Exchange Health Checker v24.12.18.1920


Servers Overview

Server Name Generation Time Exchange Version Server Role OS Version Time Zone .NET Framework Hardware Type Number of Logical Cores Physical Memory Vulnerability Detected
mx2022.fede.adventist.be 25/12/2024 8:01:09 Exchange 2019 CU14 Nov24SU Mailbox Windows Server 2022 Standard Romance Standard Time 4.8.1 HyperV 20 144 GB True

Server Details

Server Name mx2022.fede.adventist.be
Generation Time25/12/2024 8:01:09
Exchange VersionExchange 2019 CU14 Nov24SU
Build Number15.02.1544.013
Latest Install Time (SU/CU)14/11/2024 0:12:09
Exchange IU or Security Hotfix Detected
Security Update for Exchange Server 2019 Cumulative Update 14 (KB5036401) - Installed on 14/11/2024
Hotfix Update for Exchange Server 2019 Cumulative Update 14 (KB5037224) - Installed on 14/11/2024
Security Update for Exchange Server 2019 Cumulative Update 14 (KB5044062) - Installed on 14/11/2024
Not on the latest SU. More Information: https://aka.ms/HC-ExBuilds
Known Issue DetectedTrue
This build has a known issue(s) which may or may not have been addressed. See the below link(s) for more information.
Pulled Nov 2024 Security Update: https://techcommunity.microsoft.com/blog/exchange/released-november-2024-exchange-server-security-updates/4293125
Known Issue when sending email with Pickup Folder is using Admin Display Version vs Installed Version: https://support.microsoft.com/topic/email-sent-through-pickup-folder-displays-admin-version-068ae880-5bbf-43f0-a1fa-24a78f31635f
Server RoleMailbox
EditionStandard
DAG NameStandalone Server
AD SiteDefault-First-Site-Name
MRS Proxy EnabledTrue Keep MRS Proxy disabled if you do not plan to move mailboxes cross-forest or remote
Exchange Server MembershipFailed
Unable to determine Local System Membership as the results were blank.
More Information: https://aka.ms/HC-ServerMembership
Internet Web ProxyNot Set
Extended Protection Enabled (Any VDir)True
Setting Overrides DetectedFalse
Monitoring Overrides DetectedTrue
Monitoring Overrides
IdentityItemTypePropertyNamePropertyValueApplyVersionIsValidIsGlobalExpirationTime
HubTransport\Transport.ServerCertExpireSoon.MonitorMonitorMonitoringThreshold240Version 15.2 (Build 397.3)TrueTrue13/10/2020 14:51:37
Exchange Server MaintenanceServer is not in Maintenance Mode
MAPI/HTTP EnabledTrue
Enable Download DomainsTrue
AD Split PermissionsFalse
Total AD Site Count1
Dynamic Distribution Group Public Folder Mailboxes Count1
Organization Hybrid EnabledTrue
On-Premises Smart Host Domainmail.adventist.be
Domain(s) configured for Hybrid use
woordvanhoop.be
jeunesseadventiste.be
hopebible.be
esda-instituut.be
adventjeugd.be
adventiste.lu
adventist.lu
autod:adventist.be
Receiving Transport Server(s)
MX2022
Sending Transport Server(s)
MX2022
TLS Certificate NameCN=R11, O=Let's Encrypt, C=USCN=mail.adventist.be
Feature(s) enabled for Hybrid use
FreeBusy
MoveMailbox
Mailtips
MessageTracking
OwaRedirection
OnlineArchive
SecureMail
Photos
Connector NameDefault Frontend MX2022
Connector EnabledTrue
Cloud Mail EnabledTrue
Connector TypeReceive
TlsCertificateNameCN=R11, O=Let's Encrypt, C=USCN=mail.adventist.be
Certificate Found On ServerTrue
Certificate Thumbprint(s)
3776BCFC55E41AA7AD09CD847FB887B4831C167B
Lifetime In Days
50
Certificate Matches Hybrid CertificateTrue
Connector NameOutbound to Office 365 - aeb1ee1c-e8f7-4c14-8fc8-1f6f8935c2be
Connector EnabledTrue
Cloud Mail EnabledTrue
