API tools faq
paste
Advertisement
timsstuff

Fix-OWASSL.ps1

timsstuff
Jan 17th, 2022 (edited)
2,201
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PowerShell 8.11 KB | None | 0 0
raw download clone embed print report
  1. [CmdletBinding()]
  2. Param
  3. (
  4.     [Parameter(Mandatory = $true)][string]$Server,
  5.     [Parameter(Mandatory = $true)][string]$Hostname,
  6.     [Parameter(Mandatory = $false)][string]$IntHost,
  7.     [Parameter(Mandatory = $false)][string]$IntProtocol = "https:",
  8.     [Parameter(Mandatory = $false)][switch]$ListOnly,
  9.     [Parameter(Mandatory = $false)][switch]$ResetIIS,
  10.     [Parameter(Mandatory = $false)][switch]$EnableSSLOffloading,
  11.     [Parameter(Mandatory = $false)][switch]$SetSingleDomainLogon
  12. )
  13.  
  14. if ($inthost -eq '') { $inthost = $hostname }
  15. if (!$intprotocol.EndsWith(':')) { $intprotocol += ':' }
  16. $version = (Get-ExchangeServer $server).AdminDisplayVersion.Major
  17. $domain = (Get-WmiObject -Class Win32_ComputerSystem).Domain
  18.  
  19. If (!$ListOnly) {
  20.     If ($version -eq 15) {
  21.         Get-OutlookAnywhere -server $server | Set-OutlookAnywhere -ExternalHostname $hostname -InternalHostname $inthost -SSLOffloading $true `
  22.             -IISAuthenticationMethods Basic,NTLM,Negotiate -ExternalClientAuthenticationMethod Negotiate -ExternalClientsRequireSsl $true -InternalClientAuthenticationMethod Negotiate `
  23.             -InternalClientsRequireSsl $($intprotocol -eq 'https:')
  24.         Set-MapiVirtualDirectory -Identity "$server\mapi (Default Web Site)" -InternalURL "$intprotocol//$inthost/mapi" -ExternalURL "https://$hostname/mapi"
  25.     }
  26.     If ($version -eq 14) {
  27.         If ((Get-OutlookAnywhere -Server $server) -eq $null) {
  28.             Enable-OutlookAnywhere -Server $server -DefaultAuthenticationMethod NTLM -ExternalHostname $hostname -SSLOffloading $false
  29.         }
  30.         else {
  31.             Set-OutlookAnywhere -Identity "$server\Rpc (Default Web Site)" -ExternalHostname $hostname -IISAuthenticationMethods NTLM, Basic -ClientAuthenticationMethod NTLM
  32.         }
  33.     }
  34.  
  35.     Set-AutodiscoverVirtualDirectory -Identity "$server\Autodiscover (Default Web Site)" -InternalURL "$intprotocol//$inthost/autodiscover/autodiscover.xml" -ExternalURL "https://$hostname/autodiscover/autodiscover.xml"
  36.     Set-ClientAccessServer -Identity $server -AutodiscoverServiceInternalUri "$intprotocol//$inthost/autodiscover/autodiscover.xml"
  37.     Set-WebServicesVirtualDirectory -Identity "$server\EWS (Default Web Site)" -InternalUrl "$intprotocol//$inthost/ews/exchange.asmx" -ExternalUrl "https://$hostname/ews/exchange.asmx"
  38.     Set-OABVirtualDirectory -Identity "$server\oab (Default Web Site)" -InternalUrl "$intprotocol//$inthost/oab" -ExternalUrl "https://$hostname/oab"
  39.     Set-ActiveSyncVirtualDirectory -Identity "$server\Microsoft-Server-ActiveSync (Default Web Site)" -InternalURL "$intprotocol//$inthost/Microsoft-Server-ActiveSync" -ExternalURL "https://$hostname/Microsoft-Server-ActiveSync"
  40.     Set-ECPVirtualDirectory -Identity "$server\ecp (Default Web Site)" -InternalURL "$intprotocol//$inthost/ecp" -ExternalURL "https://$hostname/ecp"
  41.     Set-OWAVirtualDirectory -Identity "$server\owa (Default Web Site)" -InternalURL "$intprotocol//$inthost/owa" -ExternalURL "https://$hostname/owa"
  42.     Set-PowerShellVirtualDirectory -Identity "$server\PowerShell (Default Web Site)" -InternalURL "$intprotocol//$inthost/powershell" -ExternalURL "https://$hostname/powershell"
  43.     Set-MapiVirtualDirectory -Identity "$server\mapi (Default Web Site)" -IISAuthenticationMethods NTLM, Oauth, Negotiate
  44.     Set-OutlookProvider -Identity WEB -Server $null -CertPrincipalName msstd:$hostname
  45.     Set-OutlookProvider -Identity EXPR -Server $null -CertPrincipalName msstd:$hostname
  46.     Set-OutlookProvider -Identity EXCH -Server $null -CertPrincipalName msstd:$hostname
  47.  
