Exchange SE In place upgrade completed, Receive Connectors do not allow Email flow.
Kenneth J. Filadelfia
0
Reputation points
Exchange Health Checker version 25.09.08.1801
Exchange Information
Name: MAIL-SERVER.DELFIA.COM
Generation Time: 09/12/2025 16:21:01
Version: Exchange SE RTM Sep25HU
Build Number: 15.02.2562.027
Latest Install Time (SU/CU): 09/12/2025 10:13:07
Exchange IU or Security Hotfix Detected:
Security Update for Exchange Server Subscription Edition (KB5063224)
Hotfix Update for Exchange Server Subscription Edition (KB5066373)
Server Role: Mailbox
Edition: Standard
DAG Name: Standalone Server
AD Site: Default-First-Site-Name
MRS Proxy Enabled: False
Exchange Server Membership: Passed
Internet Web Proxy: Not Set
Extended Protection Enabled (Any VDir): True
Feature Flighting:
Ring Level: 1
Endpoint Service Status: 200 - Reachable
Last Service Run Time: 09/12/2025 23:08:08
Features Enabled: PING.1.0
Setting Overrides Detected: False
Monitoring Overrides Detected: False
Exchange Server Maintenance: Server is not in Maintenance Mode
Organization Information
MAPI/HTTP Enabled: True
Enable Download Domains: False
AD Split Permissions: False
Total AD Site Count: 1
Operating System Information
Version: Windows Server 2019 Standard
System Up Time: 0 day(s) 0 hour(s) 23 minute(s) 17 second(s)
Time Zone: Pacific Standard Time
Dynamic Daylight Time Enabled: True
.NET Framework: 4.8
PageFile: C:\pagefile.sys Size: 16384MB
Power Plan: High performance
Http Proxy Setting: None
Visual C++ 2012 x64: 11.0.61030 Version is current
Visual C++ 2013 x64: 12.0.40664 Version is current
Server Pending Reboot: False
Event Log - Application: --ERROR-- Not enough logs to cover 7 days. Oldest log entry is at 09/12/2025 06:38:00. This could cause issues with determining Root Cause Analysis.
Processor/Hardware Information
Type: Physical
Manufacturer: Dell Inc.
Model: PowerEdge R340
Processor: Intel(R) Xeon(R) E-2134 CPU @ 3.50GHz
Current Total Processor Usage: 21.9
Number of Processors: 1
Number of Physical Cores: 2
Number of Logical Cores: 2
Hyper-Threading: Disabled
All Processor Cores Visible: Passed
Max Processor Speed: 3504
Physical Memory: 64 GB
Warning: We recommend for the best performance to have a minimum of 128GB of RAM installed on the machine.
NIC Settings Per Active Adapter
Interface Description: Broadcom NetXtreme Gigabit Ethernet #2 [LAN]
Warning: NIC driver is over 1 year old. Verify you are at the latest version.
Driver Date: 2024-04-19
Driver Version: 221.0.6.0
MTU Size: 1500
Max Processors: 2
Max Processor Number: 1
Number of Receive Queues: 2
RSS Enabled: True
Link Speed: 1000 Mbps
IPv6 Enabled: True
IPv4 Address:
Address: 192.168.1.3/24 Gateway: 192.168.1.1
IPv6 Address:
DNS Server: 192.168.1.2
Registered In DNS: True
Sleepy NIC Disabled: False --- Warning: It's recommended to disable NIC power saving options
More Information: https://aka.ms/HC-NICPowerManagement
Packets Received Discarded: 0
Interface Description: Broadcom NetXtreme Gigabit Ethernet [WAN]
Warning: NIC driver is over 1 year old. Verify you are at the latest version.
