Exchange Health Checker v25.11.03.1806


Servers Overview

Server Name Generation Time Exchange Version Server Role Product Name Time Zone .NET Framework Hardware Type Number of Logical Cores Physical Memory Vulnerability Detected
mx2022.fede.adventist.be 18/11/2025 8:00:21 Exchange 2019 CU15 Oct25SU Mailbox Windows Server 2022 Standard Romance Standard Time 4.8.1 HyperV 20 164 GB None

Server Details

Server Name mx2022.fede.adventist.be
Generation Time18/11/2025 8:00:21
Exchange VersionExchange 2019 CU15 Oct25SU
Build Number15.02.1748.039
Latest Install Time (SU/CU)16/10/2025 0:26:28
Exchange IU or Security Hotfix Detected
Hotfix Update for Exchange Server 2019 Cumulative Update 15 (KB5050672)
Hotfix Update for Exchange Server 2019 Cumulative Update 15 (KB5057651)
Security Update for Exchange Server 2019 Cumulative Update 15 (KB5063221)
Security Update for Exchange Server 2019 Cumulative Update 15 (KB5066367)
Hotfix Update for Exchange Server 2019 Cumulative Update 15 (KB5066372)
Server RoleMailbox
EditionStandard
DAG NameStandalone Server
AD SiteDefault-First-Site-Name
MRS Proxy EnabledTrue Keep MRS Proxy disabled if you do not plan to move mailboxes cross-forest or remote
Exchange Server MembershipPassed
Exchange Server Token Groups7
Internet Web ProxyNot Set
Extended Protection Enabled (Any VDir)True
Feature Flighting
Ring Level1
Endpoint Service Status200 - Reachable
Last Service Run Time18/11/2025 6:55:14
Features EnabledPING.1.0
Setting Overrides DetectedFalse
Monitoring Overrides DetectedTrue
Monitoring Overrides
IdentityItemTypePropertyNamePropertyValueApplyVersionIsValidIsGlobalExpirationTime
HubTransport\Transport.ServerCertExpireSoon.MonitorMonitorMonitoringThreshold240Version 15.2 (Build 397.3)TrueTrue13/10/2020 14:51:37
Exchange Server MaintenanceServer is not in Maintenance Mode
MAPI/HTTP EnabledTrue
Enable Download DomainsTrue
AD Split PermissionsFalse
Total AD Site Count1
Dynamic Distribution Group Public Folder Mailboxes Count1
Hybrid Configuration DetectedTrue
On-Premises Smart Host Domainmail.adventist.be
Domain(s) configured for Hybrid use
adra.be
Receiving Transport Server(s)
MX2022
Sending Transport Server(s)
MX2022
TLS Certificate NameCN=Sectigo RSA Domain Validation Secure Server CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GBCN=mail.adventist.be
Feature(s) enabled for Hybrid use
FreeBusy
MoveMailbox
Mailtips
MessageTracking
OwaRedirection
OnlineArchive
SecureMail
Photos
OAuth between Exchange Server and Exchange OnlineTrue
Dedicated Exchange Hybrid Application
Configure the dedicated hybrid app to ensure hybrid features continue working in the future
More information: https://aka.ms/HC-ExchangeHybridApplication
OAuth between Exchange Server and Microsoft TeamsFalse
Connector NameOutbound to Office 365 - aeb1ee1c-e8f7-4c14-8fc8-1f6f8935c2be
Connector EnabledTrue
Cloud Mail EnabledTrue
Connector TypeSend
TlsAuthLevelDomainValidation
TlsCertificateNameCN=Sectigo RSA Domain Validation Secure Server CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GBCN=mail.adventist.be
Certificate Found On ServerTrue
Certificate Thumbprint(s)
76C967997A0C19CA1E773AAA8FAD66FC2C42E794
Lifetime In Days
83
Certificate Matches Hybrid CertificateTrue
Connector NameOutbound to Office 365 - 267d4df8-938c-4425-a7c0-ed9dfb4681a0
Connector EnabledTrue
Cloud Mail EnabledTrue
Connector TypeSend
TlsAuthLevelDomainValidation
TlsCertificateNameCN=Sectigo RSA Domain Validation Secure Server CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GBCN=mail.adventist.be
Certificate Found On ServerTrue
Certificate Thumbprint(s)
76C967997A0C19CA1E773AAA8FAD66FC2C42E794
Lifetime In Days
83
Certificate Matches Hybrid CertificateTrue
Connector NameDefault Frontend MX2022
Connector EnabledTrue
Cloud Mail EnabledTrue
Connector TypeReceive
TlsCertificateNameCN=Sectigo RSA Domain Validation Secure Server CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GBCN=mail.adventist.be
Certificate Found On ServerTrue
Certificate Thumbprint(s)
76C967997A0C19CA1E773AAA8FAD66FC2C42E794
Lifetime In Days
83
Certificate Matches Hybrid CertificateTrue
Product NameWindows Server 2022 Standard
Version2009 (OS Build: 20348.4405)
System Up Time6 day(s) 7 hour(s) 15 minute(s) 31 second(s)
Time ZoneRomance Standard Time
Dynamic Daylight Time EnabledTrue
.NET Framework4.8.1
PageFilec:\pagefile.sys Size: 36864MB
Warning: On Exchange 2019 CU15 Oct25SU, the recommended PageFile size is 25% (41984MB) of the total system memory (167936MB).
