Exchange Health Checker version 23.08.29.2105 Virtual Machine detected. Certain settings about the host hardware cannot be detected from the virtual machine. Verify on the VM Host that: - There is no more than a 1:1 Physical Core to Virtual CPU ratio (no oversubscribing) - If Hyper-Threading is enabled do NOT count Hyper-Threaded cores as physical cores - Do not oversubscribe memory or use dynamic memory allocation Although Exchange technically supports up to a 2:1 physical core to vCPU ratio, a 1:1 ratio is strongly recommended for performance reasons. Certain third party Hyper-Visors such as VMWare have their own guidance. VMWare recommends a 1:1 ratio. Their guidance can be found at https://aka.ms/HC-VMwareBP2019. Related specifically to VMWare, if you notice you are experiencing packet loss on your VMXNET3 adapter, you may want to review the following article from VMWare: https://aka.ms/HC-VMwareLostPackets. For further details, please review the virtualization recommendations on Microsoft Docs here: https://aka.ms/HC-Virtualization. Exchange Information -------------------- Name: WIN-NA0I8OSBPTO.BACKEND.COM Generation Time: 09/13/2023 08:24:26 Version: Exchange 2016 CU11 Build Number: 15.01.1591.010 Error: Out of date Cumulative Update. Please upgrade to one of the two most recently released Cumulative Updates. Currently running on a build that is 1793 days old. Not on the latest SU. More Information: https://aka.ms/HC-ExBuilds Server Role: Mailbox DAG Name: Standalone Server AD Site: Default-First-Site-Name MRS Proxy Enabled: False Internet Web Proxy: Not Set Services Not Running: MSExchangeEdgeSync Common Services Not Running: MSExchangeEdgeSync - Status: Stopped - StartType: Automatic Extended Protection Enabled (Any VDir): False Setting Overrides Detected: False Exchange Server Maintenance: Server is not in Maintenance Mode Organization Information ------------------------ MAPI/HTTP Enabled: True Enable Download Domains: Unknown This is 'Unknown' because EMS is connected to an Exchange Version that doesn't know about Enable Download Domains in Get-OrganizationConfig AD Split Permissions: False Total AD Site Count: 1 Operating System Information ---------------------------- Version: Microsoft Windows Server 2012 R2 Datacenter System Up Time: 6 day(s) 1 hour(s) 18 minute(s) 17 second(s) Time Zone: GMT Standard Time Dynamic Daylight Time Enabled: True .NET Framework: 4.8 - Warning Recommended .NET Version is 4.7.2 PageFile: System is set to automatically manage the PageFile Size: 0MB Error: PageFile is not set to total system memory plus 10MB which should be 12298MB. More information: https://aka.ms/HC-PageFile Power Plan: Balanced --- Error Http Proxy Setting: None Visual C++ 2012: Redistributable is outdated Visual C++ 2013: Redistributable is outdated Note: For more information about the latest C++ Redistributable please visit: https://aka.ms/HC-LatestVC This is not a requirement to upgrade, only a notification to bring to your attention. Server Pending Reboot: True --- Warning a reboot is pending and can cause issues on the server. HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager\PendingFileRenameOperations More Information: https://aka.ms/HC-RebootPending Processor/Hardware Information ------------------------------ Type: VMware Processor: Intel(R) Xeon(R) Gold 6140 CPU @ 2.30GHz Number of Processors: 1 Number of Physical Cores: 4 Number of Logical Cores: 4 Hyper-Threading: Disabled All Processor Cores Visible: Passed Max Processor Speed: 2295 Physical Memory: 12 GB NIC Settings Per Active Adapter ------------------------------- Interface Description: Intel(R) 82574L Gigabit Network Connection [Ethernet] Driver Date: 2013-03-28 Driver Version: 12.6.47.1 MTU Size: 1500 Max Processors: 4 Max Processor Number: 3 Number of Receive Queues: 2 RSS Enabled: True Link Speed: 1000 Mbps --- This may not be accurate due to virtualized hardware IPv6 Enabled: True IPv4 Address: Address: 10.10.201.120/24 Gateway: 10.10.201.1 IPv6 Address: DNS Server: ::1 127.0.0.1 Registered In DNS: True Sleepy NIC Disabled: False --- Warning: It's recommended to disable NIC