Driver Date: 2024-04-19
Driver Version: 221.0.6.0
MTU Size: 1500
Max Processors: 2
Max Processor Number: 1
Number of Receive Queues: 2
RSS Enabled: True
Link Speed: 1000 Mbps
IPv6 Enabled: True
IPv4 Address:
Address: 98.189.218.165/28 Gateway: 98.189.218.161
IPv6 Address:
Address: 2001:579:6f00:c00:487:b34b:25cd:9168\128 Gateway: fe80::d6ad:71ff:fe0d:b419
Address: ::ffff:98.189.218.165\64 Gateway: ::ffff:98.189.218.161
DNS Server: ::ffff:192.168.1.2 68.105.28.16 192.168.1.2
Registered In DNS: True
Sleepy NIC Disabled: False --- Warning: It's recommended to disable NIC power saving options
More Information: https://aka.ms/HC-NICPowerManagement
Packets Received Discarded: 0
Multiple active network adapters detected. Exchange 2013 or greater may not need separate adapters for MAPI and replication traffic. For details please refer to https://aka.ms/HC-PlanHA#network-requirements
Frequent Configuration Issues
TCP/IP Settings: 1800000
RPC Min Connection Timeout: 0
More Information: https://aka.ms/HC-RPCSetting
FIPS Algorithm Policy Enabled: 1
EnableEccCertificateSupport Registry Value:
CTS Processor Affinity Percentage: 0
Disable Async Notification: 0
Credential Guard Enabled: False
EdgeTransport.exe.config Present: True
NodeRunner.exe memory limit: 0 MB
Open Relay Wild Card Domain: Not Set
DisablePreservation:
EXO Connector Present: False
MaxPerDomainOutboundConnections: Value set to 20, which is less than the recommended value of 40.
More details: https://aka.ms/HC-TransportRetryConfigCheck
MessageRetryInterval: Value set to 00:15:00, which is greater than the recommended value of 5 minutes.
More details: https://aka.ms/HC-TransportRetryConfigCheck
UnifiedContent Auto Cleanup Configured: False
More Information: https://aka.ms/HC-UnifiedContentCleanup
Security Settings
TLS 1.0: Disabled
RegistryKey Location Value
----------- -------- -----
Enabled SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 0
1.0\Server
DisabledByDefault SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1
1.0\Server
Enabled SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 0
1.0\Client
DisabledByDefault SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1
1.0\Client
TLS 1.1: Disabled
RegistryKey Location Value
----------- -------- -----
Enabled SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 0
1.1\Server
DisabledByDefault SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1
1.1\Server
Enabled SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 0
1.1\Client
DisabledByDefault SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1
1.1\Client
TLS 1.2: Enabled
RegistryKey Location Value
----------- -------- -----
Enabled SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1
1.2\Server
DisabledByDefault SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 0
1.2\Server
Enabled SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1
1.2\Client
DisabledByDefault SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 0
1.2\Client
RegistryKey Location Value
----------- -------- -----
SystemDefaultTlsVersions SOFTWARE\Microsoft\.NETFramework\v4.0.30319 1
SchUseStrongCrypto SOFTWARE\Microsoft\.NETFramework\v4.0.30319 1
SystemDefaultTlsVersions SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319 1
SchUseStrongCrypto SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319 1
SystemDefaultTlsVersions SOFTWARE\Microsoft\.NETFramework\v2.0.50727 NULL
SchUseStrongCrypto SOFTWARE\Microsoft\.NETFramework\v2.0.50727 NULL
SystemDefaultTlsVersions SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v2.0.50727 NULL
SchUseStrongCrypto SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v2.0.50727 NULL
SecurityProtocol: Tls, Tls11, Tls12
TlsCipherSuiteName CipherSuite Cipher Certificate Protocols
------------------ ----------- ------ ----------- ---------
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA3 49196 AES ECDSA TLS_1_2 & DTLS_1_1
84
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA2 49195 AES ECDSA TLS_1_2 & DTLS_1_1
56
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 49192 AES RSA TLS_1_2 & DTLS_1_1
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 49191 AES RSA TLS_1_2 & DTLS_1_1
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 49172 AES RSA TLS_1_0 & TLS_1_1 & TLS_1_2 &
DTLS_1_0 & DTLS_1_1
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 49171 AES RSA TLS_1_0 & TLS_1_1 & TLS_1_2 &
DTLS_1_0 & DTLS_1_1
TLS_RSA_WITH_AES_256_GCM_SHA384 157 AES RSA TLS_1_2 & DTLS_1_1
TLS_RSA_WITH_AES_128_GCM_SHA256 156 AES RSA TLS_1_2 & DTLS_1_1
TLS_RSA_WITH_AES_256_CBC_SHA256 61 AES RSA TLS_1_2 & DTLS_1_1
TLS_RSA_WITH_AES_128_CBC_SHA256 60 AES RSA TLS_1_2 & DTLS_1_1
TLS_RSA_WITH_AES_256_CBC_SHA 53 AES RSA TLS_1_0 & TLS_1_1 & TLS_1_2 &
DTLS_1_0 & DTLS_1_1
TLS_RSA_WITH_AES_128_CBC_SHA 47 AES RSA TLS_1_0 & TLS_1_1 & TLS_1_2 &
DTLS_1_0 & DTLS_1_1
AllowInsecureRenegoClients Value: 0
AllowInsecureRenegoServers Value: 0
LmCompatibilityLevel Settings: 3
Description: Clients use only NTLMv2 authentication, and they use NTLMv2 session security if the server supports it. Domain controllers accept LM, NTLM, and NTLMv2 authentication.
