diff --git a/Calendar/CalLogHelpers/ShortClientNameFunctions.ps1 b/Calendar/CalLogHelpers/ShortClientNameFunctions.ps1
index a9888911fa..e2426d04bc 100644
--- a/Calendar/CalLogHelpers/ShortClientNameFunctions.ps1
+++ b/Calendar/CalLogHelpers/ShortClientNameFunctions.ps1
@@ -6,15 +6,41 @@
# ===================================================================================================
function FindMatch {
param(
- [HashTable] $PassedHash
+ # [HashTable] $ShortClientNameProcessor,
+ [string] $KeyInput
)
- foreach ($Val in $PassedHash.keys) {
+ foreach ($Val in $ShortClientNameProcessor.keys) {
if ($KeyInput -like "*$Val*") {
- return $PassedHash[$Val]
+ return $ShortClientNameProcessor[$Val]
}
}
}
+$ShortClientNameProcessor = @{
+ 'Client=Hub Transport' = "Transport"
+ 'Client=MSExchangeRPC' = "Outlook : Desktop"
+ 'OneOutlook' = "OneOutlook"
+ 'Lync for Mac' = "LyncMac"
+ 'AppId=00000004-0000-0ff1-ce00-000000000000' = "SkypeMMS"
+ 'MicrosoftNinja' = "Teams"
+ 'SkypeSpaces' = "Teams"
+ 'Remove-CalendarEvents' = "RemoveCalendarEvent"
+ 'Client=POP3/IMAP4' = "PopImap"
+ 'Client=OWA' = "OWA"
+ 'PublishedBookingCalendar' = "BookingAgent"
+ 'LocationAssistantProcessor' = "LocationProcessor"
+ 'AppId=6326e366-9d6d-4c70-b22a-34c7ea72d73d' = "CalendarReplication"
+ 'AppId=1e3faf23-d2d2-456a-9e3e-55db63b869b0' = "CiscoWebex"
+ 'AppId=1c3a76cc-470a-46d7-8ba9-713cfbb2c01f' = "Time Service"
+ 'AppId=48af08dc-f6d2-435f-b2a7-069abd99c086' = "RestConnector"
+ 'AppId=7b7fdad6-df9d-4cd5-a4f2-b5f749350419' = "Bookings B2 Service"
+ 'GriffinRestClient' = "GriffinRestClient"
+ 'MacOutlook' = "MacOutlookRest"
+ 'Outlook-iOS-Android' = "OutlookMobile"
+ 'Client=OutlookService;Outlook-Android' = "OutlookAndroid"
+ 'Client=OutlookService;Outlook-iOS' = "OutlookiOS"
+}
+
<#
.SYNOPSIS
Creates friendly / short client names from the ClientInfoString
@@ -23,11 +49,12 @@ function CreateShortClientName {
param(
$ClientInfoString
)
- $ShortClientName= @()
+ $ShortClientName= ""
# Map ClientInfoString to ShortClientName
- if (!$ClientInfoString) {
+ if ([string]::IsNullOrEmpty($ClientInfoString)) {
$ShortClientName = "NotFound"
+ return $ShortClientName
}
if ($ClientInfoString -like "Client=EBA*" -or $ClientInfoString -like "Client=TBA*") {
@@ -82,8 +109,8 @@ function CreateShortClientName {
$ShortClientName = "[Unknown Rest Client]"
}
# Client=WebServices;Mozilla/5.0 (ZoomPresence.Android 8.1.0 x86);
- } else {
- $ShortClientName = findMatch -PassedHash $ShortClientNameProcessor
+ } elseif ($ShortClientName -eq "") {
+ $ShortClientName = findMatch -KeyInput $ClientInfoString
}
if ($ShortClientName -eq "" -And $ClientInfoString -like "Client=WebServices*") {
@@ -117,28 +144,3 @@ function CreateShortClientName {
return $ShortClientName
}
-
-$ShortClientNameProcessor = @{
- 'Client=Hub Transport' = "Transport"
- 'Client=MSExchangeRPC' = "Outlook-MAPI"
- 'OneOutlook' = "OneOutlook"
- 'Lync for Mac' = "LyncMac"
- 'AppId=00000004-0000-0ff1-ce00-000000000000' = "SkypeMMS"
- 'MicrosoftNinja' = "Teams"
- 'SkypeSpaces' = "Teams"
- 'Remove-CalendarEvents' = "RemoveCalendarEvent"
- 'Client=POP3/IMAP4' = "PopImap"
- 'Client=OWA' = "OWA"
- 'PublishedBookingCalendar' = "BookingAgent"
- 'LocationAssistantProcessor' = "LocationProcessor"