Connector TypeSend
TlsCertificateNameCN=R11, O=Let's Encrypt, C=USCN=mail.adventist.be
Certificate Found On ServerTrue
Certificate Thumbprint(s)
3776BCFC55E41AA7AD09CD847FB887B4831C167B
Lifetime In Days
50
Certificate Matches Hybrid CertificateTrue
Connector NameOutbound to Office 365 - 267d4df8-938c-4425-a7c0-ed9dfb4681a0
Connector EnabledTrue
Cloud Mail EnabledTrue
Connector TypeSend
TlsCertificateNameCN=R3, O=Let's Encrypt, C=USCN=mail.adventist.be
Certificate Found On ServerFalse
The configured 'TlsCertificateName' was not found on the server. This may cause mail flow issues. More information: https://aka.ms/HC-HybridConnector
OS VersionWindows Server 2022 Standard
System Up Time14 day(s) 7 hour(s) 38 minute(s) 32 second(s)
Time ZoneRomance Standard Time
Dynamic Daylight Time EnabledTrue
.NET Framework4.8.1
PageFilec:\pagefile.sys Size: 36864MB
Power PlanHigh performance
Http Proxy SettingNone
Visual C++ 2012 x6411.0.61030 Version is current
Visual C++ 2013 x6412.0.40664 Version is current
Server Pending RebootTrue --- Warning a reboot is pending and can cause issues on the server.
HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager\PendingFileRenameOperations
More Information: https://aka.ms/HC-RebootPending
Hardware TypeHyperV
ProcessorIntel(R) Xeon(R) CPU E5-2630 v4 @ 2.20GHz
Current Total Processor Usage11,57
Number of Processors2
Number of Physical Cores10
Number of Logical Cores20
Hyper-ThreadingEnabled --- Not Applicable
All Processor Cores VisiblePassed
Max Processor Speed2197
Physical Memory144 GB
Dynamic Memory DetectedFalse
Interface DescriptionMicrosoft Hyper-V Network Adapter [Ethernet]
Driver Date2006-06-21
Driver Version10.0.20348.2849
MTU Size1500
Max Processors10
Max Processor Number18
Number of Receive Queues10
RSS EnabledTrue
Link Speed10000 Mbps --- This may not be accurate due to virtualized hardware
IPv6 EnabledFalse
IPv4 Address
Address192.168.21.10/24 Gateway: 192.168.21.1
IPv6 Address
DNS Server192.168.21.2 192.168.21.3
Registered In DNSTrue
Packets Received Discarded0
Disable IPv6 CorrectlyTrue
TCPKeepAlive1350000
RPC Minimum Connection Timeout0 More Information: https://aka.ms/HC-RPCSetting
FipsAlgorithmPolicy-Enabled0
EnableEccCertificateSupport Registry Value
CtsProcessorAffinityPercentage0
Disable Async Notification0
Credential Guard EnabledFalse
EdgeTransport.exe.config PresentTrue
NodeRunner.exe memory limit0 MB
IanaTimeZoneMappings.xml invalid [Duplicate entry] - IANA: Asia/Bishkek Win: Central Asia Standard Time More information: https://aka.ms/ExchangeIanaTimeZoneIssue
Open Relay Wild Card DomainNot Set
DisablePreservation
EXO Connector PresentFalse
UnifiedContent Auto Cleanup ConfiguredTrue
TLS 1.0Disabled
TLS Settings 1.0
RegistryKeyLocationValue
EnabledSYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server0
DisabledByDefaultSYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server1
EnabledSYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client0
DisabledByDefaultSYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client1
TLS 1.1Disabled
TLS Settings 1.1
RegistryKeyLocationValue
EnabledSYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server0
DisabledByDefaultSYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server1
EnabledSYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client0
DisabledByDefaultSYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client1
TLS 1.2Enabled
