll")
+$ModuleAllowList.add("Microsoft.RightsManagementServices.Core.dll")
+$ModuleAllowList.add("Newtonsoft.Json.dll")
+$ModuleAllowList.add("Microsoft.Cloud.InstrumentationFramework.Events.dll")
 $ModuleAllowList.add("HealthServicePerformance.dll")
 $ModuleAllowList.add("InterceptCounters.dll")
 $ModuleAllowList.add("MOMConnectorPerformance.dll")
 $ModuleAllowList.add("ExDbFailureItemApi.dll")
-$ModuleAllowList.add("Microsoft.Cloud.InstrumentationFramework.Metrics.ni.dll")
+$ModuleAllowList.add("Microsoft.Cloud.InstrumentationFramework.Metrics.dll")
 $ModuleAllowList.add("IfxMetrics.dll")
 $ModuleAllowList.add("ManagedBlingSigned.dll")
 $ModuleAllowList.add("l3codecp.acm")
-$ModuleAllowList.add("System.IdentityModel.Tokens.jwt.ni.dll")
+$ModuleAllowList.add("System.IdentityModel.Tokens.jwt.dll")
 # Oracle modules associated with 'Outside In® Technology'
 $ModuleAllowList.add("wvcore.dll")
 $ModuleAllowList.add("sccut.dll")
@@ -405,14 +408,15 @@ $ModuleAllowList.add("sccfmt.dll")
 $ModuleAllowList.add("sccind.dll")
 $ModuleAllowList.add("sccca.dll")
 $ModuleAllowList.add("scclo.dll")
-$ModuleAllowList.add("SCCOLE2.DLL")
-$ModuleAllowList.add("SCCSD.DLL")
-$ModuleAllowList.add("SCCXT.DLL")
+$ModuleAllowList.add("SCCOLE2.dll")
+$ModuleAllowList.add("SCCSD.dll")
+$ModuleAllowList.add("SCCXT.dll")
 # cSpell:enable
 
 Write-SimpleLogFile -string ("Allow List Module Count: " + $ModuleAllowList.count) -Name $LogFile
 
 $UnexpectedModuleFound = 0
+$showWarning = $false
 
 # Gather each process and work thru their module list to remove any known modules.
 foreach ($process in $ServerProcess) {
@@ -431,21 +435,35 @@ foreach ($process in $ServerProcess) {
 
         # Clear out modules from the allow list
         foreach ($module in $ModuleAllowList) {
-            $ProcessModules = $ProcessModules | Where-Object { $_.ModuleName -ne $module }
+            $ProcessModules = $ProcessModules | Where-Object { $_.ModuleName -ne $module -and $_.ModuleName -ne $($module.Replace(".dll", ".ni.dll")) }
         }
 
         if ($ProcessModules.count -gt 0) {
+            if ($UnexpectedModuleFound -eq 0) {
+                "`n####################################################################################################" | Out-File $OutputProcessPath  -Append
+                "$((Get-Date).ToString())" | Out-File $OutputProcessPath -Append
+                "####################################################################################################" | Out-File $OutputProcessPath -Append
+            }
             Write-Warning ("Possible AV Modules found in process $($process.ProcessName)")
             $UnexpectedModuleFound++
             foreach ($module in $ProcessModules) {
-                $OutString = ("[FAIL] - PROCESS: $($process.ProcessName) MODULE: $($module.ModuleName) COMPANY: $($module.Company)")
-                Write-SimpleLogFile -string $OutString -Name $LogFile
+                if ( $process.MainModule.ModuleName -eq "W3wp.exe" -and $showWarning -eq $false) {
+                    Write-Warning "W3wp.exe is not present in the recommended Exclusion list but we found 3rd Party modules on it and could affect Exchange performance or functionality."
+                    Write-SimpleLogFile -string "W3wp.exe is not present in the recommended Exclusion list but we found 3rd Party modules on it and could affect Exchange performance or functionality." -name $LogFile
+                    $showWarning = $true
+                }
+                $OutString = ("[FAIL] - PROCESS: $($process.ProcessName) PID($($process.Id)) MODULE: $($module.ModuleName) COMPANY: $($module.Company)`n`t $($module.FileName)")
+                Write-SimpleLogFile -string $OutString -Name $LogFile -OutHost
                 $OutString | Out-File $OutputProcessPath -Append
             }
         }
     }
 }
 
+if ($UnexpectedModuleFound -gt 0) {
+    "`n####################################################################################################" | Out-File $OutputProcessPath  -Append
+}
+
 # Final output for process detection
 if ($UnexpectedModuleFound -gt 0) {
     Write-SimpleLogFile -string ("Found $($UnexpectedModuleFound) processes with unexpected modules loaded") -Name $LogFile -OutHost

Diagnostics/HealthChecker/Analyzer/Invoke-AnalyzerExchangeInformation.ps1

@@ -376,6 +376,35 @@ function Invoke-AnalyzerExchangeInformation {
             Details = $exchangeInformation.ExtendedProtectionConfig.ExtendedProtectionConfigured
         }
         Add-AnalyzedResultInformation @params
+
+        # If any directory has a higher than expected configuration, we need to throw a warning
+        # This will be detected by SupportedExtendedProtection being set to false, as we are set higher than expected/recommended value you will likely run into issues of some kind
+        $notSupportedExtendedProtectionDirectories = $exchangeInformation.ExtendedProtectionConfig.ExtendedProtectionConfiguration |
+            Where-Object { $_.SupportedExtendedProtection -eq $false }
+
+        if ($null -ne $notSupportedExtendedProtectionDirectories) {
+            foreach ($entry in $notSupportedExtendedProtectionDirectories) {
+                $expectedValue = if ($entry.MitigationSupported -and $entry.MitigationEnabled) { "None" } else { $entry.ExpectedExtendedConfiguration }
+                $params = $baseParams + @{
+                    Details                = "$($entry.VirtualDirectoryName) - Current Value: '$($entry.ExtendedProtection)'   Expected Value: '$expectedValue'"
+                    DisplayWriteType       = "Yellow"
+                    DisplayCustomTabNumber = 2
+                    TestingName            = "EP - $($entry.VirtualDirectoryName)"
+                    DisplayTestingValue    = ($entry.ExtendedProtection)
+                }
+                Add-AnalyzedResultInformation @params
+            }
+
+            $params = $baseParams + @{
+                Details          = "`r`n`t`tThe current Extended Protection settings may cause issues with some clients types on $(if(@($notSupportedExtendedProtectionDirectories).Count -eq 1) { "this protocol."} else { "these protocols."})" +
+                "`r`n`t`tIt is recommended to set the EP setting to the recommended value if you are having issues with that protocol." +
+                "`r`n`t`tMore Information: https://aka.ms/ExchangeEPDoc"
+                DisplayWriteType = "Yellow"
+            }
+            Add-AnalyzedResultInformation @params
+        } else {
+            Write-Verbose "All virtual directories are supported for the Extended Protection value."
+        }
     }
 
     if ($null -ne $exchangeInformation.SettingOverrides) {