More information: https://aka.ms/HC-PageFile
Power PlanHigh performance
Http Proxy SettingNone
Visual C++ 2012 x6411.0.61030 Version is current
Visual C++ 2013 x6412.0.40664 Version is current
Server Pending RebootTrue --- Warning a reboot is pending and can cause issues on the server.
HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager\PendingFileRenameOperations
More Information: https://aka.ms/HC-RebootPending
Event Log - Application--ERROR-- Not enough logs to cover 7 days. Oldest log entry is at 11/12/2025 19:35:32. This could cause issues with determining Root Cause Analysis.
Hardware TypeHyperV
ProcessorIntel(R) Xeon(R) CPU E5-2630 v4 @ 2.20GHz
Current Total Processor Usage27,35
Number of Processors2
Number of Physical Cores10
Number of Logical Cores20
Hyper-ThreadingEnabled --- Not Applicable
All Processor Cores VisiblePassed
Max Processor Speed2197
Physical Memory164 GB
Dynamic Memory DetectedFalse
Interface DescriptionMicrosoft Hyper-V Network Adapter #2 [Ethernet 2]
Driver Date2006-06-21
Driver Version10.0.20348.2849
MTU Size1500
Max Processors10
Max Processor Number18
Number of Receive Queues10
RSS EnabledTrue
Link Speed10000 Mbps --- This may not be accurate due to virtualized hardware
IPv6 EnabledFalse
IPv4 Address
Address192.168.21.10/24 Gateway: 192.168.21.1
IPv6 Address
DNS Server192.168.21.2 192.168.21.3
Registered In DNSTrue
Packets Received Discarded0
Disable IPv6 CorrectlyTrue
TCPKeepAlive1350000
RPC Minimum Connection Timeout0 More Information: https://aka.ms/HC-RPCSetting
FipsAlgorithmPolicy-Enabled0
EnableEccCertificateSupport Registry Value
CtsProcessorAffinityPercentage0
Disable Async Notification0
Credential Guard EnabledFalse
EdgeTransport.exe.config PresentTrue
NodeRunner.exe memory limit0 MB
Open Relay Wild Card DomainNot Set
DisablePreservation
EXO Connector PresentFalse
UnifiedContent Auto Cleanup ConfiguredFalse
More Information: https://aka.ms/HC-UnifiedContentCleanup
Root Public Folder Mailbox Serving Hierarchytrue - Error
TLS 1.0Disabled
TLS Settings 1.0
RegistryKeyLocationValue
EnabledSYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server0
DisabledByDefaultSYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server1
EnabledSYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client0
DisabledByDefaultSYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client1
TLS 1.1Disabled
TLS Settings 1.1
RegistryKeyLocationValue
EnabledSYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server0
DisabledByDefaultSYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server1
EnabledSYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client0
DisabledByDefaultSYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client1
TLS 1.2Enabled
TLS Settings 1.2
RegistryKeyLocationValue
EnabledSYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server1
DisabledByDefaultSYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server0
EnabledSYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client1
DisabledByDefaultSYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client0
TLS 1.3Enabled
TLS Settings 1.3
RegistryKeyLocationValue
EnabledSYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.3\Server1
DisabledByDefaultSYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.3\Server0
EnabledSYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.3\Client1
DisabledByDefaultSYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.3\Client0
TLS NET Settings
RegistryKeyLocationValue
SystemDefaultTlsVersionsSOFTWARE\Microsoft\.NETFramework\v4.0.303191