TLS Settings 1.2
RegistryKeyLocationValue
EnabledSYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server1
DisabledByDefaultSYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server0
EnabledSYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client1
DisabledByDefaultSYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client0
TLS 1.3Disabled
TLS Settings 1.3
RegistryKeyLocationValue
EnabledSYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.3\ServerNULL
DisabledByDefaultSYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.3\ServerNULL
EnabledSYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.3\ClientNULL
DisabledByDefaultSYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.3\ClientNULL
TLS NET Settings
RegistryKeyLocationValue
SystemDefaultTlsVersionsSOFTWARE\Microsoft\.NETFramework\v4.0.303191
SchUseStrongCryptoSOFTWARE\Microsoft\.NETFramework\v4.0.303191
SystemDefaultTlsVersionsSOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.303191
SchUseStrongCryptoSOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.303191
SystemDefaultTlsVersionsSOFTWARE\Microsoft\.NETFramework\v2.0.50727NULL
SchUseStrongCryptoSOFTWARE\Microsoft\.NETFramework\v2.0.50727NULL
SystemDefaultTlsVersionsSOFTWARE\Wow6432Node\Microsoft\.NETFramework\v2.0.50727NULL
SchUseStrongCryptoSOFTWARE\Wow6432Node\Microsoft\.NETFramework\v2.0.50727NULL
SecurityProtocolTls12
TLS Cipher Suite
TlsCipherSuiteNameCipherSuiteCipherCertificateProtocols
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA38449196AESECDSATLS_1_2 & DTLS_1_1
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA25649195AESECDSATLS_1_2 & DTLS_1_1
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA38449200AESRSATLS_1_2 & DTLS_1_1
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA25649199AESRSATLS_1_2 & DTLS_1_1
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA38449188AESECDSATLS_1_2 & DTLS_1_1
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA25649187AESECDSATLS_1_2 & DTLS_1_1
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA38449192AESRSATLS_1_2 & DTLS_1_1
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA25649191AESRSATLS_1_2 & DTLS_1_1
AllowInsecureRenegoClients Value0
AllowInsecureRenegoServers Value0
LmCompatibilityLevel Settings3
AES256-CBC Protected Content SupportTrue
SMB1 InstalledFalse
SMB1 BlockedTrue
Certificate
FriendlyNameCN=BLF Enterprise Certificate Authority, DC=fede, DC=adventist, DC=be
Thumbprint2F120E75D1F9EA82E22D0DB1F356EAD482E664E7
Lifetime in days348
Certificate has expiredFalse
Certificate statusValid
Key size2048
ECC CertificateFalse
Signature Algorithmsha256RSA
Signature Hash Algorithmsha256
Bound to servicesNone
Internal Transport CertificateFalse
Current Auth CertificateFalse
Next Auth CertificateFalse
SAN CertificateFalse
Namespaces
mx2022.fede.adventist.be
Certificate
FriendlyName[Manual] mail.adventist.be @ 2024/11/15 12:23:27
Thumbprint3776BCFC55E41AA7AD09CD847FB887B4831C167B
Lifetime in days50
Certificate has expiredFalse
Certificate statusValid
Key size3072
ECC CertificateFalse
Signature Algorithmsha256RSA
Signature Hash Algorithmsha256
Bound to servicesIMAP, POP, IIS, SMTP
Internal Transport CertificateTrue
Current Auth CertificateFalse
Next Auth CertificateFalse
SAN CertificateTrue
Namespaces
autodiscover.adventist.be
download.mail.adventist.be
ex2022.adventist.be
mail.adventist.be
Certificate
FriendlyNameMX2022-II-dix
Thumbprint7365EBAB143D62599E152357801F5BB4D6A2E9E4
