diagnosticsModule/Private/TestUtilities.ps1
Function CreateTestResultFromPSObject($obj) { $testResult = New-Object TestResult -ArgumentList($obj.Name); $testResult.Result = $obj.Result; $testResult.Detail = $obj.Detail; $testResult.Output = $obj.Output; $testResult.ExceptionMessage = $obj.ExceptionMessage; $testResult.Exception = $obj.Exception; return $testResult; } Function Create-NotRunOnSecondaryTestResult { param( [string] $testName ) $testResult = New-Object TestResult -ArgumentList($testName) $testResult.Result = [ResultType]::NotRun; $testResult.Detail = "This check runs only on Primary Nodes." return $testResult } Function Create-ErrorExceptionTestResult { param( [string] $testName, [Exception] $exception ) $testResult = New-Object TestResult -ArgumentList($testName); $testResult.Result = [ResultType]::Error; $testResult.ExceptionMessage = $exception.Message; $testResult.Exception = $exception.ToString(); return $testResult; } Function Invoke-TestFunctions { param( [string] $role, [array] $functionsToRun, $functionArguments ) $results = @() $totalFunctions = $functionsToRun.Count $functionCount = 0 foreach ($function in $functionsToRun) { $functionCount++ $percent = 100 * $functionCount / $totalFunctions Write-Progress -Activity "Executing Tests for $role" -Status $function -PercentComplete $percent $result = Invoke-Expression $function $results = $results + $result } return $results } Function TestAdfsSTSHealth() { Param ( $verifyO365 = $true, [string[]] $adfsServers = $null ) $functionArguments = @{"adfsServers" = $adfsServers}; $role = Get-ADFSRole if ($role -ne $adfsRoleSTS) { return } # Determine ADFS Version $ADFSVersion = Get-AdfsVersion Import-ADFSAdminModule #force refresh of ADFS Properties try { $props = Retrieve-AdfsProperties -force } catch { #do nothing, other than prevent the error record to go to the pipeline } $functionsToRun = @( ` "TestIsAdfsRunning", ` "TestIsWidRunning", ` "TestPingFederationMetadata", ` "TestSslBindings", ` "Test-AdfsCertificates", ` "TestADFSDNSHostAlias", ` "TestADFSDuplicateSPN", ` "TestServiceAccountProperties", ` "TestAppPoolIDMatchesServiceID", ` "TestComputerNameEqFarmName", ` "TestSSLUsingADFSPort", ` "TestSSLCertSubjectContainsADFSFarmName", ` "TestAdfsAuditPolicyEnabled", ` "TestAdfsRequestToken", ` "TestTrustedDevicesCertificateStore", ` "TestAdfsPatches", ` "TestServicePrincipalName", ` "TestTLSMismatch", ` "TestNonSelfSignedCertificatesInRootStore", ` "TestSelfSignedCertificatesInIntermediateCaStore"); if (($adfsServers -eq $null) -or ($adfsServers.Count -eq 0)) { $functionsToRun += "TestProxyTrustPropagation"; $functionsToRun += "TestTimeSync"; } else { $functionsToRun += "TestProxyTrustPropagation -adfsServers `$functionArguments.adfsServers"; $functionsToRun += "TestTimeSync -adfsServers `$functionArguments.adfsServers"; } if ($verifyO365 -eq $true) { $functionsToRun = $functionsToRun + @( ` "TestOffice365Endpoints", ` "TestADFSO365RelyingParty"); } return Invoke-TestFunctions -role $adfsRoleSTS -functionsToRun $functionsToRun -functionArguments $functionArguments; } Function TryTestAdfsSTSHealthOnFarmNodes() { Param( $verifyO365 = $true, [string[]] $adfsServers = $null, [switch] $local = $false ) $computerSystemObject = Get-WmiObject win32_computersystem $fqdn = $computerSystemObject.DNSHostName + "." + $computerSystemObject.Domain Out-Verbose "Attempting to run AD FS STS health checks farm wide."; if (($adfsServers -eq $null -or $adfsServers.Count -eq 0) -and (-not ($local))) { Out-Verbose "Detected that no farm information was provided."; $osVersion = Get-OsVersion; $isPrimary = IsAdfsSyncPrimaryRole; if ($osVersion -eq [OSVersion]::WS2016 -and $isPrimary) { $adfsServers = @(); Write-Host "Detected OS as Windows Server 2016, attempting to run health checks across all of your AD FS servers in your farm."; $nodes = (Get-AdfsFarmInformation).FarmNodes; foreach ($server in $nodes) { # We skip adding the node that corresponds to this server. if ($server.FQDN -like $fqdn) { continue; } $adfsServers += $server } Out-Verbose "Detected the following servers in the farm: $adfsServers"; } } else { # We filter out this computer's name and FQDN $adfsServers = $adfsServers | Where-Object { ($_ -notlike [System.Net.Dns]::GetHostByName(($env:computerName)).HostName) -and ($_ -notlike $env:COMPUTERNAME) -and ($_ -notlike $fqdn) }; } $results = @(); $reachableServer = @(); $unreachableServer = @(); $reachableServer += $fqdn; Write-Host "Running the health checks on the local machine."; $result = TestAdfsSTSHealth -verifyO365 $verifyO365 -verifyTrustCerts $verifyTrustCerts -adfsServers $adfsServers; foreach ($test in $result) { $test.ComputerName = $fqdn; } $results += $result; if (($adfsServers -ne $null -and $adfsServers.Count -ne 0) -and (-not ($local))) { Write-Host "Running health checks on other servers in farm." $Private = @(Get-ChildItem -Path $PSScriptRoot\*.ps1 -ErrorAction SilentlyContinue); $Public = @(Get-ChildItem -Path $PSScriptRoot\..\Public\*.ps1 -ErrorAction SilentlyContinue); $AllFunctionFiles = $Private + $Public; $commonFunctions = (Get-Command $AllFunctionFiles).ScriptContents; $commonFunctions = $commonFunctions -join [Environment]::NewLine; foreach ($server in $adfsServers) { Write-Host "Running health checks on $server."; $session = New-PSSession -ComputerName $server -ErrorAction SilentlyContinue; if ($session -eq $null) { Out-Warning "There was a problem connecting to $server, skipping this server." $unreachableServer += $server; continue; } $deserializedResult = Invoke-Command -Session $session -ArgumentList $commonFunctions -ScriptBlock { param($commonFunctions) Invoke-Expression $commonFunctions; return TestAdfsSTSHealth; } $reachableServer += $server; $serializedResult = @(); foreach ($obj in $deserializedResult) { $newObj = CreateTestResultFromPSObject $obj; $newObj.ComputerName = $server; $serializedResult += $newObj; } $results += $serializedResult; if ($session) { Remove-PSSession $Session } } } Write-Host "Successfully completed all health checks."; return New-Object TestResultsContainer -ArgumentList($results, $reachableServer, $unreachableServer); } Function TestAdfsProxyHealth() { Param( [string] $sslThumbprint ) $computerSystemObject = Get-WmiObject win32_computersystem $fqdn = $computerSystemObject.DNSHostName + "." + $computerSystemObject.Domain $functionArguments = @{"AdfsSslThumbprint" = $sslThumbprint}; $functionsToRun = @( ` "TestIsAdfsRunning", ` "TestIsAdfsProxyRunning", ` "TestSTSReachableFromProxy", ` "TestTLSMismatch", ` "TestTimeSync", ` "TestNonSelfSignedCertificatesInRootStore", ` "TestSelfSignedCertificatesInIntermediateCaStore"); if ([string]::IsNullOrWhiteSpace($sslThumbprint)) { # If Connect Health executed this test there is no way to find this thumbprint so we skip the test if (-not (IsExecutedByConnectHealth)) { $functionsToRun += "TestProxySslBindings" } } else { $functionsToRun += "TestProxySslBindings -AdfsSslThumbprint `$functionArguments.AdfsSslThumbprint"; } $results = Invoke-TestFunctions -role "Proxy" -functionsToRun $functionsToRun -functionArguments $functionArguments; foreach ($test in $results) { $test.ComputerName = $fqdn; } Write-Host "Successfully completed all health checks."; $reachableServer = @($fqdn); $unreachableServer = @(); return New-Object TestResultsContainer -ArgumentList($results, $reachableServer, $unreachableServer); } |