[German]Microsoft offers the Exchange Health Checker, a PowerShell script to check on-premises Exchange installations for problems. The script is continuously developed by Microsoft. Frank Zöchling has now extended the Exchange Health Checker with a script to automatically make important settings when checking an Exchange installation.
The Exchange Health Checker
The Exchange Health Checker is a PowerShell script that helps to detect common configuration problems in Microsoft Exchange. Such problems, caused by a simple configuration change within an Exchange environment, often lead to performance issues and long-lasting other problems. In addition, the script also allows you to gather useful information about the server to speed up the process of collecting general information about your server, Microsoft writes. The script can be used on:
- Exchange Server 2013
- Exchange Server 2016
- Exchange Server 2019
to verify the configuration of the following Exchange Server versions. The script must run under an account that is a member of the Local Administrator group. On Exchange servers, this should be satisfied by membership in the Organization Management group. However, if the group membership has been customized or if the script is running on a non-Exchange system such as a Management server, you must add your account to the Local Administrator group. Accounts must also be members of the following groups:
- Organization Administration
- Domain Admins (required only for the DCCoreRatio parameter)
This script must be run as an administrator in the Exchange Management Shell on an Exchange Server, Microsoft writes. The call is made with the following command:
More details can be found on Microsoft's documentation page.
Exchange Health Checker enhanced
Frank Zöchling has now taken on the topic and extended the Exchange Health Checker with a script to automatically make important settings when checking an Exchange installation and to make fixes, if necessary..
Frank writes about this that with a fresh Exchange installation various security holes and other warnings about possible optimizations can be found. The created log immediately contains references to articles that deal with the elimination of the problems. Frank has developed a script based on these articles, which can clean up the following problems:
- Set swap file to 32GB
- Disable power saving functions of the network card
- Set power saving plan to "High Performance
- Set TCP KeepAlive to 30 min
- Enable TLS 1.2 for SCHANNEL
- Configure TLS 1.2 for .NET Framework
- Disable TLS 1.0, TLS 1.1 for SCHANNEL and .NET Framework
- Disable TLS 1.3 (not currently supported by Exchange 2019)
- Change download domains to autodiscover hostname
- Disable SSL offloading for Outlook Anywhere
- Download and run Windows Extended Protection Script
The individual correction options are queried at runtime and can be rejected by the administrator. If you are interested, you can read Frank's hints, recommendations and extensions in the article Exchange Health Checker Empfehlungen per Script umsetzen (translated Implementing Exchange Health Checker recommendations via script).
Use deepl.com to translate the German article into English, if necessary
Cookies helps to fund this blog: Cookie settings