- 'AppId=6326e366-9d6d-4c70-b22a-34c7ea72d73d' = "CalendarReplication"
- 'AppId=1e3faf23-d2d2-456a-9e3e-55db63b869b0' = "CiscoWebex"
- 'AppId=1c3a76cc-470a-46d7-8ba9-713cfbb2c01f' = "Time Service"
- 'AppId=48af08dc-f6d2-435f-b2a7-069abd99c086' = "RestConnector"
- 'AppId=7b7fdad6-df9d-4cd5-a4f2-b5f749350419' = "Bookings B2 Service"
- 'GriffinRestClient' = "GriffinRestClient"
- 'MacOutlook' = "MacOutlookRest"
- 'Outlook-iOS-Android' = "OutlookMobile"
- 'Client=OutlookService;Outlook-Android' = "OutlookAndroid"
- 'Client=OutlookService;Outlook-iOS' = "OutlookiOS"
-}
diff --git a/Calendar/Tests/ShortClientNameFunctions.Tests.ps1 b/Calendar/Tests/ShortClientNameFunctions.Tests.ps1
new file mode 100644
index 0000000000..ef80f8b8c1
--- /dev/null
+++ b/Calendar/Tests/ShortClientNameFunctions.Tests.ps1
@@ -0,0 +1,183 @@
+# Copyright (c) Microsoft Corporation.
+# Licensed under the MIT License.
+
+[CmdletBinding()]
+param()
+
+Describe "CreateShortClientName" {
+ BeforeAll {
+ . $PSScriptRoot\..\CalLogHelpers\ShortClientNameFunctions.ps1
+ }
+
+ Context "When ClientInfoString is empty" {
+ It "Should return 'NotFound'" {
+ $result = CreateShortClientName -ClientInfoString ""
+ $result | Should -Be "NotFound"
+ }
+ }
+
+ Context "When ClientInfoString is Client=MSExchangeRPC" {
+ It "Should return 'Outlook : Desktop'" {
+ $result = CreateShortClientName -ClientInfoString "Client=MSExchangeRPC"
+ $result | Should -Be "Outlook : Desktop"
+ }
+ }
+
+ Context "When ClientInfoString is Client=Hub Transport" {
+ It "Should return 'Outlook : Desktop'" {
+ $result = CreateShortClientName -ClientInfoString "Client=Hub Transport"
+ $result | Should -Be "Transport"
+ }
+ }
+
+ Context "When ClientInfoString is Client=OutlookService;Outlook-iOS/2.0;;Outlook-iOS/2.0" {
+ It "Should return 'Outlook : Desktop'" {
+ $result = CreateShortClientName -ClientInfoString "Client=OutlookService;Outlook-iOS/2.0;;Outlook-iOS/2.0"
+ $result | Should -Be "OutlookiOS"
+ }
+ }
+
+ Context "When ClientInfoString FileContentMatch 'Client=EBA' or 'Client=TBA'" {
+ It "Should return 'ResourceBookingAssistant' if ClientInfoString FileContentMatch 'ResourceBookingAssistant'" {
+ $result = CreateShortClientName "Client=EBA;Action=FreeBusyPublishingAssistant;ResourceBookingAssistant"
+ $result | Should -Be "ResourceBookingAssistant"
+ }
+
+ It "Should return 'CalendarRepairAssistant' if ClientInfoString FileContentMatch 'CalendarRepairAssistant'" {
+ $result = CreateShortClientName "Client=TBA;Service=MSExchangeMailboxAssistants;Action=CalendarRepairAssistant"
+ $result | Should -Be "CalendarRepairAssistant"
+ }
+
+ It "Should return the concatenated client, action, and data if ClientInfoString does not contain 'ResourceBookingAssistant' or 'CalendarRepairAssistant'" {
+ $result = CreateShortClientName "Client=EBA;Action=Delete;Data=789"
+ $result | Should -Be "EBA:Delete;Data=789"
+ }
+ }
+
+ Context "When ClientInfoString FileContentMatch 'Client=ActiveSync'" {
+ It "Should return the user agent if ClientInfoString FileContentMatch 'UserAgent='" {
+ $result = CreateShortClientName "Client=ActiveSync;UserAgent=Apple-iPhone9C1/1402.100;Version=160;Action=/Microsoft-Server-ActiveSync/Proxy/default.eas?User=test@Contoso.com&DeviceId=MyTestDevice&DeviceType=iPhone&Cmd=Sync"