Lifetime in days1117
Certificate has expiredFalse
Certificate statusValid
Key size2048
ECC CertificateFalse
Signature Algorithmsha256RSA
Signature Hash Algorithmsha256
Bound to servicesNone
Internal Transport CertificateFalse
Current Auth CertificateFalse
Next Auth CertificateFalse
SAN CertificateFalse
Namespaces
mx2022.fede.adventist.be
Certificate
FriendlyNameMX2022-IIS
Thumbprint5BF4850C1B12504A0CFA943FFFE8B34C25C6503E
Lifetime in days21
Certificate has expiredFalse
Certificate statusValid
Key size4096
ECC CertificateFalse
Signature Algorithmsha256RSA
Signature Hash Algorithmsha256
Bound to servicesNone
Internal Transport CertificateFalse
Current Auth CertificateFalse
Next Auth CertificateFalse
SAN CertificateFalse
Namespaces
mx2022.fede.adventist.be
Certificate
FriendlyNameMicrosoft Exchange
Thumbprint4920229798A6DE38C276AD1574C0BAAEEE9A3D87
Lifetime in days866
Certificate has expiredFalse
Certificate statusValid
Key size2048
ECC CertificateFalse
Signature Algorithmsha256RSA
Signature Hash Algorithmsha256
Bound to servicesSMTP
Internal Transport CertificateFalse
Current Auth CertificateFalse
Next Auth CertificateFalse
SAN CertificateTrue
Namespaces
mx2022
mx2022.fede.adventist.be
Certificate
FriendlyNameMicrosoft Exchange
Thumbprint0129F0D1AA63DFA23FC9A5D61973C0B73FA3298A
Lifetime in days754
Certificate has expiredFalse
Certificate statusValid
Key size2048
ECC CertificateFalse
Signature Algorithmsha256RSA
Signature Hash Algorithmsha256
Bound to servicesIIS, SMTP
Internal Transport CertificateFalse
Current Auth CertificateFalse
Next Auth CertificateFalse
SAN CertificateTrue
Namespaces
mx2022
mx2022.fede.adventist.be
Certificate
FriendlyNameWMSVC-SHA2
Thumbprint7479ED2572AE6BF2124EE2BBE89FCA1ABCA0CC9E
Lifetime in days2578
Certificate has expiredFalse
Certificate statusValid
Key size2048
ECC CertificateFalse
Signature Algorithmsha256RSA
Signature Hash Algorithmsha256
Bound to servicesNone
Internal Transport CertificateFalse
Current Auth CertificateFalse
Next Auth CertificateFalse
SAN CertificateFalse
Namespaces
WMSvc-SHA2-MX2022
Certificate
FriendlyNameMicrosoft Exchange Server Auth Certificate
ThumbprintFE5E0C111907640558880109F7B04D28DA18663B
Lifetime in days319
Certificate has expiredFalse
Certificate statusValid
Key size2048
ECC CertificateFalse
Signature Algorithmsha256RSA
Signature Hash Algorithmsha256
Bound to servicesSMTP
Internal Transport CertificateFalse
Current Auth CertificateTrue
Next Auth CertificateFalse
SAN CertificateFalse
Namespaces
ACS
Valid Internal Transport Certificate Found On ServerTrue
Valid Auth Certificate Found On ServerTrue
AMSI EnabledTrue
AMSI Request Body ScanningFalse
AMSI Request Body Size BlockFalse
SerializedDataSigning EnabledTrue
Strict Mode disabledFalse
BaseTypeCheckForDeserialization disabledFalse
Exchange Emergency Mitigation ServiceEnabled
Windows serviceRunning
Pattern service200 - Reachable
Mitigation appliedPING1
Run: 'Get-Mitigations.ps1' from: 'C:\Program Files\Microsoft\Exchange Server\V15\scripts\' to learn more.
Telemetry enabledTrue
IIS module anomalies detectedFalse
Security VulnerabilityCVE-2024-49040 - Override Is Set: False See: https://portal.msrc.microsoft.com/security-guidance/advisory/CVE-2024-49040 for more information.
Security VulnerabilitiesCVE-2024-49040 - Override Is Set: False See: https://portal.msrc.microsoft.com/security-guidance/advisory/CVE-2024-49040 for more information.
