You may find that your DualShield IIS agent stops working after applying an Exchange server CU upgrade. This is because the Exchange CU upgrade will reset all web applications settings, i.e. the "web.config" file, hence cause the settings for the DualShield IIS agent to be lost.
You can restore the DualShield IIS Agent settings in 2 ways, manually or by a PowerSheel script.
Manual
This has to be done on every IIS node that is enabled with DualShield 2FA. Let's use OWA as an example. In the IS Manager, navigate to the OWA node:
Right click it, then choose "Explore"
It will take you to the physical folder, C:\Program Files\Microsoft\Exchange Server\V15\FrontEnd\HttpProxy\owa.
Now, open web.config in a text editor, find the <modules> tag and insert <add name="DasIIS7Native"/> into the tag, e.g:
<modules> <add name="DasIIS7Native"/> </modules>
Below is a complete sample:
<?xml version="1.0" encoding="UTF-8"?> <configuration <!-- .... --> <configSections> <section name="microsoft.identityModel" type="Microsoft.IdentityModel.Configuration.MicrosoftIdentityModelSection, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"/> </configSections> <location inheritInChildApplications="false"> <system.webServer> <serverRuntime appConcurrentRequestLimit="65535" uploadReadAheadSize="0"/> <modules> <add name="DasIIS7Native"/> <!-- .... --> </modules> </system.webServer> </location> <!-- .... --> </configuration>
PowerShell Script
On the Exchange CAS server, launch a Windows command prompt, navigate to the folder:
C:\Program Files\Deepnet Security\IIS\DasWeb
Then, execute the PowerScript below:
#http://mvolo.com/anatomy-of-an-iis7-configuration-path/ [settings]$dualconf = Get-Content Settings.xml foreach( $item in $dualconf.settings.list.item) { if($item.protected -eq "yes"){ $metapath = $item.path -replace "/LM/W3SVC/1/Root/", "MACHINE/WEBROOT/APPHOST/Default Web Site/" # write-host $metapath Enable-WebGlobalModule -Name "DasIIS7Native" -PSPath $metapath } }
If you get some errors then it means that the default web site name is not "Default Web Site". In this case, you need to edit the line below in the script:
$metapath = $item.path -replace "/LM/W3SVC/1/Root/", "MACHINE/WEBROOT/APPHOST/Default Web Site/"
You need to replace the text "Default Web Site" with the correct Web site name. You might also need to replace the text "/LM/W3SVC/1/Root/" if you have multiple web sites running off the same server.