+ $result | Should -Be "Apple-iPhone9C1"
+ }
+
+ It "Should return the user agent if ClientInfoString FileContentMatch 'UserAgent='" {
+ $result = CreateShortClientName "Client=ActiveSync;UserAgent=Android-14/;Action=/Microsoft-Server-ActiveSync/Proxy/default.eas"
+ $result | Should -Be "Android-14"
+ }
+
+ It "Should return unknown if the user agent is Blank" {
+ $result = CreateShortClientName "Client=ActiveSync;UserAgent=;Action=/Microsoft-Server-ActiveSync/default.eas?Cmd=SendMail"
+ $result | Should -Be "ActiveSyncUnknown"
+ }
+
+ It "Should return 'Outlook-ModernCalendarSharing' if ClientInfoString FileContentMatch 'Outlook-iOS-Android'" {
+ $result = CreateShortClientName "Client=ActiveSync;UserAgent=Outlook-iOS-Android/1.0;Action=/Microsoft-Server-ActiveSync/Proxy/default.eas?User=test%40microsoft.com&DeviceId=BF36923991ADFBA9&DeviceType=Outlook&Cmd=SendMail"
+ $result | Should -Be "Outlook-ModernCalendarSharing"
+ }
+
+ It "Should return 'ActiveSyncUnknown' if ClientInfoString does not match any conditions" {
+ $result = CreateShortClientName "Client=ActiveSync;UnknownClient"
+ $result | Should -Be "ActiveSyncUnknown"
+ }
+ }
+
+ Context "When ClientInfoString FileContentMatch 'Client=Rest'" {
+ It "Should return 'LocationProcessor' if ClientInfoString FileContentMatch 'LocationAssistantProcessor'" {
+ $result = CreateShortClientName "Client=Rest;LocationAssistantProcessor"
+ $result | Should -Be "LocationProcessor"
+ }
+
+ It "Should return 'CalendarReplication' if ClientInfoString FileContentMatch 'AppId=6326e366-9d6d-4c70-b22a-34c7ea72d73d'" {
+ $result = CreateShortClientName "Client=Rest;AppId=6326e366-9d6d-4c70-b22a-34c7ea72d73d"
+ $result | Should -Be "CalendarReplication"
+ }
+
+ It "Should return 'CiscoWebex' if ClientInfoString FileContentMatch 'AppId=1e3faf23-d2d2-456a-9e3e-55db63b869b0'" {
+ $result = CreateShortClientName "Client=Rest;AppId=1e3faf23-d2d2-456a-9e3e-55db63b869b0"
+ $result | Should -Be "CiscoWebex"
+ }
+
+ It "Should return 'TimeService' if ClientInfoString FileContentMatch 'AppId=1c3a76cc-470a-46d7-8ba9-713cfbb2c01f'" {
+ $result = CreateShortClientName "Client=Rest;AppId=1c3a76cc-470a-46d7-8ba9-713cfbb2c01f"
+ $result | Should -Be "TimeService"
+ }
+
+ It "Should return 'RestConnector' if ClientInfoString FileContentMatch 'AppId=48af08dc-f6d2-435f-b2a7-069abd99c086'" {
+ $result = CreateShortClientName "Client=Rest;AppId=48af08dc-f6d2-435f-b2a7-069abd99c086"
+ $result | Should -Be "RestConnector"
+ }
+
+ It "Should return 'OutlookAndroid' if ClientInfoString FileContentMatch 'Client=OutlookService;Outlook-Android'" {
+ $result = CreateShortClientName "Client=Rest;Client=OutlookService;Outlook-Android"
+ $result | Should -Be "OutlookAndroid"
+ }
+
+ It "Should return 'GriffinRestClient' if ClientInfoString FileContentMatch 'GriffinRestClient'" {
+ $result = CreateShortClientName "Client=Rest;GriffinRestClient"
+ $result | Should -Be "GriffinRestClient"
+ }
+
+ It "Should return 'MacOutlookRest' if ClientInfoString FileContentMatch 'MacOutlook'" {
+ $result = CreateShortClientName "Client=Rest;MacOutlook"
+ $result | Should -Be "MacOutlookRest"
+ }
+
+ It "Should return 'Outlook-ModernCalendarSharing' if ClientInfoString FileContentMatch 'Microsoft Outlook 16'" {
