none
CheckDatabaseRedundancy.ps1 Question RRS feed

  • Question

  • I asked this in the exchange->monitoring forum but was asked to ask on this forum, so here it goes:

    Exchange 2013 with 2 member DAG. We want to have the checkdatabaseredundancy.ps1 script monitor our DAG and send an email to admins with reports of the monitoring. I see you need to edit the Send-HANotificationMailCorpHub function and/or the Get-SmtpClients function. Question is, how do you do this correctly? When i supply a string, the script gives me a red mark as if something is wrong. Example:

    See the red squiggly line between the comma and the "E"? How exactly do i enter the info into this script? Do i make my edits after the comma or do i need to edit the variables/arguments (from the example above $title) with the needed info

    Monday, December 8, 2014 1:34 PM

All replies

  • Hi Forgiven,

    theoretically, you'd need to edit how the function is called, not the parameter header. If you add it to the parameter header (as you did with "Normal"), you will set a default value, which the function will use if no other value is specified for the parameter. Your edit of the $title parameter is wrong (and the reason your editor gives you red lines).

    The script itself gives you two parameters for sending mails - $SummaryMailFrom and $SendSummaryMailTos. You can call them like this:

    . .\checkdatabaseredundancy.ps1 -SummaryMailFrom "script@domain.local" -SendSummaryMailTos "admins@domain.local"

    If that's not enough for you, you'll need to customize the values written in line 1671 (that's where the send mail call comes from and where they specify the values.

    Cheers,
    Fred


    There's no place like 127.0.0.1

    Monday, December 8, 2014 2:39 PM
  • Hi Forgiven,

    theoretically, you'd need to edit how the function is called, not the parameter header. If you add it to the parameter header (as you did with "Normal"), you will set a default value, which the function will use if no other value is specified for the parameter. Your edit of the $title parameter is wrong (and the reason your editor gives you red lines).

    The script itself gives you two parameters for sending mails - $SummaryMailFrom and $SendSummaryMailTos. You can call them like this:

    . .\checkdatabaseredundancy.ps1 -SummaryMailFrom "script@domain.local" -SendSummaryMailTos "admins@domain.local"

    If that's not enough for you, you'll need to customize the values written in line 1671 (that's where the send mail call comes from and where they specify the values.

    I want to run this script every 5 minutes and have an email sent to admin@domain.local every hour. I thought I could enter the send to and send from address and schedule the script with task scheduler. Is this possible or am I misunderstanding?
    Monday, December 8, 2014 5:59 PM
  • Hi forgiven,

    it is absolutely possible to run this script by task scheduler and have it generate reports automatically. However, I do not quite understand the meaning behind running this every 5 minutes and only report once every hour (Haven't read through the whole script though, so I might have missed something it does).

    That said, to automate the script, leave it as it is, setup a scheduled task with the following action:

    The full line for the arguments field would be like this:

    -File "C:\Path to file\CheckDatabaseRedundancy.ps1" -SummaryMailFrom "script@domain.local" -SendSummaryMailTos "admin@domain.local"

    Replace the path accordingly. Replace the mail addresses accordingly. The user running this task would require exchange admin privileges, as well as the privilege to send as the sender configured (in this example "script@domain.local") to the intended recipient(s) (in this example "admin@domain.local").

    For security's sake, I recommend you do not set this up as the Administrator@domain.local, but rather create a dedicated Managed Service Account with just the privileges needed. Permission to send as "script@domain.local" can be done as easily as accepting anonymous mail from the sending device (the exchange itself perhaps?), which you'd configure on the receive connectors of the exchange server. If you prefer going a bit more securely, specifically grant the account permission to send under that email (If you use an MSA, you'll need to delegate it the necessary permission on an existing mailbox, as an MSA can't have its own Mailbox).

     

    Setting this action up to run once per hour will generate an hourly report.