power saving options More Information: https://aka.ms/HC-NICPowerManagement Packets Received Discarded: Couldn't find value for the counter. Frequent Configuration Issues ----------------------------- TCP/IP Settings: Not Set Error: Without this value the KeepAliveTime defaults to two hours, which can cause connectivity and performance issues between network devices such as firewalls and load balancers depending on their configuration. More details: https://aka.ms/HC-TcpIpSettingsCheck RPC Min Connection Timeout: 0 More Information: https://aka.ms/HC-RPCSetting FIPS Algorithm Policy Enabled: 0 CTS Processor Affinity Percentage: 0 Disable Async Notification: 0 Credential Guard Enabled: False EdgeTransport.exe.config Present: True Open Relay Wild Card Domain: Not Set DisablePreservation: HSTS Enabled: False Security Settings ----------------- TLS 1.0: Enabled RegistryKey Location Value ----------- -------- ----- Enabled SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1 1.0\Server DisabledByDefault SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 0 1.0\Server Enabled SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS NULL 1.0\Client DisabledByDefault SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS NULL 1.0\Client TLS 1.1: Enabled RegistryKey Location Value ----------- -------- ----- Enabled SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1 1.1\Server DisabledByDefault SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 0 1.1\Server Enabled SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS NULL 1.1\Client DisabledByDefault SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS NULL 1.1\Client TLS 1.2: Enabled RegistryKey Location Value ----------- -------- ----- Enabled SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1 1.2\Server DisabledByDefault SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 0 1.2\Server Enabled SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1 1.2\Client DisabledByDefault SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 0 1.2\Client TLS 1.3: Disabled RegistryKey Location Value ----------- -------- ----- Enabled SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS NULL 1.3\Server DisabledByDefault SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS NULL 1.3\Server Enabled SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS NULL 1.3\Client DisabledByDefault SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS NULL 1.3\Client RegistryKey Location Value ----------- -------- ----- SystemDefaultTlsVersions SOFTWARE\Microsoft\.NETFramework\v4.0.30319 NULL SchUseStrongCrypto SOFTWARE\Microsoft\.NETFramework\v4.0.30319 NULL SystemDefaultTlsVersions SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319 NULL SchUseStrongCrypto SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319 NULL SystemDefaultTlsVersions SOFTWARE\Microsoft\.NETFramework\v2.0.50727 NULL SchUseStrongCrypto SOFTWARE\Microsoft\.NETFramework\v2.0.50727 NULL SystemDefaultTlsVersions SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v2.0.50727 NULL SchUseStrongCrypto SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v2.0.50727 NULL 1.1 ClientEnabledValue: NULL --- Error: Value should be defined in registry for consistent results. 1.0 ClientEnabledValue: NULL --- Error: Value should be defined in registry for consistent results. 1.1 ClientDisabledByDefaultValue: NULL --- Error: Value should be defined in registry for consistent results. 1.0 ClientDisabledByDefaultValue: NULL --- Error: Value should be defined in registry for consistent results. v4.0.30319 SystemDefaultTlsVersionsValue: NULL --- Error: Value should be defined in registry for consistent results. v4.0.30319 SchUseStrongCryptoValue: NULL --- Error: Value should be defined in registry for consistent results. v4.0.30319 WowSystemDefaultTlsVersionsValue: NULL --- Error: Value should be defined in registry for consistent results. v4.0.30319 WowSchUseStrongCryptoValue: NULL --- Error: Value should be defined in registry for consistent results. TLS hardening recommendations: Microsoft recommends customers proactively address weak TLS usage by removing