AES256-CBC Protected Content Support: True
SMB1 Installed: False
SMB1 Blocked: True
Certificate:
FriendlyName: delfia.com
Thumbprint: 4B5F84E6E79D9480D4C16E5B215AC8B78F3C2592
Lifetime in days: 297
Certificate has expired: False
Certificate status: Valid
Key size: 4096
ECC Certificate: False
Signature Algorithm: sha384RSA
Signature Hash Algorithm: sha384
Bound to services: IIS, SMTP
Internal Transport Certificate: True
Current Auth Certificate: False
Next Auth Certificate: False
SAN Certificate: True
Namespaces:
*.delfia.com
delfia.com
Certificate:
FriendlyName: Microsoft Exchange Server Auth Certificate - 20240514085325
Thumbprint: 61F2FDBA452962CA58C2F983559388B4877102FB
Lifetime in days: 1725
Certificate has expired: False
Certificate status: Valid
Key size: 2048
ECC Certificate: False
Signature Algorithm: sha256RSA
Signature Hash Algorithm: sha256
Bound to services: SMTP
Internal Transport Certificate: False
Current Auth Certificate: True
Next Auth Certificate: False
SAN Certificate: False
Namespaces:
Microsoft Exchange Server Auth Certificate
Certificate:
FriendlyName: WMSVC-SHA2
Thumbprint: C1BC0A192C49C27CC0C0C0D5AB687F3826AED9BB
Lifetime in days: 1725
Certificate has expired: False
Certificate status: Valid
Key size: 2048
ECC Certificate: False
Signature Algorithm: sha256RSA
Signature Hash Algorithm: sha256
Bound to services: IMAP, POP, SMTP
Internal Transport Certificate: False
Current Auth Certificate: False
Next Auth Certificate: False
SAN Certificate: False
Namespaces:
WMSvc-SHA2-MAIL-SERVER
Certificate:
FriendlyName: Microsoft Exchange Server Auth Certificate
Thumbprint: F1A30855F84B23851A6814A649CF8DC37ACEF429
Lifetime in days: 1331
Certificate has expired: False
Certificate status: Valid
Key size: 2048
ECC Certificate: False
Signature Algorithm: sha256RSA
Signature Hash Algorithm: sha256
Bound to services: SMTP
Internal Transport Certificate: False
Current Auth Certificate: False
Next Auth Certificate: False
SAN Certificate: False
Namespaces:
Microsoft Exchange Server Auth Certificate
Valid Internal Transport Certificate Found On Server: True
Valid Auth Certificate Found On Server: True
AMSI Enabled: True
AMSI Request Body Scanning: True
AMSI Request Body Size Block: False
SerializedDataSigning Enabled: True
Strict Mode disabled: False
BaseTypeCheckForDeserialization disabled: False
Exchange Emergency Mitigation Service: Enabled
Windows service: Running
Pattern service: 200 - Reachable
Mitigation applied: PING1
Run: 'Get-Mitigations.ps1' from: 'C:\Program Files\Microsoft\Exchange Server\V15\scripts\' to learn more.
Telemetry enabled: True
FIP-FS Update Issue Detected: True
Detected problematic FIP-FS version 2201010009 directory
Although it should not cause any problems, we recommend performing a FIP-FS reset
More Information: https://aka.ms/HC-FIPFSUpdateIssue
Security Vulnerability
IIS module anomalies detected: False
Security Vulnerability: Download Domains are not configured. You should configure them to be protected against CVE-2021-1730.
