You may find that your DualShield IIS agent doesn't work stops working after applying an Exchange Server server CU upgrade. The upgrade will generally overwrite the application's This is because the Exchange CU upgrade will reset all web applications settings, i.e. the "web.config file where the agent module resides. That is why the problem happens.
You can easily repair it with the following PowerShell script.
Code Block | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|
| ||||||||||
#http://mvolo.com/anatomy-of-an-iis7-configuration-path/
[settings]$dualconf = Get-Content Settings.xml
foreach( $item in $dualconf.settings.list.item)
{
if($item.protected -eq "yes"){
$metapath = $item.path -replace "/LM/W3SVC/1/Root/", "MACHINE/WEBROOT/APPHOST/Default Web Site/"
# write-host $metapath
Enable-WebGlobalModule -Name "DasIIS7Native" -PSPath $metapath
}
} |
" file, hence cause the settings for the DualShield IIS agent to be lost.
You can restore the DualShield IIS Agent settings in 2 ways, manually or by a PowerSheel script.
Manual
This has to be done on every IIS node that is enabled with DualShield 2FA. Let's use OWA as an example. In Ithe IS Manager, navigate to the OWA node:
Right Under the hood, it will add back the module called "DasIIS7Native" into web.config file. For instance, you have owa node enabled with DualShield 2FA. In IIS Manager, locate the owa node, right click it, then choose "Explore"
It will bring take you to the physical folder, C:\Program Files\Microsoft\Exchange Server\V15\FrontEnd\HttpProxy\owa. Open
Now, open web.config , you should see in a text editor, find the <modules> tag and insert <add name="DasIIS7Native" in the modules list, as shown in the sample below./> into the tag, e.g:
<modules>
<add name="DasIIS7Native"/>
</modules>
Below is a complete sample:
Code Block | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|
| ||||||||||
<?xml version="1.0" encoding="UTF-8"?> <configuration <!-- .... --> <configSections> <section name="microsoft.identityModel" type="Microsoft.IdentityModel.Configuration.MicrosoftIdentityModelSection, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"/> </configSections> <location inheritInChildApplications="false"> <system.webServer> <serverRuntime appConcurrentRequestLimit="65535" uploadReadAheadSize="0"/> <modules> <add name="DasIIS7Native"/> <!-- .... --> </modules> </system.webServer> </location> <!-- .... --> </configuration> |
PowerShell Script
Code Block | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|
| ||||||||||
#http://mvolo.com/anatomy-of-an-iis7-configuration-path/
[settings]$dualconf = Get-Content Settings.xml
foreach( $item in $dualconf.settings.list.item)
{
if($item.protected -eq "yes"){
$metapath = $item.path -replace "/LM/W3SVC/1/Root/", "MACHINE/WEBROOT/APPHOST/Default Web Site/"
# write-host $metapath
Enable-WebGlobalModule -Name "DasIIS7Native" -PSPath $metapath
}
} |