+ $result = CreateShortClientName "Client=Rest;Microsoft Outlook 16"
+ $result | Should -Be "Outlook-ModernCalendarSharing"
+ }
+
+ It "Should return 'Teams' if ClientInfoString FileContentMatch 'SkypeSpaces'" {
+ $result = CreateShortClientName "Client=Rest;SkypeSpaces"
+ $result | Should -Be "Teams"
+ }
+
+ It "Should return 'Bookings B2 Service' if ClientInfoString FileContentMatch 'AppId=7b7fdad6-df9d-4cd5-a4f2-b5f749350419'" {
+ $result = CreateShortClientName "Client=Rest;AppId=7b7fdad6-df9d-4cd5-a4f2-b5f749350419"
+ $result | Should -Be "Bookings B2 Service"
+ }
+
+ It "Should return 'ELC-B2' if ClientInfoString FileContentMatch 'AppId=bcad1a65-78eb-4725-9bce-ce1a8ed30b95'" {
+ $result = CreateShortClientName "Client=Rest;AppId=bcad1a65-78eb-4725-9bce-ce1a8ed30b95"
+ $result | Should -Be "ELC-B2"
+ }
+ }
+}
+
+Describe "CreateShortClientName-FindMatch" {
+ BeforeAll {
+ . $PSScriptRoot\..\CalLogHelpers\ShortClientNameFunctions.ps1
+ }
+
+ Context 'Test CreateShortClientName focusing on the FindMatch function' -ForEach @(
+ @{ ClientInfoString = 'Client=Hub Transport'; Expected = "Transport" },
+ @{ ClientInfoString = 'Client=MSExchangeRPC'; Expected = "Outlook : Desktop" },
+ @{ ClientInfoString = 'OneOutlook'; Expected = "OneOutlook" },
+ @{ ClientInfoString = 'Lync for Mac'; Expected = "LyncMac" },
+ @{ ClientInfoString = 'AppId=00000004-0000-0ff1-ce00-000000000000'; Expected = "SkypeMMS" },
+ @{ ClientInfoString = 'MicrosoftNinja'; Expected = "Teams" },
+ @{ ClientInfoString = 'SkypeSpaces'; Expected = "Teams" },
+ @{ ClientInfoString = 'Remove-CalendarEvents'; Expected = "RemoveCalendarEvent" },
+ @{ ClientInfoString = 'Client=POP3/IMAP4'; Expected = "PopImap" },
+ @{ ClientInfoString = 'Client=OWA'; Expected = "OWA" },
+ @{ ClientInfoString = 'PublishedBookingCalendar'; Expected = "BookingAgent" },
+ @{ ClientInfoString = 'LocationAssistantProcessor'; Expected = "LocationProcessor" },
+ @{ ClientInfoString = 'AppId=6326e366-9d6d-4c70-b22a-34c7ea72d73d'; Expected = "CalendarReplication" },
+ @{ ClientInfoString = 'AppId=1e3faf23-d2d2-456a-9e3e-55db63b869b0'; Expected = "CiscoWebex" },
+ @{ ClientInfoString = 'AppId=1c3a76cc-470a-46d7-8ba9-713cfbb2c01f'; Expected = "Time Service" },
+ @{ ClientInfoString = 'AppId=48af08dc-f6d2-435f-b2a7-069abd99c086'; Expected = "RestConnector" },
+ @{ ClientInfoString = 'AppId=7b7fdad6-df9d-4cd5-a4f2-b5f749350419'; Expected = "Bookings B2 Service" },
+ @{ ClientInfoString = 'GriffinRestClient'; Expected = "GriffinRestClient" },
+ @{ ClientInfoString = 'MacOutlook'; Expected = "MacOutlookRest" },
+ @{ ClientInfoString = 'Outlook-iOS-Android'; Expected = "OutlookMobile" },
+ @{ ClientInfoString = 'Client=OutlookService;Outlook-Android'; Expected = "OutlookAndroid" },
+ @{ ClientInfoString = 'Client=OutlookService;Outlook-iOS'; Expected = "OutlookiOS" }
+
+ ) {
+ It 'Should return the expected value' {
+ $result = CreateShortClientName -ClientInfoString $ClientInfoString
+ $result | Should -Be $Expected
+ }
+ }
+}
+
diff --git a/Diagnostics/HealthChecker/Analyzer/Invoke-AnalyzerFrequentConfigurationIssues.ps1 b/Diagnostics/HealthChecker/Analyzer/Invoke-AnalyzerFrequentConfigurationIssues.ps1
index 2fbecb37fd..c0045e99c1 100644