TLS 1.0/1.1 dependencies in their environments and disabling TLS 1.0/1.1 at the operating system level where possible. More Information: https://aka.ms/HC-TLSConfigDocs SecurityProtocol: Tls12 TlsCipherSuiteName CipherSuite Cipher Certificate Protocols ------------------ ----------- ------ ----------- --------- TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256 N/A N/A N/A N/A TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384 N/A N/A N/A N/A TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256 N/A N/A N/A N/A TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P384 N/A N/A N/A N/A TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P256 N/A N/A N/A N/A TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P384 N/A N/A N/A N/A TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P256 N/A N/A N/A N/A TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P384 N/A N/A N/A N/A TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 N/A N/A N/A N/A TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 N/A N/A N/A N/A TLS_DHE_RSA_WITH_AES_256_CBC_SHA N/A N/A N/A N/A TLS_DHE_RSA_WITH_AES_128_CBC_SHA N/A N/A N/A N/A TLS_RSA_WITH_AES_256_GCM_SHA384 N/A N/A N/A N/A TLS_RSA_WITH_AES_128_GCM_SHA256 N/A N/A N/A N/A TLS_RSA_WITH_AES_256_CBC_SHA256 N/A N/A N/A N/A TLS_RSA_WITH_AES_128_CBC_SHA256 N/A N/A N/A N/A TLS_RSA_WITH_AES_256_CBC_SHA N/A N/A N/A N/A TLS_RSA_WITH_AES_128_CBC_SHA N/A N/A N/A N/A TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384_P384 N/A N/A N/A N/A TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P256 N/A N/A N/A N/A TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P384 N/A N/A N/A N/A TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384_P384 N/A N/A N/A N/A TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P256 N/A N/A N/A N/A TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P384 N/A N/A N/A N/A TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P256 N/A N/A N/A N/A TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P384 N/A N/A N/A N/A TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P256 N/A N/A N/A N/A TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P384 N/A N/A N/A N/A TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 N/A N/A N/A N/A TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 N/A N/A N/A N/A TLS_DHE_DSS_WITH_AES_256_CBC_SHA N/A N/A N/A N/A TLS_DHE_DSS_WITH_AES_128_CBC_SHA N/A N/A N/A N/A TLS_RSA_WITH_3DES_EDE_CBC_SHA N/A N/A N/A N/A TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA N/A N/A N/A N/A TLS_RSA_WITH_RC4_128_SHA N/A N/A N/A N/A TLS_RSA_WITH_RC4_128_MD5 N/A N/A N/A N/A TLS_RSA_WITH_NULL_SHA256 N/A N/A N/A N/A TLS_RSA_WITH_NULL_SHA N/A N/A N/A N/A SSL_CK_RC4_128_WITH_MD5 N/A N/A N/A N/A SSL_CK_DES_192_EDE3_CBC_WITH_MD5 N/A N/A N/A N/A AllowInsecureRenegoClients Value: NULL AllowInsecureRenegoServers Value: NULL LmCompatibilityLevel Settings: 3 Description: Clients use only NTLMv2 authentication, and they use NTLMv2 session security if the server supports it. Domain controllers accept LM, NTLM, and NTLMv2 authentication. AES256-CBC Protected Content Support: False This could lead to scenarios where Exchange Server is no longer able to decrypt protected messages, for example, when sending rights management protected messages using AES256-CBC encryption algorithm, or when performing eDiscovery and Journaling tasks. More Information: https://aka.ms/Purview/CBCDetails SMB1 Installed: True SMB1 Blocked: False SMB1 should be uninstalled SMB1 should be blocked More Information: https://aka.ms/HC-SMB1 Certificate: FriendlyName: Microsoft Exchange Server Auth Certificate Thumbprint: BDE1E406672E055EBAE03B4620773CC896AC795B Lifetime in days: 871 Certificate has expired: False Certificate status: Valid Key size: 2048 Signature Algorithm: sha1RSA Signature Hash Algorithm: sha1 It's recommended to use a hash algorithm from the SHA-2 family More information: https://aka.ms/HC-SSLBP Bound to services: SMTP Internal Transport Certificate: False Current Auth Certificate: True Next Auth Certificate: False SAN Certificate: False Namespaces: Microsoft Exchange Server Auth