You may find your DualShield IIS agent doesn't work after applying Exchange Server CU upgrade.
The upgrade will generally overwrite the application's web.config file where the agent module resides. That is why the problem happens.
You can easily repair it with the following PowerShell script.
#http://mvolo.com/anatomy-of-an-iis7-configuration-path/
[settings]$dualconf = Get-Content Settings.xml
foreach( $item in $dualconf.settings.list.item)
{
if($item.protected -eq "yes"){
$metapath = $item.path -replace "/LM/W3SVC/1/Root/", "MACHINE/WEBROOT/APPHOST/Default Web Site/"
# write-host $metapath
Enable-WebGlobalModule -Name "DasIIS7Native" -PSPath $metapath
}
} |
Under the hood, it will add back the module called "DasIIS7Native" into web.config file. For instance, you have owa node enabled with DualShield 2FA. In IIS Manager, locate the owa node, right click it, then choose "Explore"
It will bring you to the physical folder, C:\Program Files\Microsoft\Exchange Server\V15\FrontEnd\HttpProxy\owa. Open web.config, you should see "DasIIS7Native" in the modules list, as illustrated below.
<?xml version="1.0" encoding="UTF-8"?> <configuration <!-- .... --> <configSections> <section name="microsoft.identityModel" type="Microsoft.IdentityModel.Configuration.MicrosoftIdentityModelSection, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"/> </configSections> <location inheritInChildApplications="false"> <system.webServer> <serverRuntime appConcurrentRequestLimit="65535" uploadReadAheadSize="0"/> <modules> <add name="DasIIS7Native"/> <!-- .... --> </modules> </system.webServer> </location> <!-- .... --> </configuration> |