--- a/Diagnostics/HealthChecker/Analyzer/Invoke-AnalyzerFrequentConfigurationIssues.ps1
+++ b/Diagnostics/HealthChecker/Analyzer/Invoke-AnalyzerFrequentConfigurationIssues.ps1
@@ -112,7 +112,7 @@ function Invoke-AnalyzerFrequentConfigurationIssues {
if (-not ($credGuardUnknown)) {
# CredentialGuardCimInstance is an array type and not sure if we can have multiple here, so just going to loop thru and handle it this way.
- $credGuardRunning = $null -ne ($osInformation.CredentialGuardCimInstance | Where-Object { $_ -ne 0 })
+ $credGuardRunning = $null -ne ($osInformation.CredentialGuardCimInstance | Where-Object { $_ -eq 1 })
}
$displayValue = $credentialGuardValue = $osInformation.RegistryValues.CredentialGuard -ne 0 -or $credGuardRunning
diff --git a/Diagnostics/HealthChecker/Analyzer/Security/Invoke-AnalyzerSecurityExchangeCertificates.ps1 b/Diagnostics/HealthChecker/Analyzer/Security/Invoke-AnalyzerSecurityExchangeCertificates.ps1
index 892533ec30..f19b084f73 100644
--- a/Diagnostics/HealthChecker/Analyzer/Security/Invoke-AnalyzerSecurityExchangeCertificates.ps1
+++ b/Diagnostics/HealthChecker/Analyzer/Security/Invoke-AnalyzerSecurityExchangeCertificates.ps1
@@ -106,7 +106,10 @@ function Invoke-AnalyzerSecurityExchangeCertificates {
Add-AnalyzedResultInformation @params
}
- if ($certificate.PublicKeySize -lt 2048) {
+ # We show the 'Key Size' if a certificate is RSA or DSA based but not for ECC certificates where it would be displayed with a value of 0
+ # More information: https://stackoverflow.com/questions/32873851/load-a-certificate-using-x509certificate2-with-ecc-public-key
+ if ($certificate.PublicKeySize -lt 2048 -and
+ -not($certificate.IsEccCertificate)) {
$params = $baseParams + @{
Name = "Key size"
Details = $certificate.PublicKeySize
@@ -121,7 +124,7 @@ function Invoke-AnalyzerSecurityExchangeCertificates {
DisplayCustomTabNumber = 2
}
Add-AnalyzedResultInformation @params
- } else {
+ } elseif (-not($certificate.IsEccCertificate)) {
$params = $baseParams + @{
Name = "Key size"
Details = $certificate.PublicKeySize
@@ -130,6 +133,13 @@ function Invoke-AnalyzerSecurityExchangeCertificates {
Add-AnalyzedResultInformation @params
}
+ $params = $baseParams + @{
+ Name = "ECC Certificate"
+ Details = $certificate.IsEccCertificate
+ DisplayCustomTabNumber = 2
+ }
+ Add-AnalyzedResultInformation @params
+
if ($certificate.SignatureHashAlgorithmSecure -eq 1) {
$shaDisplayWriteType = "Yellow"
} else {
diff --git a/Diagnostics/HealthChecker/DataCollection/ExchangeInformation/Get-ExchangeServerCertificates.ps1 b/Diagnostics/HealthChecker/DataCollection/ExchangeInformation/Get-ExchangeServerCertificates.ps1
index a775e861cb..472349b33d 100644
--- a/Diagnostics/HealthChecker/DataCollection/ExchangeInformation/Get-ExchangeServerCertificates.ps1
+++ b/Diagnostics/HealthChecker/DataCollection/ExchangeInformation/Get-ExchangeServerCertificates.ps1
@@ -210,6 +210,7 @@ function Get-ExchangeServerCertificates {
FriendlyName = $certFriendlyName
Thumbprint = $cert.Thumbprint
PublicKeySize = $cert.PublicKey.Key.KeySize
+ IsEccCertificate = $cert.PublicKey.Oid.Value -eq "1.2.840.10045.2.1" # WellKnownOid for ECC
SignatureAlgorithm = $certSignatureAlgorithm
SignatureHashAlgorithm = $certSignatureHashAlgorithm
SignatureHashAlgorithmSecure = $certSignatureHashAlgorithmSecure