Certificate Certificate: FriendlyName: Microsoft Exchange Thumbprint: E93649E7B70446878316FC1B7B3A6A3955A2AED1 Lifetime in days: 897 Certificate has expired: False Certificate status: Valid Key size: 2048 Signature Algorithm: sha1RSA Signature Hash Algorithm: sha1 It's recommended to use a hash algorithm from the SHA-2 family More information: https://aka.ms/HC-SSLBP Bound to services: IMAP, POP, IIS, SMTP Internal Transport Certificate: True Current Auth Certificate: False Next Auth Certificate: False SAN Certificate: True Namespaces: WIN-NA0I8OSBPTO WIN-NA0I8OSBPTO.BACKEND.COM Certificate: FriendlyName: WMSVC Thumbprint: 4333D1DA1093DA6447B5220BAC71A1282E13124C Lifetime in days: 2721 Certificate has expired: False Certificate status: Valid Key size: 2048 Signature Algorithm: sha1RSA Signature Hash Algorithm: sha1 It's recommended to use a hash algorithm from the SHA-2 family More information: https://aka.ms/HC-SSLBP Bound to services: None Internal Transport Certificate: False Current Auth Certificate: False Next Auth Certificate: False SAN Certificate: False Namespaces: WMSvc-WIN-NA0I8OSBPTO Valid Internal Transport Certificate Found On Server: True Valid Auth Certificate Found On Server: True Strict Mode disabled: False BaseTypeCheckForDeserialization disabled: False Security Vulnerability ---------------------- Security Vulnerability: CVE-2018-8604 See: https://portal.msrc.microsoft.com/security-guidance/advisory/CVE-2018-8604 for more information. Security Vulnerability: CVE-2019-0586 See: https://portal.msrc.microsoft.com/security-guidance/advisory/CVE-2019-0586 for more information. Security Vulnerability: CVE-2019-0588 See: https://portal.msrc.microsoft.com/security-guidance/advisory/CVE-2019-0588 for more information. Security Vulnerability: CVE-2019-0686 See: https://portal.msrc.microsoft.com/security-guidance/advisory/CVE-2019-0686 for more information. Security Vulnerability: CVE-2019-0724 See: https://portal.msrc.microsoft.com/security-guidance/advisory/CVE-2019-0724 for more information. Security Vulnerability: CVE-2019-0817 See: https://portal.msrc.microsoft.com/security-guidance/advisory/CVE-2019-0817 for more information. Security Vulnerability: CVE-2019-0858 See: https://portal.msrc.microsoft.com/security-guidance/advisory/CVE-2019-0858 for more information. Security Vulnerability: ADV190018 See: https://portal.msrc.microsoft.com/security-guidance/advisory/ADV190018 for more information. Security Vulnerability: CVE-2019-1084 See: https://portal.msrc.microsoft.com/security-guidance/advisory/CVE-2019-1084 for more information. Security Vulnerability: CVE-2019-1137 See: https://portal.msrc.microsoft.com/security-guidance/advisory/CVE-2019-1137 for more information. Security Vulnerability: CVE-2019-1136 See: https://portal.msrc.microsoft.com/security-guidance/advisory/CVE-2019-1136 for more information. Security Vulnerability: CVE-2019-1233 See: https://portal.msrc.microsoft.com/security-guidance/advisory/CVE-2019-1233 for more information. Security Vulnerability: CVE-2019-1266 See: https://portal.msrc.microsoft.com/security-guidance/advisory/CVE-2019-1266 for more information. Security Vulnerability: CVE-2019-1373 See: https://portal.msrc.microsoft.com/security-guidance/advisory/CVE-2019-1373 for more information. Security Vulnerability: CVE-2020-0688 See: https://portal.msrc.microsoft.com/security-guidance/advisory/CVE-2020-0688 for more information. Security Vulnerability: CVE-2020-0692 See: https://portal.msrc.microsoft.com/security-guidance/advisory/CVE-2020-0692 for more information. Security Vulnerability: CVE-2020-0903 See: https://portal.msrc.microsoft.com/security-guidance/advisory/CVE-2020-0903 for more information. Security Vulnerability: CVE-2020-16875 See: https://portal.msrc.microsoft.com/security-guidance/advisory/CVE-2020-16875 for more information. Security Vulnerability: CVE-2020-16969 See: https://portal.msrc.microsoft.com/security-guidance/advisory/CVE-2020-16969 for more information. Security Vulnerability: CVE-2020-17083 See: https://portal.msrc.microsoft.com/security-guidance/advisory/CVE-2020-17083 for more information. Security