IIS Sites Information
NameStateHSTS EnabledProtocol - Bindings - Certificate
Default Web SiteStartedFalsehttp - *:80: - NULL https - *:443:mx2022.fede.adventist.be - 7365EBAB143D62599E152357801F5BB4D6A2E9E4 https - *:443: - 3776BCFC55E41AA7AD09CD847FB887B4831C167B https - *:443:mail.adventist.be - 3776BCFC55E41AA7AD09CD847FB887B4831C167B https - *:443:autodiscover.adventist.be - 3776BCFC55E41AA7AD09CD847FB887B4831C167B
Exchange Back EndStartedFalsehttp - *:81: - NULL https - *:444: - 0129F0D1AA63DFA23FC9A5D61973C0B73FA3298A
Application Pool Information
AppPoolNameStateGCServerEnabledRestartConditionSet
MSExchangeMapiFrontEndAppPoolStartedTrueFalse
MSExchangeOWAAppPoolStartedFalseFalse
MSExchangeECPAppPoolStartedFalseFalse
MSExchangeRestAppPoolStartedTrueFalse
MSExchangeMapiAddressBookAppPoolStartedFalseFalse
MSExchangeRpcProxyFrontEndAppPoolStartedFalseFalse
MSExchangePowerShellAppPoolStartedFalseFalse
MSExchangePowerShellFrontEndAppPoolStartedFalseFalse
MSExchangeRestFrontEndAppPoolStartedFalseFalse
MSExchangeMapiMailboxAppPoolStartedFalseFalse
MSExchangeOABAppPoolStartedFalseFalse
MSExchangePushNotificationsAppPoolStartedFalseFalse
MSExchangeOWACalendarAppPoolStartedFalseFalse
MSExchangeAutodiscoverAppPoolStartedFalseFalse
MSExchangeServicesAppPoolStartedTrueFalse
MSExchangeSyncAppPoolStartedTrueFalse
MSExchangeRpcProxyAppPoolStartedFalseFalse
Virtual Directory Locations
NameExtendedProtectionSslFlagsIPFilteringEnabledURLRewriteAuthentication
Default Web SiteNoneFalseFalseanonymous (default setting)
Default Web Site/APIRequireTrue (128-bit)FalseWindows (Negotiate,NTLM) anonymous (default setting)
Default Web Site/AutodiscoverNoneTrue (128-bit)FalseWindows (Negotiate,NTLM) anonymous (default setting) basic
Default Web Site/ecpRequireTrue (128-bit)Falseanonymous (default setting) basic
Default Web Site/EWSAllowTrue (128-bit)FalseWindows (Negotiate,NTLM) anonymous (default setting)
Default Web Site/mapiRequireTrue (128-bit)FalseWindows (Negotiate,NTLM)
Default Web Site/Microsoft-Server-ActiveSyncAllowTrue (128-bit)Falsebasic
Default Web Site/Microsoft-Server-ActiveSync/ProxyAllowTrue (128-bit)FalseWindows (Negotiate,NTLM)
Default Web Site/OABAllowTrue (128-bit)FalseWindows (Negotiate,NTLM)
Default Web Site/owaRequireTrue (128-bit)Falsebasic
Default Web Site/PowerShellRequireFalse Cert(Accept)False
Default Web Site/RpcRequireTrue (128-bit)FalseWindows (Negotiate,NTLM) basic
Exchange Back EndNoneFalseFalseanonymous (default setting)
Exchange Back End/APIRequireTrue (128-bit)FalseWindows (Negotiate,NTLM) anonymous (default setting)
Exchange Back End/AutodiscoverNoneTrue (128-bit)FalseWindows (Negotiate,NTLM) anonymous (default setting)
Exchange Back End/ecpRequireTrue (128-bit)FalseWindows (Negotiate,NTLM) anonymous (default setting)
Exchange Back End/EWSRequireTrue (128-bit)FalseWindows (Negotiate,NTLM) anonymous (default setting)
Exchange Back End/mapi/emsmdbRequireTrueFalseWindows (Negotiate,NTLM)
Exchange Back End/mapi/nspiRequireTrueFalseWindows (Negotiate,NTLM)
Exchange Back End/Microsoft-Server-ActiveSyncRequireTrue (128-bit)Falsebasic
Exchange Back End/Microsoft-Server-ActiveSync/ProxyRequireTrue (128-bit)FalseWindows (Negotiate,NTLM)
Exchange Back End/OABRequireTrue (128-bit)FalseWindows (Negotiate,NTLM)
Exchange Back End/owaRequireTrue (128-bit)FalseWindows (Negotiate,NTLM) anonymous (default setting)
Exchange Back End/PowerShellRequireTrue (128-bit)FalseWindows (Negotiate,NTLM)
Exchange Back End/RpcRequireTrue (128-bit)FalseWindows (Negotiate,NTLM)
Exchange Back End/RpcWithCertRequireTrue (128-bit)FalseWindows (Negotiate,NTLM)