diff --git a/Diagnostics/HealthChecker/DataCollection/ExchangeInformation/Tests/Get-ExchangeServerCertificates.Tests.ps1 b/Diagnostics/HealthChecker/DataCollection/ExchangeInformation/Tests/Get-ExchangeServerCertificates.Tests.ps1
index 761120d369..3d0b75ac37 100644
--- a/Diagnostics/HealthChecker/DataCollection/ExchangeInformation/Tests/Get-ExchangeServerCertificates.Tests.ps1
+++ b/Diagnostics/HealthChecker/DataCollection/ExchangeInformation/Tests/Get-ExchangeServerCertificates.Tests.ps1
@@ -49,6 +49,7 @@ Describe "Testing Get-ExchangeServerCertificates.ps1" {
$results[0].SignatureHashAlgorithmSecure | Should -Be 1
$results[0].IsSanCertificate | Should -Be $false
$results[0].PublicKeySize | Should -Be 2048
+ $results[0].IsEccCertificate | Should -Be $false
}
It "Valid SAN Certificate (using weak SHA1 Hash Algorithm) Detected" {
@@ -61,12 +62,14 @@ Describe "Testing Get-ExchangeServerCertificates.ps1" {
$results[1].IsSanCertificate | Should -Be $true
($results[1].Namespaces).Count | Should -Be 2
$results[1].PublicKeySize | Should -Be 2048
+ $results[1].IsEccCertificate | Should -Be $false
}
It "Valid Certificate (using strong SHA256 Hash Algorithm) Detected" {
$results[3].FriendlyName | Should -Be "WMSvc-SHA2-WIN-CTD3L0RGen4"
$results[3].Thumbprint | Should -Be "3341CEAF3DF4D3A9527EC98BDD53C54ECC3E0620"
$results[3].PublicKeySize | Should -Be 2048
+ $results[3].IsEccCertificate | Should -Be $false
$results[3].SignatureAlgorithm | Should -Be "sha256RSA"
$results[3].SignatureHashAlgorithm | Should -Be "sha256"
$results[3].SignatureHashAlgorithmSecure | Should -Be 2
diff --git a/Diagnostics/HealthChecker/Tests/HealthChecker.E15.Main.Tests.ps1 b/Diagnostics/HealthChecker/Tests/HealthChecker.E15.Main.Tests.ps1
index 05104c4d29..44aa8174a1 100644
--- a/Diagnostics/HealthChecker/Tests/HealthChecker.E15.Main.Tests.ps1
+++ b/Diagnostics/HealthChecker/Tests/HealthChecker.E15.Main.Tests.ps1
@@ -129,7 +129,7 @@ Describe "Testing Health Checker by Mock Data Imports - Exchange 2013" {
TestObjectMatch "SMB1 Installed" "True" -WriteType "Red"
TestObjectMatch "SMB1 Blocked" "False" -WriteType "Red"
- $Script:ActiveGrouping.Count | Should -Be 85
+ $Script:ActiveGrouping.Count | Should -Be 88
}
It "Display Results - Security Vulnerability" {
diff --git a/Diagnostics/HealthChecker/Tests/HealthChecker.E16.Main.Tests.ps1 b/Diagnostics/HealthChecker/Tests/HealthChecker.E16.Main.Tests.ps1
index 96e3367dd9..2dd778b239 100644
--- a/Diagnostics/HealthChecker/Tests/HealthChecker.E16.Main.Tests.ps1
+++ b/Diagnostics/HealthChecker/Tests/HealthChecker.E16.Main.Tests.ps1
@@ -132,7 +132,7 @@ Describe "Testing Health Checker by Mock Data Imports - Exchange 2016" {
TestObjectMatch "Pattern service" "Unreachable`r`n`t`tMore information: https://aka.ms/HelpConnectivityEEMS" -WriteType "Yellow"
TestObjectMatch "Telemetry enabled" "False"
- $Script:ActiveGrouping.Count | Should -Be 99
+ $Script:ActiveGrouping.Count | Should -Be 102
}
It "Display Results - Security Vulnerability" {
diff --git a/Diagnostics/HealthChecker/Tests/HealthChecker.E19.Main.Tests.ps1 b/Diagnostics/HealthChecker/Tests/HealthChecker.E19.Main.Tests.ps1
index 29b4722c78..0630de6cf4 100644
--- a/Diagnostics/HealthChecker/Tests/HealthChecker.E19.Main.Tests.ps1