Vulnerability: CVE-2020-17084 See: https://portal.msrc.microsoft.com/security-guidance/advisory/CVE-2020-17084 for more information. Security Vulnerability: CVE-2020-17085 See: https://portal.msrc.microsoft.com/security-guidance/advisory/CVE-2020-17085 for more information. Security Vulnerability: CVE-2020-17117 See: https://portal.msrc.microsoft.com/security-guidance/advisory/CVE-2020-17117 for more information. Security Vulnerability: CVE-2020-17132 See: https://portal.msrc.microsoft.com/security-guidance/advisory/CVE-2020-17132 for more information. Security Vulnerability: CVE-2020-17142 See: https://portal.msrc.microsoft.com/security-guidance/advisory/CVE-2020-17142 for more information. Security Vulnerability: CVE-2020-17143 See: https://portal.msrc.microsoft.com/security-guidance/advisory/CVE-2020-17143 for more information. Security Vulnerability: CVE-2020-17141 See: https://portal.msrc.microsoft.com/security-guidance/advisory/CVE-2020-17141 for more information. Security Vulnerability: CVE-2021-24085 See: https://portal.msrc.microsoft.com/security-guidance/advisory/CVE-2021-24085 for more information. Security Vulnerability: CVE-2021-26855 See: https://portal.msrc.microsoft.com/security-guidance/advisory/CVE-2021-26855 for more information. Security Vulnerability: CVE-2021-26857 See: https://portal.msrc.microsoft.com/security-guidance/advisory/CVE-2021-26857 for more information. Security Vulnerability: CVE-2021-26858 See: https://portal.msrc.microsoft.com/security-guidance/advisory/CVE-2021-26858 for more information. Security Vulnerability: CVE-2021-27065 See: https://portal.msrc.microsoft.com/security-guidance/advisory/CVE-2021-27065 for more information. Security Vulnerability: CVE-2021-26412 See: https://portal.msrc.microsoft.com/security-guidance/advisory/CVE-2021-26412 for more information. Security Vulnerability: CVE-2021-27078 See: https://portal.msrc.microsoft.com/security-guidance/advisory/CVE-2021-27078 for more information. Security Vulnerability: CVE-2021-26854 See: https://portal.msrc.microsoft.com/security-guidance/advisory/CVE-2021-26854 for more information. Security Vulnerability: CVE-2021-28480 See: https://portal.msrc.microsoft.com/security-guidance/advisory/CVE-2021-28480 for more information. Security Vulnerability: CVE-2021-28481 See: https://portal.msrc.microsoft.com/security-guidance/advisory/CVE-2021-28481 for more information. Security Vulnerability: CVE-2021-28482 See: https://portal.msrc.microsoft.com/security-guidance/advisory/CVE-2021-28482 for more information. Security Vulnerability: CVE-2021-28483 See: https://portal.msrc.microsoft.com/security-guidance/advisory/CVE-2021-28483 for more information. Security Vulnerability: CVE-2021-31195 See: https://portal.msrc.microsoft.com/security-guidance/advisory/CVE-2021-31195 for more information. Security Vulnerability: CVE-2021-31198 See: https://portal.msrc.microsoft.com/security-guidance/advisory/CVE-2021-31198 for more information. Security Vulnerability: CVE-2021-31207 See: https://portal.msrc.microsoft.com/security-guidance/advisory/CVE-2021-31207 for more information. Security Vulnerability: CVE-2021-31209 See: https://portal.msrc.microsoft.com/security-guidance/advisory/CVE-2021-31209 for more information. Security Vulnerability: CVE-2021-31206 See: https://portal.msrc.microsoft.com/security-guidance/advisory/CVE-2021-31206 for more information. Security Vulnerability: CVE-2021-31196 See: https://portal.msrc.microsoft.com/security-guidance/advisory/CVE-2021-31196 for more information. Security Vulnerability: CVE-2021-33768 See: https://portal.msrc.microsoft.com/security-guidance/advisory/CVE-2021-33768 for more information. Security Vulnerability: CVE-2021-26427 See: https://portal.msrc.microsoft.com/security-guidance/advisory/CVE-2021-26427 for more information. Security Vulnerability: CVE-2021-41350 See: https://portal.msrc.microsoft.com/security-guidance/advisory/CVE-2021-41350 for more information. Security Vulnerability: CVE-2021-41348 See: https://portal.msrc.microsoft.com/security-guidance/advisory/CVE-2021-41348 for more information. Security Vulnerability: CVE-2021-34453 