Configuration instructions: https://aka.ms/HC-DownloadDomains
Exchange IIS Information
Name State HSTS Enabled Protocol - Bindings - Certificate
---- ----- ------------ ---------------------------------
Default Web Site Started False http - *:80: - NULL
http - 127.0.0.1:80: - NULL
https - 127.0.0.1:443: -
4B5F84E6E79D9480D4C16E5B215AC8B78F3C2592
https - 98.189.218.165:443: -
4B5F84E6E79D9480D4C16E5B215AC8B78F3C2592
Exchange Back End Started False http - *:81: - NULL
https - *:444: - 4B5F84E6E79D9480D4C16E5B215AC8B78F3C2592
AppPoolName State GCServerEnabled RestartConditionSet
----------- ----- --------------- -------------------
MSExchangeMapiFrontEndAppPool Started True False
MSExchangeOWAAppPool Started False False
MSExchangeECPAppPool Started False False
MSExchangeRestAppPool Started False False
MSExchangeMapiAddressBookAppPool Started False False
MSExchangeRpcProxyFrontEndAppPool Started False False
MSExchangePowerShellAppPool Started False False
MSExchangePowerShellFrontEndAppPool Started False False
MSExchangeRestFrontEndAppPool Started False False
MSExchangeMapiMailboxAppPool Started False False
MSExchangeOABAppPool Started False False
MSExchangePushNotificationsAppPool Started False False
MSExchangeOWACalendarAppPool Started False False
MSExchangeAutodiscoverAppPool Started False False
MSExchangeServicesAppPool Started False False
MSExchangeSyncAppPool Started True False
MSExchangeRpcProxyAppPool Started False False
Name ExtendedProtection SslFlags IPFilteringEnabled URLRewrite Authentication
---- ------------------ -------- ------------------ ---------- --------------
Default Web Site None False False anonymous (default
setting)
Default Web Require True (128-bit) False Windows
Site/API (Negotiate,NTLM)
anonymous (default
setting)
Default Web None True (128-bit) False Windows
Site/Autodiscover (Negotiate,NTLM)
anonymous (default
setting)
digest
basic
Default Web Require True (128-bit) False anonymous (default
Site/ecp setting)
basic
Default Web Allow True (128-bit) False Windows
Site/EWS (Negotiate,NTLM)
anonymous (default
setting)
Default Web Require True (128-bit) False Windows
Site/mapi (Negotiate,NTLM)
Default Web Allow True (128-bit) False basic
Site/Microsoft-Serv
er-ActiveSync
Default Web Allow True (128-bit) False Windows
Site/Microsoft-Serv (Negotiate,NTLM)
er-ActiveSync/Proxy
Default Web Allow True (128-bit) False Windows
Site/OAB (Negotiate,NTLM)
Default Web Require True (128-bit) False basic
Site/owa
Default Web None False False
Site/PowerShell Cert(Accept)
Default Web Require True (128-bit) False Windows
Site/Rpc (Negotiate,NTLM)
basic
Exchange Back End None False False anonymous (default
setting)
Exchange Back Require True (128-bit) False Windows
End/API (Negotiate,NTLM)
anonymous (default
setting)
Exchange Back None True (128-bit) False Windows
End/Autodiscover (Negotiate,NTLM)
anonymous (default
setting)
Exchange Back Require True (128-bit) False Windows
End/ecp (Negotiate,NTLM)
anonymous (default
setting)
Exchange Back Require True (128-bit) False Windows
End/EWS (Negotiate,NTLM)
anonymous (default
setting)
Exchange Back Require True False Windows
End/mapi/emsmdb (Negotiate,NTLM)
Exchange Back Require True False Windows
End/mapi/nspi (Negotiate,NTLM)
Exchange Back Require True (128-bit) False basic
End/Microsoft-Serve
r-ActiveSync
Exchange Back Require True (128-bit) False Windows
End/Microsoft-Serve (Negotiate,NTLM)
r-ActiveSync/Proxy
Exchange Back Require True (128-bit) False Windows
End/OAB (Negotiate,NTLM)
Exchange Back Require True (128-bit) False Windows
End/owa (Negotiate,NTLM)
anonymous (default
setting)
Exchange Back Require True (128-bit) False Windows
End/PowerShell (Negotiate,NTLM)
Exchange Back Require True (128-bit) False Windows
End/Rpc (Negotiate,NTLM)
Exchange Back Require True (128-bit) False Windows
End/RpcWithCert (Negotiate,NTLM)
Output file written to .\HealthChecker-MAIL-SERVER-20250912162026.txt
Exported Data Object Written to .\HealthChecker-MAIL-SERVER-20250912162026.xml
Exchange | Exchange Server | Development
{count} votes
-
Kenneth J. Filadelfia 0 Reputation points
2025-09-13T15:47:18.8133333+00:00 The Exchange SE in place upgrade completed, it seems the Receive connectors failed, the Health Checker log seems clear ?
Sign in to comment
Sign in to answer