SchUseStrongCryptoSOFTWARE\Microsoft\.NETFramework\v4.0.303191
SystemDefaultTlsVersionsSOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.303191
SchUseStrongCryptoSOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.303191
SystemDefaultTlsVersionsSOFTWARE\Microsoft\.NETFramework\v2.0.50727NULL
SchUseStrongCryptoSOFTWARE\Microsoft\.NETFramework\v2.0.50727NULL
SystemDefaultTlsVersionsSOFTWARE\Wow6432Node\Microsoft\.NETFramework\v2.0.50727NULL
SchUseStrongCryptoSOFTWARE\Wow6432Node\Microsoft\.NETFramework\v2.0.50727NULL
SecurityProtocolSystemDefault
TLS Cipher Suite
TlsCipherSuiteNameCipherSuiteCipherCertificateProtocols
TLS_AES_256_GCM_SHA3844866AESTLS_1_3
TLS_AES_128_GCM_SHA2564865AESTLS_1_3
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA3840N/AN/A
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA25649195AESECDSATLS_1_2 & DTLS_1_1
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA38449200AESRSATLS_1_2 & DTLS_1_1
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA25649199AESRSATLS_1_2 & DTLS_1_1
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA38449188AESECDSATLS_1_2 & DTLS_1_1
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA25649187AESECDSATLS_1_2 & DTLS_1_1
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA38449192AESRSATLS_1_2 & DTLS_1_1
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA25649191AESRSATLS_1_2 & DTLS_1_1
AllowInsecureRenegoClients Value0
AllowInsecureRenegoServers Value0
LmCompatibilityLevel Settings3
AES256-CBC Protected Content SupportTrue
SMB1 InstalledFalse
SMB1 BlockedTrue
Certificate
FriendlyNameMicrosoft Exchange Server Auth Certificate
ThumbprintF4CEBBE61B458A75329D3D6BA28F575FA4BB0E91
Lifetime in days1818
Certificate has expiredFalse
Certificate statusValid
Key size2048
ECC CertificateFalse
Signature Algorithmsha256RSA
Signature Hash Algorithmsha256
Bound to servicesIMAP, POP, SMTP
Internal Transport CertificateFalse
Current Auth CertificateTrue
Next Auth CertificateFalse
SAN CertificateFalse
Namespaces
mail.adventist.be
Certificate
FriendlyNameCN=Microsoft Exchange Server Auth Certificate
ThumbprintE50B272B0292424F41576B5E920F16FB9D076B58
Lifetime in days357
Certificate has expiredFalse
Certificate statusValid
Key size2048
ECC CertificateFalse
Signature Algorithmsha256RSA
Signature Hash Algorithmsha256
Bound to servicesSMTP
Internal Transport CertificateFalse
Current Auth CertificateFalse
Next Auth CertificateFalse
SAN CertificateFalse
Namespaces
Microsoft Exchange Server Auth Certificate
Certificate
FriendlyNameCN=Microsoft Exchange Server Auth Certificate
Thumbprint3EBE30DC71BF3DBA64063C033AF3F3A276C815BD
Lifetime in days357
Certificate has expiredFalse
Certificate statusValid
Key size2048
ECC CertificateFalse
Signature Algorithmsha256RSA
Signature Hash Algorithmsha256
Bound to servicesNone
Internal Transport CertificateFalse
Current Auth CertificateFalse
Next Auth CertificateFalse
SAN CertificateFalse
Namespaces
Microsoft Exchange Server Auth Certificate
Certificate
FriendlyNameCN=Microsoft Exchange Server Auth Certificate
Thumbprint30F73E069EF5D7C288437E0A63FB19D3C0E3F28C
Lifetime in days357
Certificate has expiredFalse
Certificate statusValid
Key size2048
ECC CertificateFalse
Signature Algorithmsha256RSA
Signature Hash Algorithmsha256
Bound to servicesNone
Internal Transport CertificateFalse
Current Auth CertificateFalse
Next Auth CertificateFalse
SAN CertificateFalse
Namespaces
Microsoft Exchange Server Auth Certificate
Certificate
FriendlyNameMicrosoft Exchange Server Auth Certificate
ThumbprintCB946703DD0CD5247A38402E117EE0A4D30B21A2