See: https://portal.msrc.microsoft.com/security-guidance/advisory/CVE-2021-34453 for more information. Security Vulnerability: CVE-2021-42305 See: https://portal.msrc.microsoft.com/security-guidance/advisory/CVE-2021-42305 for more information. Security Vulnerability: CVE-2021-41349 See: https://portal.msrc.microsoft.com/security-guidance/advisory/CVE-2021-41349 for more information. Security Vulnerability: CVE-2021-42321 See: https://portal.msrc.microsoft.com/security-guidance/advisory/CVE-2021-42321 for more information. Security Vulnerability: CVE-2022-21855 See: https://portal.msrc.microsoft.com/security-guidance/advisory/CVE-2022-21855 for more information. Security Vulnerability: CVE-2022-21846 See: https://portal.msrc.microsoft.com/security-guidance/advisory/CVE-2022-21846 for more information. Security Vulnerability: CVE-2022-21969 See: https://portal.msrc.microsoft.com/security-guidance/advisory/CVE-2022-21969 for more information. Security Vulnerability: CVE-2022-23277 See: https://portal.msrc.microsoft.com/security-guidance/advisory/CVE-2022-23277 for more information. Security Vulnerability: CVE-2022-24463 See: https://portal.msrc.microsoft.com/security-guidance/advisory/CVE-2022-24463 for more information. Security Vulnerability: CVE-2022-34692 See: https://portal.msrc.microsoft.com/security-guidance/advisory/CVE-2022-34692 for more information. Security Vulnerability: CVE-2022-41040 See: https://portal.msrc.microsoft.com/security-guidance/advisory/CVE-2022-41040 for more information. Security Vulnerability: CVE-2022-41082 See: https://portal.msrc.microsoft.com/security-guidance/advisory/CVE-2022-41082 for more information. Security Vulnerability: CVE-2022-41079 See: https://portal.msrc.microsoft.com/security-guidance/advisory/CVE-2022-41079 for more information. Security Vulnerability: CVE-2022-41078 See: https://portal.msrc.microsoft.com/security-guidance/advisory/CVE-2022-41078 for more information. Security Vulnerability: CVE-2022-41080 See: https://portal.msrc.microsoft.com/security-guidance/advisory/CVE-2022-41080 for more information. Security Vulnerability: CVE-2022-41123 See: https://portal.msrc.microsoft.com/security-guidance/advisory/CVE-2022-41123 for more information. Security Vulnerability: CVE-2023-21762 See: https://portal.msrc.microsoft.com/security-guidance/advisory/CVE-2023-21762 for more information. Security Vulnerability: CVE-2023-21745 See: https://portal.msrc.microsoft.com/security-guidance/advisory/CVE-2023-21745 for more information. Security Vulnerability: CVE-2023-21761 See: https://portal.msrc.microsoft.com/security-guidance/advisory/CVE-2023-21761 for more information. Security Vulnerability: CVE-2023-21763 See: https://portal.msrc.microsoft.com/security-guidance/advisory/CVE-2023-21763 for more information. Security Vulnerability: CVE-2023-21764 See: https://portal.msrc.microsoft.com/security-guidance/advisory/CVE-2023-21764 for more information. Security Vulnerability: CVE-2023-21529 See: https://portal.msrc.microsoft.com/security-guidance/advisory/CVE-2023-21529 for more information. Security Vulnerability: CVE-2023-21706 See: https://portal.msrc.microsoft.com/security-guidance/advisory/CVE-2023-21706 for more information. Security Vulnerability: CVE-2023-21707 See: https://portal.msrc.microsoft.com/security-guidance/advisory/CVE-2023-21707 for more information. Security Vulnerability: CVE-2023-21710 See: https://portal.msrc.microsoft.com/security-guidance/advisory/CVE-2023-21710 for more information. Security Vulnerability: CVE-2023-21707 See: https://portal.msrc.microsoft.com/security-guidance/advisory/CVE-2023-21707 for more information. Security Vulnerability: CVE-2023-28310 See: https://portal.msrc.microsoft.com/security-guidance/advisory/CVE-2023-28310 for more information. Security Vulnerability: CVE-2023-32031 See: https://portal.msrc.microsoft.com/security-guidance/advisory/CVE-2023-32031 for more information. Security Vulnerability: CVE-2023-38181 See: https://portal.msrc.microsoft.com/security-guidance/advisory/CVE-2023-38181 for more information. Security Vulnerability: CVE-2023-38182 See: https://portal.msrc.microsoft.com/security-guidance/advisory/CVE-2023-38182 for more information. Security Vulnerability: CVE-2023-38185 See: https://portal.msrc.microsoft.com/security-guidance/advisory/CVE-2023-38185 for more information. Security Vulnerability: CVE-2023-35368 See: https://portal.msrc.microsoft.com/security-guidance/advisory/CVE-2023-35368 for more information. Security Vulnerability: CVE-2023-35388 See: https://portal.msrc.microsoft.com/security-guidance/advisory/CVE-2023-35388 for more information. IIS module anomalies detected: False Security Vulnerability: CVE-2021-34470 PrepareSchema required: https://aka.ms/HC-July21SU Security Vulnerability: CVE-2022-21978 Detected the following domains that are vulnerable: BACKEND.COM More Information: https://aka.ms/HC-May22SU Security Vulnerability: CVE-2022-24516, CVE-2022-21979, CVE-2022-21980, CVE-2022-24477, CVE-2022-30134 Your Exchange server is at risk. Install the latest SU and enable Extended Protection Default Web Site Value SupportedValue ConfigSupported RequireSSL ClientCertificate IPFilterEnabled ---------------- ----- -------------- --------------- ---------- ----------------- --------------- API None None True True (128-bit) Ignore False Autodiscover None None True True (128-bit) Ignore False ECP None None True True (128-bit) Ignore False EWS None None True True (128-bit) Ignore False Microsoft-Server- None None True True (128-bit) Ignore False ActiveSync OAB None None True True (128-bit) Ignore False Powershell None None True False Accept False OWA None None True True (128-bit) Ignore False RPC None None True False Ignore False MAPI None None True True (128-bit) Ignore False Exchange Back End Value SupportedValue ConfigSupported RequireSSL ClientCertificate IPFilterEnabled ----------------- ----- -------------- --------------- ---------- ----------------- --------------- API None None True True (128-bit) Ignore False Autodiscover None None True True (128-bit) Ignore False ECP None None True True (128-bit) Ignore False EWS None None True True (128-bit) Ignore False Microsoft-Server- None None True True (128-bit) Ignore False ActiveSync OAB None None True True (128-bit) Ignore False Powershell None None True True (128-bit) Accept False OWA None None True True (128-bit) Ignore False RPC None None True False Ignore False PushNotifications None None True True (128-bit) Ignore False RPCWithCert None None True False Ignore False MAPI/emsmdb None None True True Ignore False MAPI/nspi None None True True Ignore False For more information about Extended Protection and how to configure, please read this article: https://aka.ms/HC-ExchangeEPDoc Exchange IIS Information ------------------------ Name State Protocol - Bindings - Certificate ---- ----- --------------------------------- Default Web Site Started http - *:80: - https - :443: - E93649E7B70446878316FC1B7B3A6A3955A2AED1 http - 127.0.0.1:80: - https - 127.0.0.1:443: - E93649E7B70446878316FC1B7B3A6A3955A2AED1 Exchange Back End Started http - *:81: - https - *:444: - E93649E7B70446878316FC1B7B3A6A3955A2AED1 AppPoolName State GCServerEnabled RestartConditionSet ----------- ----- --------------- ------------------- MSExchangeMapiFrontEndAppPool Started False False MSExchangeOWAAppPool Started False False MSExchangeECPAppPool Started False False MSExchangeRestAppPool Started False False MSExchangeMapiAddressBookAppPool Started False False MSExchangeRpcProxyFrontEndAppPool Started False False MSExchangePowerShellAppPool Started False False MSExchangePowerShellFrontEndAppPool Started False False MSExchangeRestFrontEndAppPool Started False False MSExchangeMapiMailboxAppPool Started False False MSExchangeOABAppPool Started False False MSExchangePushNotificationsAppPool Started False False MSExchangeOWACalendarAppPool Started False False MSExchangeAutodiscoverAppPool Started False False MSExchangeServicesAppPool Started False False MSExchangeSyncAppPool Started True False MSExchangeRpcProxyAppPool Started False False Output file written to .\HealthChecker-WIN-NA0I8OSBPTO-20230913082405.txt Exported Data Object Written to .\HealthChecker-WIN-NA0I8OSBPTO-20230913082405.xml