Skip to content

Commit

Permalink
Merge branch 'main' into RBA_Update_Check
Browse files Browse the repository at this point in the history
  • Loading branch information
@dpaulson45
dpaulson45 authored Jul 1, 2024
2 parents 4b2ff1e + a4e399c commit 57f2d86
Show file tree
Hide file tree
Showing 4 changed files with 204 additions and 171 deletions.
11 changes: 11 additions & 0 deletions Diagnostics/HealthChecker/Analyzer/Invoke-AnalyzerExchangeInformation.ps1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -461,6 +461,17 @@ function Invoke-AnalyzerExchangeInformation {
Add-AnalyzedResultInformation @params
}
}

if ($exchangeInformation.DependentServices.Critical.Count -gt 0 -or
$exchangeInformation.DependentServices.Common.Count -gt 0 -or
$exchangeInformation.DependentServices.Misconfigured.Count -gt 0) {
$params = $baseParams + @{
Details = "To determine the display name of the service that is not properly configured or running, run 'Get-Service <Name>' to get more information."
DisplayCustomTabNumber = 2
DisplayWriteType = "Yellow"
}
Add-AnalyzedResultInformation @params
}
}

if ($exchangeInformation.GetExchangeServer.IsEdgeServer -eq $false -and
Expand Down
52 changes: 26 additions & 26 deletions ...ostics/HealthChecker/Tests/DataCollection/E15/Exchange/IIS/ExchangeBackEnd-ECP_web.config
View file
Original file line number Diff line number Diff line change
@@ -1,31 +1,31 @@
<?xml version="1.0"?>
<configuration>
<!--
<!--
Configuration section for Exchange Control Panel:
- rbacPrincipalMaximumAge: TimeSpan: Ex: 00:15:00 - 15 minutes.
Controls for how long we cache RBAC information for a particular identity.
Controls for how long we cache RBAC information for a particular identity.
This timeout is absolute, ie, it will expire even if the user is constantly using it.
This allows administrators to control for how long a user can run ECP with
out-of-date role assignments.
- rbacRunspaceSlidingExpiration: TimeSpan: Ex: 00:05:00 - 5 minutes.
Controls for how long we keep RBAC runspaces cached for a particular identity.
This timeout slides, ie, each time the user accesses his runspace we will let
the runspace live for this much longer.
Note that when the RbacPrincipal reaches its maximum age it will forcefully
expire and will take the associated runspaces with it, so
rbacRunspaceSlidingExpiration needs to be less than or equal to
the runspace live for this much longer.
Note that when the RbacPrincipal reaches its maximum age it will forcefully
expire and will take the associated runspaces with it, so
rbacRunspaceSlidingExpiration needs to be less than or equal to
rbacPrincipalMaximumAge.
Performance of the server can be tweaked between these two properties.
Increasing the timeouts allows the server to cache RBAC information
and runspaces for longer periods, therefore responding faster to returning
users at the cost of memory and a delay in automatically picking up changes
users at the cost of memory and a delay in automatically picking up changes
in role assignments. Note that users can force a refresh of their RBAC
information by creating new session (ie, opening new browser windows).
<configSections>
<section name="rbacConfig" type="Microsoft.Exchange.PowerShell.RbacHostingTools.Asp.Net.RbacSection, Microsoft.Exchange.PowerShell.RbacHostingTools" restartOnExternalChanges="true"/>
</configSections>
Expand All @@ -48,7 +48,7 @@
<add key="AddSourceToErrorMessages" value="false" />
<!-- Specify the directories to probe binaries, separate each path by a semicolon -->
<add key="BinSearchFolders" value="C:\Program Files\Microsoft\Exchange Server\V15\bin;C:\Program Files\Microsoft\Exchange Server\V15\bin\CmdletExtensionAgents;C:\Program Files\Microsoft\Exchange Server\V15\ClientAccess\Owa\bin" />
<!-- A tri-state switch indicating whether we want to show debug information such as call stack of exception.
<!-- A tri-state switch indicating whether we want to show debug information such as call stack of exception.
However, note that client javascript callstack will always be shown.
It accepts the following values, default is None:
All: Always show debug information for all errors.
Expand Down Expand Up @@ -124,12 +124,12 @@
<GlobalInfo lang="fil-PH" name="FirstName,Initials,LastName" address="Street,ZipPostal,StateProvince,City,Country" />
</GlobalInfos>
<system.web>
<machineKey validationKey="CB2721ABDAF8E9DC516D621D8B8BF13A2C9E8689A25303BF" decryptionKey="E9D2490BD0075B51D1BA5288514514AF" validation="SHA1" decryption="3DES" />
<machineKey validationKey="AutoGenerate,IsolateApps" />
<!--
Set client scripts location to version/scripts, so that request to WebRequest.axd will be replaced with this static path
-->
<webControls clientScriptsLocation="/ecp/15.0.1497.2/scripts/" />
<!--
<!--
Enable HTTPOnly flag for server generated cookies.
We used to require secure (HTTPS) cookies too, but CAS-2-CAS scenarios can use just HTTP.
Please note that these settings can be overwritten programmatically. So we specify entries here just
Expand Down Expand Up @@ -289,21 +289,21 @@
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" minFreeMemoryPercentageToActivateService="0" />
<bindings>
<webHttpBinding>
<!--
ECP Web Services are auto-configured and do not need to be listed here.
<!--
ECP Web Services are auto-configured and do not need to be listed here.
However, their svc file must include the following setting to activate the correct host:
Factory="Microsoft.Exchange.Management.ControlPanel.ServiceHostFactory"
We auto-configure the bindings based on the schema of the endpoint address.
HTTPS binding is used by the https://server/ecp base address and similarly the
HTTP binding is used with the http://server/ecp base address.
Note that HTTP is primarily for use with CAS-2-CAS proxy scenarios and requires
HTTP binding is used with the http://server/ecp base address.
Note that HTTP is primarily for use with CAS-2-CAS proxy scenarios and requires
the 'ecp' vdir to be configured to 'not' require SSL. In this case both endpoints
are created. If the vdir is configured to require SSL then only the https endpoint
is created.
In below the maxStringContentLength explicitly defines the maximum length required
In below the maxStringContentLength explicitly defines the maximum length required
throughout ECP. For example, OOF is using this value in its rich text editor to restrict the content inside.
Changing this number smaller may result in webservice failures.
Increase maxReceivedMessageSize and maxReceivedMessageSize to 2M to support 50,000 mailboxes for migration CSV file.
Expand All @@ -325,7 +325,7 @@
<binding name="http" maxReceivedMessageSize="524288">
<readerQuotas maxStringContentLength="128000" />
</binding>
<!--
<!--
Configuration for invoking the Microsoft Online (BPOS) shell web service.
-->
<binding name="MsOnlineShellService_BindingConfiguration" maxReceivedMessageSize="102400">
Expand All @@ -337,7 +337,7 @@
</wsHttpBinding>
</bindings>
<client>
<!--
<!--
This section specifies the configuration for invoking the Microsoft Online (BPOS) shell web service.
The "???" values are specified at deployment time, as implemented in:
sources/dev/Management/src/Management/Deployment/Components/DatacenterClientAccessComponent.xml
Expand All @@ -353,7 +353,7 @@
<behavior name="MsOnlineShellService_EndPointBehavior">
<clientCredentials>
<serviceCertificate>
<!-- Use the exchange server certificate in local server for authentication when connect
<!-- Use the exchange server certificate in local server for authentication when connect
to Shell service. No point to check whether our certificate has been revocated. -->
<authentication certificateValidationMode="ChainTrust" revocationMode="NoCheck" />
</serviceCertificate>
Expand Down
89 changes: 51 additions & 38 deletions azure-pipeline-merge.yml
View file
Original file line number Diff line number Diff line change
@@ -1,38 +1,51 @@
pool:
vmImage: 'windows-latest'