    Cheers,
    Fred


    There's no place like 127.0.0.1

    Monday, December 8, 2014 8:46 PM
  • Many thanks Fred! I have it setup just as you instructed with the exception of the email. It is not sending any email. As a test to make sure it was working (I know you recommend against this but I wanted to see if it was working) I used administrator@domain.local for both the summary and sendto. So it looks like this:

    -SummaryMailFrom "administrator@domain.local" -SendSummaryMailTos "administrator@domain.local

    And I still don't get an email. Administrator can do everything else in exchange but how do I see if administrator has the  privilege to send as the sender configured to the intended recipient(s)?

    Wednesday, December 10, 2014 1:32 AM
  • Hi Forgiven,

    you can check that on the mailbox permissions, either by command line or using the Exchange Management Console (Mailbox > "Administrate Send As" and "Administrate Full Control" Permissions). If it's the mailbox of the account used to run the script, he automatically has full control and may send as this user.

    Try running the script from an open Powershell console. That way you can watch whether an error occurs and report that error.

    Cheers,
    Fred


    There's no place like 127.0.0.1

    Wednesday, December 10, 2014 1:27 PM
  • I'm not sure how your domain is setup (we use a .local internal domain so we are disjoint as well, but we have an address policy that only uses domain.com for email and domain.local), but does the admin account have an email with domain.local on it? Try admin@domain.com and see if you get the mail then.
    Wednesday, December 10, 2014 1:52 PM
  • Hi Forgiven,

    you can check that on the mailbox permissions, either by command line or using the Exchange Management Console (Mailbox > "Administrate Send As" and "Administrate Full Control" Permissions). If it's the mailbox of the account used to run the script, he automatically has full control and may send as this user.

    Try running the script from an open Powershell console. That way you can watch whether an error occurs and report that error.

    I ran . .\checkdatabaseredundancy.ps1 -SummaryMailFrom "administrator@domain.tld" -SendSummaryMailTos "administrator@domain.tld". Powershell did not report an error and I did not get an email. Administrator on domain.tld is running the script.

    @Hinte - we have domain.com only and as stated above, I tried with that address and while I did not get an error, I did not get an email either

    Thursday, December 11, 2014 2:35 AM
  • Ok, next bet might be to turn on protocol logging, kick off the script and check the logs and see if the mail is even reaching exchange.
    Thursday, December 11, 2014 1:47 PM
  • Ok, next bet might be to turn on protocol logging, kick off the script and check the logs and see if the mail is even reaching exchange.

    So, protocol logging is turned on and it appears as if email is not even reaching the exchange server. Not 1 entry in the smtp send logs for administrator@domian.local
    Tuesday, December 16, 2014 3:07 AM
  • Can you try sending an email with telnet?
    Wednesday, December 17, 2014 3:00 PM
  • Can you try sending an email with telnet?


    220 host.domain.tld Microsoft ESMTP MAIL Service ready at Sun, 21 De
    c 2014 16:20:40 -0500
    helo domain.tld
    250 host.domain.tld Hello [192.168.123.165]
    mail from: admin@domain.tld
    250 2.1.0 Sender OK
    rcpt to: exchangeuser@domain2.tld
    250 2.1.5 Recipient OK
    data
    354 Start mail input; end with <CRLF>.<CRLF>
    test email from telnet
    
    .
    250 2.6.0 <big-long-alpha-numeric@host.domain.tld> [In
    ternalId=2078764171300, Hostname=host2.domain.tld] Queued mail for delivery
    451 4.7.0 Timeout waiting for client input
    
    
    Connection to host lost.

    Although this says it sent the email, i did not get it in my mailbox. Did not see it in the queue viewer either. Also, not sure if this is suspisious or not but notice the 250 2.6.0 <big-long-alpha-numeric@host.domain.tld> [In
    ternalId=2078764171300, Hostname=host2.domain.tld] Queued mail for delivery?

    I actually telnet'ed to host.domain.tld not host2.domain.tld. So our DAG is using Round Robin and this appearance of host2.domain.tld may be fine but I would expect to see host.domain.tld and not host2.domain.tld

    Sunday, December 21, 2014 9:39 PM