+++ b/Diagnostics/HealthChecker/Tests/HealthChecker.E19.Main.Tests.ps1
@@ -140,7 +140,7 @@ Describe "Testing Health Checker by Mock Data Imports" {
TestObjectMatch "AES256-CBC Protected Content Support" "Not Supported Build" -WriteType "Red"
TestObjectMatch "SerializedDataSigning Enabled" "Unsupported Version" -WriteType "Red"
- $Script:ActiveGrouping.Count | Should -Be 81
+ $Script:ActiveGrouping.Count | Should -Be 84
}
It "Display Results - Security Vulnerability" {
diff --git a/docs/Emerging-Issues.md b/docs/Emerging-Issues.md
index 583615c04c..b22abc41e6 100644
--- a/docs/Emerging-Issues.md
+++ b/docs/Emerging-Issues.md
@@ -9,7 +9,10 @@ This page lists emerging issues for Exchange On-Premises deployments, possible r
|**Updated on**|**Update causing the issue**|**Issue**|**Workaround/Solution**|
|-|-|-|-|
-| 3/14/2024 | [March 2024 Security Update for Exchange 2019,2016](https://techcommunity.microsoft.com/t5/exchange-team-blog/released-march-2024-exchange-server-security-updates/ba-p/4075348) | After installing the [March 2024 Security Update]((https://techcommunity.microsoft.com/t5/exchange-team-blog/released-march-2024-exchange-server-security-updates/ba-p/4075348)), Search in Outlook (cached mode) may show "We're having trouble fetching results from the server...". The search works fine in OWA or Outlook online mode. | Use one of the following workarounds:
1) Use OWA or Outlook online mode for search
2) Disable server assisted search as described [here](https://support.microsoft.com/topic/5037277) |
+| 4/23/2024 | [March 2024 Security Update for Exchange 2019,2016](https://techcommunity.microsoft.com/t5/exchange-team-blog/released-march-2024-exchange-server-security-updates/ba-p/4075348) | After installing the [March 2024 Security Update]((https://techcommunity.microsoft.com/t5/exchange-team-blog/released-march-2024-exchange-server-security-updates/ba-p/4075348)), Search in Outlook (cached mode) may show "We're having trouble fetching results from the server...". The search works fine in OWA or Outlook online mode. | Please install [April 2024 Hotfix Update](https://techcommunity.microsoft.com/t5/exchange-team-blog/released-april-2024-exchange-server-hotfix-updates/ba-p/4120536) |
+| 4/23/2024 | [March 2024 Security Update for Exchange 2019,2016](https://techcommunity.microsoft.com/t5/exchange-team-blog/released-march-2024-exchange-server-security-updates/ba-p/4075348) | After installing the Security Update, add-ins may stop working with following error
"Add-in Error Something went wrong and we couldn't start this add-in. Please try again later or contact your system administrator | Please install [April 2024 Hotfix Update](https://techcommunity.microsoft.com/t5/exchange-team-blog/released-april-2024-exchange-server-hotfix-updates/ba-p/4120536) |
+| 4/23/2024 | [March 2024 Security Update for Exchange 2019,2016](https://techcommunity.microsoft.com/t5/exchange-team-blog/released-march-2024-exchange-server-security-updates/ba-p/4075348) |After installing the March 2024 Security Update, Unread envelope icon is not getting updated after applying March 2024 SU | Please install [April 2024 Hotfix Update](https://techcommunity.microsoft.com/t5/exchange-team-blog/released-april-2024-exchange-server-hotfix-updates/ba-p/4120536) |