steps:
- pwsh: |
cd .\.build
.\docs.ps1
displayName: "Docs Check"

- pwsh: .\.build\SpellCheck.ps1
displayName: "Spell Check"

- pwsh: |
cd .\.build
.\CodeFormatter.ps1 -Branch $env:TargetBranchName
displayName: "Code Formatting Script"
condition: and(succeeded(), ne(variables['Build.SourceBranch'], 'refs/heads/release'))
env:
TargetBranchName: $(System.PullRequest.TargetBranch)

- pwsh: |
cd .\.build
.\Build.ps1
displayName: "Build Script"

- pwsh: |
cd .\.build
.\Pester.ps1 -NoProgress -Branch $env:TargetBranchName
displayName: "Running Invoke-Pester"
env:
TargetBranchName: $(System.PullRequest.TargetBranch)

- pwsh: |
cd .\.build
.\ValidateMerge.ps1 -Branch $env:TargetBranchName
displayName: "Validate commit times"
env:
TargetBranchName: $(System.PullRequest.TargetBranch)
resources:
repositories:
- repository: 1ESPipelineTemplates
type: git
name: 1ESPipelineTemplates/1ESPipelineTemplates
ref: refs/tags/release
extends:
template: v1/1ES.Unofficial.PipelineTemplate.yml@1ESPipelineTemplates
parameters:
settings:
skipBuildTagsForGitHubPullRequests: true
pool:
name: MSSecurity-1ES-Build-Agents-Pool
image: MSSecurity-1ES-Windows-2022
os: windows
customBuildTags:
- ES365AIMigrationTooling
stages:
- stage: stage
jobs:
- job: job
steps:
- pwsh: |
cd .\.build
.\docs.ps1
displayName: "Docs Check"
- pwsh: .\.build\SpellCheck.ps1
displayName: "Spell Check"
- pwsh: |
cd .\.build
.\CodeFormatter.ps1 -Branch $env:TargetBranchName
displayName: "Code Formatting Script"
condition: and(succeeded(), ne(variables['Build.SourceBranch'], 'refs/heads/release'))
env:
TargetBranchName: $(System.PullRequest.TargetBranch)
- pwsh: |
cd .\.build
.\Build.ps1
displayName: "Build Script"
- pwsh: |
cd .\.build
.\Pester.ps1 -NoProgress -Branch $env:TargetBranchName
displayName: "Running Invoke-Pester"
env:
TargetBranchName: $(System.PullRequest.TargetBranch)
- pwsh: |
cd .\.build
.\ValidateMerge.ps1 -Branch $env:TargetBranchName
displayName: "Validate commit times"
env:
TargetBranchName: $(System.PullRequest.TargetBranch)
Loading

0 comments on commit 57f2d86

Please sign in to comment.