• Home
  • Topics
    • Office 365
    • Teams
    • SharePoint Online
    • Exchange 2019
    • Exchange 2016
    • Exchange 2013
    • Hybrid
    • Certificates
    • PowerShell
    • Migration
    • Security
    • Azure
  • Blog
  • Podcast
  • Webinars
  • Books
  • About
  • Videos
    • Interview Videos
    • How To Guide Videos
  • Subscribe
    • Facebook
    • Twitter
    • RSS
    • YouTube

Practical 365

You are here: Home / Exchange Server / Testing Exchange Server 2013 Client Access Server Health with PowerShell

Testing Exchange Server 2013 Client Access Server Health with PowerShell

May 7, 2015 by Paul Cunningham 21 Comments

One of the interesting features of Exchange Server 2013 is the way that Managed Availability communicates the health of individual Client Access protocols (eg OWA, ActiveSync, EWS) by rendering a healthcheck.htm file in each CAS virtual directory. When the protocol is healthy you can see it yourself by navigating to a URL such as https://mail.exchangeserverpro.net/owa/healthcheck.htm.

exchange-2013-healthcheck

When the protocol is unhealthy the page is unavailable, and instead of the HTTP 200 result above you will see a “Page not found” or HTTP 404 result instead.

Note: there is no healthcheck.htm file in the file system of the server itself.

The healthcheck.htm file is used by the health monitors/probes of various load-balancers and other monitoring systems as a quick and effective way of determining protocol health. For example, if a load-balancer is distributing traffic across four available Exchange 2013 servers and detects that one of them has an unhealthy OWA protocol, it will stop sending OWA traffic to that server.

Recently I’ve worked on a number of customer support cases for Exchange Server 2013 where the problems they were experiencing were due to one or more of handful of common configuration problems:

  • Client Access namespace not well designed or not configured on all virtual directories correctly
  • SSL certificates not provisioned correctly
  • Load-balancer health monitors/probes failing but not alerting for technicians to investigate

These types of issues are so common that I have been working on integrating them into the next version of my Exchange Server health check script, which is going to be a significant overhaul of the previous version.

In this article I want to share with you some PowerShell that can be used to check your Client Access server health for some of the issues above. Here’s a breakdown of how the script works.

  • The script collects the various CAS URLs for each site where Exchange is deployed. If multiple URLs are detected for a given service a warning is thrown.
  • The script makes use of Invoke-WebRequest to test the Client Access namespaces. There are three possible results tested for so far – “OK” means the healthcheck.htm request returned a HTTP 200 as shown above, “SSL Error” means Invoke-WebRequest failed SSL negotiation, and “Error” is for anything else requiring further investigation.
  • Next, the script uses System.Net.WebClient to test each protocol on each individual CAS in the site. This will identify specific servers having problems that may not be evident because a load-balancer or round robin DNS is masking the issues from clients. Using System.Net.WebClient helped to overcome SSL trust issues for the per-server checks, and I could not have worked it out if I hadn’t found this blog post by Bhargav Shukla explaining how to handle this scenario.

Right now the script only outputs to the PowerShell console. I am planning to add HTML and email reporting as well, but this may come later as the script is rolled into the next major version of the health check script.

You can download the script from Github. Writing scripts that work for as many scenarios as possible is a challenge, so any questions or bug reports are welcome on Github or the comments below.

Simply run the script on any server or workstation that has the Exchange Management Shell available.

1
PS C:\Scripts> .\Get-CASHealthCheck.ps1


Here’s a few examples of the output you can expect. In this first example the Exchange servers are deployed across two sites. No duplicate CAS URLs were detected, and the per-server health checks were also clean.

exchange-2013-cashealth-01

In comparison, here is an environment with incorrectly configured CAS namespaces, some SSL errors, and what appears to be an unhealthy ActiveSync protocol.

exchange-2013-cashealth-02

As I mentioned earlier any questions or bug reports are welcome, either in the comments below or on Github. I’m hoping that this script can be improved with feedback and become a valuable resource for the community.

Exchange Server CAS, Client Access, Exchange 2013, Health Checks, Load Balancing, Managed Availability, PowerShell, Scripts

Comments

  1. Григорий says

    December 23, 2021 at 5:45 am

    А что на счёт pop3 imap и smtp?

    Reply
    • Grigoriy says

      December 23, 2021 at 5:46 am

      What about pop3 imap and smtp?

      Reply
  2. Adam says

    February 7, 2020 at 3:09 am

    Good Day,

    I have been following your advice for some time. It is rare to find a person that is what they claim to be. We have been working on a exchange1016 server for some time. Everything works except for autodiscover. We are seeing an ssl error on autodiscover, so replacing the cert may fix that.

    However we are also seeing one very strange anomaly when testing with the remote connectivity analyzer. Server has 4 users Administrator, 1 elevated user i regular user and one new regular user.

    The first 3 test fine on the connectivity analyzer, the new user fails. The users are all setup the same way. It’s very very weird.

    Your thoughts would be very much appreciated.

    Reply
  3. Denz says

    March 28, 2019 at 1:45 pm

    HI Paul,

    You have a lot of great powershell scripts for managing and troubleshooting exchange related activities. Thanks for your efforts of giving people useful tools like this. I would like to check if you have updated tools for working in Exchange 2016 version? I saw a lot of your tools are working on 2010 and 2013 version of Exchange servers. Appreciate if you could provide a link where we can get tools for 2016 version of Exchange server.