Lifetime in days1818
Certificate has expiredFalse
Certificate statusValid
Key size2048
ECC CertificateFalse
Signature Algorithmsha256RSA
Signature Hash Algorithmsha256
Bound to servicesSMTP
Internal Transport CertificateTrue
Current Auth CertificateFalse
Next Auth CertificateFalse
SAN CertificateFalse
Namespaces
ACS
Certificate
FriendlyNameCN=BLF Enterprise Certificate Authority, DC=fede, DC=adventist, DC=be
Thumbprint25C8AA3CC5D0D0B472465D74A76342D3EFF08A27
Lifetime in days343
Certificate has expiredFalse
Certificate statusValid
Key size2048
ECC CertificateFalse
Signature Algorithmsha256RSA
Signature Hash Algorithmsha256
Bound to servicesNone
Internal Transport CertificateFalse
Current Auth CertificateFalse
Next Auth CertificateFalse
SAN CertificateFalse
Namespaces
mx2022.fede.adventist.be
Certificate
FriendlyNameMicrosoft Exchange
Thumbprint76C967997A0C19CA1E773AAA8FAD66FC2C42E794
Lifetime in days83
Certificate has expiredFalse
Certificate statusValid
Key size2048
ECC CertificateFalse
Signature Algorithmsha256RSA
Signature Hash Algorithmsha256
Bound to servicesIMAP, POP, IIS, SMTP
Internal Transport CertificateFalse
Current Auth CertificateFalse
Next Auth CertificateFalse
SAN CertificateTrue
Namespaces
mail.adventist.be
autodiscover.adventist.be
download.mail.adventist.be
Certificate
FriendlyNameMX2022-II-dix
Thumbprint7365EBAB143D62599E152357801F5BB4D6A2E9E4
Lifetime in days789
Certificate has expiredFalse
Certificate statusValid
Key size2048
ECC CertificateFalse
Signature Algorithmsha256RSA
Signature Hash Algorithmsha256
Bound to servicesNone
Internal Transport CertificateFalse
Current Auth CertificateFalse
Next Auth CertificateFalse
SAN CertificateFalse
Namespaces
mx2022.fede.adventist.be
Certificate
FriendlyNameMicrosoft Exchange
Thumbprint4920229798A6DE38C276AD1574C0BAAEEE9A3D87
Lifetime in days538
Certificate has expiredFalse
Certificate statusValid
Key size2048
ECC CertificateFalse
Signature Algorithmsha256RSA
Signature Hash Algorithmsha256
Bound to servicesSMTP
Internal Transport CertificateFalse
Current Auth CertificateFalse
Next Auth CertificateFalse
SAN CertificateTrue
Namespaces
mx2022
mx2022.fede.adventist.be
Certificate
FriendlyNameMicrosoft Exchange
Thumbprint0129F0D1AA63DFA23FC9A5D61973C0B73FA3298A
Lifetime in days426
Certificate has expiredFalse
Certificate statusValid
Key size2048
ECC CertificateFalse
Signature Algorithmsha256RSA
Signature Hash Algorithmsha256
Bound to servicesIIS, SMTP
Internal Transport CertificateFalse
Current Auth CertificateFalse
Next Auth CertificateFalse
SAN CertificateTrue
Namespaces
mx2022
mx2022.fede.adventist.be
Certificate
FriendlyNameWMSVC-SHA2
Thumbprint7479ED2572AE6BF2124EE2BBE89FCA1ABCA0CC9E
Lifetime in days2250
Certificate has expiredFalse
Certificate statusValid
Key size2048
ECC CertificateFalse
Signature Algorithmsha256RSA
Signature Hash Algorithmsha256
Bound to servicesNone
Internal Transport CertificateFalse
Current Auth CertificateFalse
Next Auth CertificateFalse
SAN CertificateFalse
Namespaces
WMSvc-SHA2-MX2022
Valid Internal Transport Certificate Found On ServerTrue
Valid Auth Certificate Found On ServerTrue
AMSI EnabledTrue
AMSI Request Body ScanningTrue
AMSI Request Body Size BlockFalse
SerializedDataSigning EnabledTrue
Strict Mode disabledFalse
BaseTypeCheckForDeserialization disabledFalse
Exchange Emergency Mitigation ServiceEnabled
Windows serviceRunning
Pattern service200 - Reachable
Mitigation appliedPING1
Run: 'Get-Mitigations.ps1' from: 'C:\Program Files\Microsoft\Exchange Server\V15\scripts\' to learn more.