  48.     #Enable SSL Offloading
  49.     if ($EnableSSLOffloading) {
  50.         Set-OutlookAnywhere -Identity $server\Rpc* -Externalhostname $hostname -ExternalClientsRequireSsl $true -ExternalClientAuthenticationMethod Basic
  51.         Set-OutlookAnywhere -Identity $server\Rpc* -SSLOffloading $true
  52.         if ($env:ComputerName -eq $server) {
  53.             Set-WebConfigurationProperty -Filter //security/access -name sslflags -Value "None" -PSPath IIS: -Location "Default Web Site"
  54.             Set-WebConfigurationProperty -Filter //security/access -name sslflags -Value "None" -PSPath IIS: -Location "Default Web Site/API"
  55.             Set-WebConfigurationProperty -Filter //security/access -name sslflags -Value "None" -PSPath IIS: -Location "Default Web Site/OWA"
  56.             Set-WebConfigurationProperty -Filter //security/access -name sslflags -Value "None" -PSPath IIS: -Location "Default Web Site/ecp"
  57.             Set-WebConfigurationProperty -Filter //security/access -name sslflags -Value "None" -PSPath IIS: -Location "Default Web Site/EWS"
  58.             Set-WebConfigurationProperty -Filter //security/access -name sslflags -Value "None" -PSPath IIS: -Location "Default Web Site/Autodiscover"
  59.             Set-WebConfigurationProperty -Filter //security/access -name sslflags -Value "None" -PSPath IIS: -Location "Default Web Site/Microsoft-Server-ActiveSync"
  60.             Set-WebConfigurationProperty -Filter //security/access -name sslflags -Value "None" -PSPath IIS: -Location "Default Web Site/OAB"
  61.             Set-WebConfigurationProperty -Filter //security/access -name sslflags -Value "None" -PSPath IIS: -Location "Default Web Site/MAPI"
  62.         }
  63.         else {
  64.             Invoke-Command -ComputerName $Server -ScriptBlock {
  65.                 Set-WebConfigurationProperty -Filter //security/access -name sslflags -Value "None" -PSPath IIS: -Location "Default Web Site"
  66.                 Set-WebConfigurationProperty -Filter //security/access -name sslflags -Value "None" -PSPath IIS: -Location "Default Web Site/API"
  67.                 Set-WebConfigurationProperty -Filter //security/access -name sslflags -Value "None" -PSPath IIS: -Location "Default Web Site/OWA"
  68.                 Set-WebConfigurationProperty -Filter //security/access -name sslflags -Value "None" -PSPath IIS: -Location "Default Web Site/ecp"
  69.                 Set-WebConfigurationProperty -Filter //security/access -name sslflags -Value "None" -PSPath IIS: -Location "Default Web Site/EWS"
  70.                 Set-WebConfigurationProperty -Filter //security/access -name sslflags -Value "None" -PSPath IIS: -Location "Default Web Site/Autodiscover"
  71.                 Set-WebConfigurationProperty -Filter //security/access -name sslflags -Value "None" -PSPath IIS: -Location "Default Web Site/Microsoft-Server-ActiveSync"
  72.                 Set-WebConfigurationProperty -Filter //security/access -name sslflags -Value "None" -PSPath IIS: -Location "Default Web Site/OAB"
  73.                 Set-WebConfigurationProperty -Filter //security/access -name sslflags -Value "None" -PSPath IIS: -Location "Default Web Site/MAPI"
  74.             }
  75.         }
  76.     }
  77.  
  78.     if ($SetSingleDomainLogon) {
  79.         Set-OwaVirtualDirectory -LogonFormat 'UserName' -DefaultDomain $domain -Identity "$server\owa (Default Web Site)"
  80.     }
  81.  
  82.     if ($ResetIIS) {
  83.         if ($env:ComputerName -eq $server) {
  84.             iisreset
  85.         }
  86.         else {
  87.             Invoke-Command -ComputerName $Server -ScriptBlock { iisreset }
  88.         }
  89.         pause
  90.     }    
  91. }
  92.  
  93. Get-OutlookAnywhere -Server $server | fl Identity, ExternalHostname, SSLOffloading
  94. Get-ClientAccessServer $server | fl Identity, AutodiscoverServiceInternalUri
  95. Get-WebServicesVirtualDirectory -Server $server | fl Identity, InternalUrl, ExternalUrl, InternalAuthenticationMethods, ExternalAuthenticationMethods
  96. Get-OABVirtualDirectory -Server $server | fl Identity, InternalUrl, ExternalUrl, RequireSSL, InternalAuthenticationMethods, ExternalAuthenticationMethods
  97. Get-ActiveSyncVirtualDirectory -Server $server | fl Identity, InternalUrl, ExternalUrl, WebSiteSSLEnabled
  98. Get-AutodiscoverVirtualDirectory -Server $server | fl Identity, InternalUrl, ExternalUrl, InternalAuthenticationMethods, ExternalAuthenticationMethods
  99. Get-ECPVirtualDirectory -Server $server | fl Identity, InternalUrl, ExternalUrl
  100. Get-OWAVirtualDirectory -Server $server | fl Identity, InternalUrl, ExternalUrl
  101. Get-PowershellVirtualDirectory -Server $server | fl Identity, InternalUrl, ExternalUrl
  102. If ($version -eq 15) {
  103.     Get-MapiVirtualDirectory -Server $server | fl Identity, InternalUrl, ExternalUrl, InternalAuthenticationMethods, ExternalAuthenticationMethods
  104. }
  105. Get-OutlookProvider
  106.  
  107.  
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!