    Thanks for great works.

    Reply
  4. Patrick says

    October 30, 2018 at 11:31 pm

    Hi Paul,

    I’m investigating an error with my on-premise stand-alone Exchange 2016 server, which is not accepting outgoing mails from EAS clients for some reason anymore.

    Your Get-CASHealthCheck script (thanks for that!) gives my all green but an error for the per-server check https://[MYSERVERNetBIOSName]/Microsoft-Server-ActiveSync/healthcheck.htm

    Invoking the address from anywhere inside my LAN is giving me the 200 OK page just fine.

    Any clues on how I may further investigate the problem?

    Greets
    Patrick

    Reply
  5. Rui Ribeiro says

    August 16, 2017 at 8:20 pm

    Hey Paul

    Thanks for the script, but got a doubt, i must been doing something wrong, i get all errors beside de MAPI service… this is exchange 2016.

    But all services are ok, i can get email on all options, OWA / Outlook Anywhere / Active Sync…

    Just wondering what am i doing wrong.

    Reply
    • Paul Cunningham says

      August 17, 2017 at 10:52 am

      What is the error?

      Reply
  6. Usman Afzal says

    July 25, 2017 at 8:39 pm

    Dear ,
    I want to have HTML report for the same and email if possible

    Reply
  7. clementine says

    May 22, 2017 at 2:33 pm

    hi Paul

    I have a test lab for ex2016 in my home pc ,and I want to try issuing an external certificate than requesting the certificate from the certificate authority from my test domain controller ,is there any website that give me trial certificate
    also I want to try split dns configuration ,how can I host external records for my test servers,is there any trial domain hosting service in the internet ,sorry i know it’s a silly question but I just want to know if i can do that or not
    i

    Reply
    • Paul Cunningham says

      May 23, 2017 at 10:53 am

      Most certificate providers will issue trial certificates, but they aren’t trusted. There are very cheap providers out there, or you can set up a free certificate using LetsEncrypt (there’s documentation out there for it, it’s not as simple as using a traditional cert provider, but it’s free!).

      External DNS hosting is usually provided free with domain registration. Or you can use a cheap DNS solution like Amazon Route 53.

      Reply
      • clementine says

        June 13, 2017 at 7:55 pm

        thanks for help ,

        I’ve been searching for a site that provide domain registration with external DNS hosting I found this site
        http://www.namecheap.com

        I noticed that namecheap gives me domain with top level domain like life,net,edu in less price than the traditional tld like .com

        assume tha i will register a domain name called examlpe .life
        can i use the TLD -.life- for my test exchange server
        so in this case I would type rootdomain= example.life
        netbios=testexample
        and the name space that will be shared between 2 mailbox server and will be used to access the name server mail.example.life

        Reply
  8. Craig says

    August 24, 2016 at 8:51 am

    Great script, thank you

    Reply
  9. Eddie says

    July 1, 2016 at 1:11 am

    Can someone rewrite this script or show me how to modify it run over an internet connection?
    We need to know if this works from the outside, and by that I mean only the http://domainname.com/-protocol-/healthcheck.htm pages

    Reply
  10. Mohammed says

    June 17, 2016 at 12:06 am

    Hello,
    I thank you for the wonderful contribution and excellent work you do on the site . I ask you kindly help for a problem that I have in running the script. all outcomes are OK except the rpc healthcheck.htm that ERROR . depends on what?
    thank you so much

    Reply
  11. Mr. B says

    February 23, 2016 at 5:56 am

    I think it would be fantastic if you could combine this script with the Test-ExchangeServerHealth script that you created. I feel that this type of combined script would be just about cover everything.

    Reply
    • Paul Cunningham says

      February 24, 2016 at 11:58 am

      I agree 😉

      Reply
  12. David Hewitt says

    July 2, 2015 at 11:06 pm

    Great script, as Arun said – would be great to have this formated to HTML and the option to send via email…like with the wonderful ExchangeServerHealth script of yours 🙂

    Reply
  13. Arun says

    June 5, 2015 at 8:50 pm

    Great script!
    Is it possible to send an email or add email tag to the script, that would be great.

    Reply
  14. Lauri says

    May 8, 2015 at 12:48 am

    Hi,

    I had couple of days ago problem with imap on second cas server and for some reason imapproxy component was inactive. Would it be possible to add also get-servercomponentstate to health check?

    Regards
    Lauri

    Reply
    • ThongDoan says

      April 13, 2016 at 2:03 pm

      Yes , U can Use “get-servercomponentstate” in Server CAS and Then U can Use “set-servercomponentstate” for Imap Proxy

      Reply

Leave a Reply Cancel reply

You have to agree to the comment policy.

Recent Articles

  • Changes in Microsoft 365 Apps Channels and Why You Should Care
  • A New Tool to Manage Exchange-related Attributes Without Exchange Server
  • Microsoft Launches Group Ownership Governance Policy
  • Making the Case for Identity Governance in Azure Active Directory
  • Prepare an Office 365 migration plan assessment using PowerShell

Copyright © 2022 Quadrotech Solutions AG · Disclosure · Privacy Policy
Alpenstrasse 15, 6304 Zug, Switzerland