Telemetry enabledTrue
IIS module anomalies detectedFalse
Vulnerability DetectedNone
IIS Sites Information
NameStateHSTS EnabledProtocol - Bindings - Certificate
Default Web SiteStartedFalsehttp - *:80: - NULL https - *:443:mx2022.fede.adventist.be - 7365EBAB143D62599E152357801F5BB4D6A2E9E4 https - *:443: - 76C967997A0C19CA1E773AAA8FAD66FC2C42E794 https - *:443:mail.adventist.be - 76C967997A0C19CA1E773AAA8FAD66FC2C42E794 https - *:443:autodiscover.adventist.be - 76C967997A0C19CA1E773AAA8FAD66FC2C42E794
Exchange Back EndStartedFalsehttp - *:81: - NULL https - *:444: - 0129F0D1AA63DFA23FC9A5D61973C0B73FA3298A
Application Pool Information
AppPoolNameStateGCServerEnabledRestartConditionSet
MSExchangeServicesAppPoolStartedTrueFalse
MSExchangeAutodiscoverAppPoolStartedFalseFalse
MSExchangeOWAAppPoolStartedFalseFalse
MSExchangeRestAppPoolStartedTrueFalse
MSExchangeRpcProxyAppPoolStartedFalseFalse
MSExchangeMapiAddressBookAppPoolStartedFalseFalse
MSExchangeRpcProxyFrontEndAppPoolStartedFalseFalse
MSExchangePowerShellAppPoolStartedFalseFalse
MSExchangeMapiFrontEndAppPoolStartedTrueFalse
MSExchangeMapiMailboxAppPoolStartedFalseFalse
MSExchangeOABAppPoolStartedFalseFalse
MSExchangePushNotificationsAppPoolStartedFalseFalse
MSExchangeOWACalendarAppPoolStartedFalseFalse
MSExchangePowerShellFrontEndAppPoolStartedFalseFalse
MSExchangeECPAppPoolStartedFalseFalse
MSExchangeSyncAppPoolStartedTrueFalse
MSExchangeRestFrontEndAppPoolStartedFalseFalse
Virtual Directory Locations
NameExtendedProtectionSslFlagsIPFilteringEnabledURLRewriteAuthentication
Default Web SiteNoneFalseFalseanonymous (default setting)
Default Web Site/APIRequireTrue (128-bit)FalseWindows (Negotiate,NTLM) anonymous (default setting)
Default Web Site/AutodiscoverNoneTrue (128-bit)FalseWindows (Negotiate,NTLM) anonymous (default setting) basic
Default Web Site/ecpRequireTrue (128-bit)Falseanonymous (default setting) basic
Default Web Site/EWSAllowTrue (128-bit)FalseWindows (Negotiate,NTLM) anonymous (default setting)
Default Web Site/mapiRequireTrue (128-bit)FalseWindows (Negotiate,NTLM)
Default Web Site/Microsoft-Server-ActiveSyncAllowTrue (128-bit)Falsebasic
Default Web Site/Microsoft-Server-ActiveSync/ProxyAllowTrue (128-bit)FalseWindows (Negotiate,NTLM)
Default Web Site/OABAllowTrue (128-bit)FalseWindows (Negotiate,NTLM)
Default Web Site/owaRequireTrue (128-bit)Falsebasic
Default Web Site/PowerShellRequireFalse Cert(Accept)False
Default Web Site/RpcRequireTrue (128-bit)FalseWindows (Negotiate,NTLM) basic
Exchange Back EndNoneFalseFalseanonymous (default setting)
Exchange Back End/APIRequireTrue (128-bit)FalseWindows (Negotiate,NTLM) anonymous (default setting)
Exchange Back End/AutodiscoverNoneTrue (128-bit)FalseWindows (Negotiate,NTLM) anonymous (default setting)
Exchange Back End/ecpRequireTrue (128-bit)FalseWindows (Negotiate,NTLM) anonymous (default setting)
Exchange Back End/EWSRequireTrue (128-bit)FalseWindows (Negotiate,NTLM) anonymous (default setting)
Exchange Back End/mapi/emsmdbRequireTrueFalseWindows (Negotiate,NTLM)
Exchange Back End/mapi/nspiRequireTrueFalseWindows (Negotiate,NTLM)
Exchange Back End/Microsoft-Server-ActiveSyncRequireTrue (128-bit)Falsebasic
Exchange Back End/Microsoft-Server-ActiveSync/ProxyRequireTrue (128-bit)FalseWindows (Negotiate,NTLM)
Exchange Back End/OABRequireTrue (128-bit)FalseWindows (Negotiate,NTLM)
Exchange Back End/owaRequireTrue (128-bit)FalseWindows (Negotiate,NTLM) anonymous (default setting)
Exchange Back End/PowerShellRequireTrue (128-bit)FalseWindows (Negotiate,NTLM)
Exchange Back End/RpcRequireTrue (128-bit)FalseWindows (Negotiate,NTLM)
Exchange Back End/RpcWithCertRequireTrue (128-bit)FalseWindows (Negotiate,NTLM)