+| 4/23/2024 | [March 2024 Security Update for Exchange 2019,2016](https://techcommunity.microsoft.com/t5/exchange-team-blog/released-march-2024-exchange-server-security-updates/ba-p/4075348) |After installing the March 2024 Security Update, preview of Office documents in OWA may fail with error "Sorry, there was a problem and we can't open this document." | Please install [April 2024 Hotfix Update](https://techcommunity.microsoft.com/t5/exchange-team-blog/released-april-2024-exchange-server-hotfix-updates/ba-p/4120536) |
| 2/20/2024 | [CU 14 for Exchange 2019](https://support.microsoft.com/KB/5035606) | Environments that are using SSL offloading configuration may face issues with Outlook connectivity issues after upgrading to Exchange 2019 CU14. | As announced in [August 2023](https://techcommunity.microsoft.com/t5/exchange-team-blog/coming-soon-enabling-extended-protection-on-exchange-server-by/ba-p/3911849) , by default, starting with CU14, Setup enables the Windows Extended Protection (EP) feature on the Exchange server being installed. Extended Protection isn't supported in environments that use SSL Offloading. SSL termination during SSL Offloading causes Extended Protection to fail. To enable Extended Protection in your Exchange environment, you must not be using SSL offloading with your Load Balancers. Please check [this link](https://learn.microsoft.com/exchange/plan-and-deploy/post-installation-tasks/security-best-practices/exchange-extended-protection?view=exchserver-2019#scenarios-that-could-affect-client-connectivity-when-extended-protection-was-enabled) for more details |
| 2/20/2024 | [CU 14 for Exchange 2019](https://support.microsoft.com/KB/5035606)| Environments that are using SSL offloading configuration may face issues with Outlook connectivity issues after upgrading to Exchange 2019 CU14. | As announced in [August 2023](https://techcommunity.microsoft.com/t5/exchange-team-blog/coming-soon-enabling-extended-protection-on-exchange-server-by/ba-p/3911849) , by default, starting with CU14, Setup enables the Windows Extended Protection (EP) feature on the Exchange server being installed. Extended Protection isn't supported in environments that use SSL Offloading. SSL termination during SSL Offloading causes Extended Protection to fail. To enable Extended Protection in your Exchange environment, you must not be using SSL offloading with your Load Balancers. Please check [this link](https://learn.microsoft.com/exchange/plan-and-deploy/post-installation-tasks/security-best-practices/exchange-extended-protection?view=exchserver-2019#scenarios-that-could-affect-client-connectivity-when-extended-protection-was-enabled) for more details |
| 2/19/2024 | [CU 14 for Exchange 2019](https://support.microsoft.com/topic/5036404) | Exchange 2019 CU14 RecoverServer fails while creating "New-PushNotificationsVirtualDirectory" with following error:
Exception setting "ExtendedProtectionTokenChecking": "Cannot convert null to type "Microsoft.Exchange.Data.Directory.SystemConfiguration.ExtendedProtectionTokenCheckingMode" due to enumeration values that are not valid.
| Please follow the steps from [this KB](https://support.microsoft.com/topic/5036404) to resolve the issue