From 2829cc316e1a90a9ad42a159eb6ea80eb7b8e700 Mon Sep 17 00:00:00 2001 From: Valerio Marcelli Date: Mon, 27 Jan 2025 15:05:20 -0800 Subject: [PATCH 01/77] Updated function to change if error is unexpected If the error is not expected, change the print from "Failed" to "Unexpected" --- AzFilesHybrid/AzFilesHybridUtilities.ps1 | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/AzFilesHybrid/AzFilesHybridUtilities.ps1 b/AzFilesHybrid/AzFilesHybridUtilities.ps1 index 23384371..b0e02926 100644 --- a/AzFilesHybrid/AzFilesHybridUtilities.ps1 +++ b/AzFilesHybrid/AzFilesHybridUtilities.ps1 @@ -9,13 +9,17 @@ function Write-TestingPassed( function Write-TestingFailed( [Parameter(Mandatory=$true, Position=0)] - [string]$Message + [string]$Message, + [Parameter(Mandatory=$false, Position=1)] + [bool]$IsUnexpected = 0 ) { + [string] $eType = $IsUnexpected ? "Unexpected" : "Failed"; $cross = [System.Char]::ConvertFromUtf32([System.Convert]::ToInt32("2715", 16)) - Write-Host "$($PSStyle.Foreground.BrightRed)`t($cross) Failed$($PSStyle.Reset)" + Write-Host "$($PSStyle.Foreground.BrightRed)`t($cross) $eType$($PSStyle.Reset)" Write-Host "`t$($PSStyle.Foreground.BrightRed)ERROR$($PSStyle.Reset): $Message" } + function Write-TestingWarning( [Parameter(Mandatory=$true, Position=0)] [string]$Message From 0844935926ca162f5df2ad45171db75f79e90c63 Mon Sep 17 00:00:00 2001 From: Valerio Marcelli Date: Mon, 27 Jan 2025 15:06:06 -0800 Subject: [PATCH 02/77] Removed space --- AzFilesHybrid/AzFilesHybridUtilities.ps1 | 1 - 1 file changed, 1 deletion(-) diff --git a/AzFilesHybrid/AzFilesHybridUtilities.ps1 b/AzFilesHybrid/AzFilesHybridUtilities.ps1 index b0e02926..3b056775 100644 --- a/AzFilesHybrid/AzFilesHybridUtilities.ps1 +++ b/AzFilesHybrid/AzFilesHybridUtilities.ps1 @@ -19,7 +19,6 @@ function Write-TestingFailed( Write-Host "`t$($PSStyle.Foreground.BrightRed)ERROR$($PSStyle.Reset): $Message" } - function Write-TestingWarning( [Parameter(Mandatory=$true, Position=0)] [string]$Message From d06510421d8f467170bc58e025115b97a14bcf9c Mon Sep 17 00:00:00 2001 From: Valerio Marcelli Date: Mon, 27 Jan 2025 15:08:19 -0800 Subject: [PATCH 03/77] Updated Port445 try/catch with Unexpected --- AzFilesHybrid/AzFilesHybrid.psm1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/AzFilesHybrid/AzFilesHybrid.psm1 b/AzFilesHybrid/AzFilesHybrid.psm1 index 5295692a..142134de 100644 --- a/AzFilesHybrid/AzFilesHybrid.psm1 +++ b/AzFilesHybrid/AzFilesHybrid.psm1 @@ -3871,7 +3871,7 @@ function Debug-AzStorageAccountEntraKerbAuth { $checks["CheckPort445Connectivity"].Result = "Passed" Write-TestingPassed } catch { - Write-TestingFailed -Message $_ + Write-TestingFailed -Message $_ -IsUnexpected $true $checks["CheckPort445Connectivity"].Result = "Failed" $checks["CheckPort445Connectivity"].Issue = $_ } From 3fb2b6928ed7a07a22bcfcade5223dd534a7c0c4 Mon Sep 17 00:00:00 2001 From: Valerio Marcelli Date: Mon, 27 Jan 2025 15:21:14 -0800 Subject: [PATCH 04/77] Updated Port445 error message with current documentation --- AzFilesHybrid/AzFilesHybrid.psm1 | 16 +++++++--------- 1 file changed, 7 insertions(+), 9 deletions(-) diff --git a/AzFilesHybrid/AzFilesHybrid.psm1 b/AzFilesHybrid/AzFilesHybrid.psm1 index 142134de..fa1e913d 100644 --- a/AzFilesHybrid/AzFilesHybrid.psm1 +++ b/AzFilesHybrid/AzFilesHybrid.psm1 @@ -3374,13 +3374,11 @@ function Test-Port445Connectivity { if ($result.TcpTestSucceeded -eq $False) { - $message = "Unable to reach the storage account file endpoint." ` - + "`n`tTo debug connectivity problems, please refer to the troubleshooting tool for Azure" ` - + " Files mounting errors on Windows, " ` - + " `n`t'AzFileDiagnostics.ps1'($($PSStyle.Foreground.BrightCyan)https://gallery.technet.microsoft.com/Troubleshooting-tool-for-a9fa1fe5$($PSStyle.Reset))." ` - + " `n`tFor possible solutions please refer to" ` - + " '$($PSStyle.Foreground.BrightCyan)https://aka.ms/azfiles/entra-port445$($PSStyle.Reset)'" - Write-Error -Message $message -ErrorAction Stop + $errMsg = "Unable to reach the storage account file endpoint." ` + + "`n`tTo debug connectivity problems, please refer to the following," ` + + "`n`t'AzFileDiagnostics.ps1'($($PSStyle.Foreground.BrightCyan)https://github.com/Azure-Samples/azure-files-samples/tree/master/AzFileDiagnostics/Windows$($PSStyle.Reset))'." ` + + "`n`tFor possible solutions please refer to '$($PSStyle.Foreground.BrightCyan)https://aka.ms/azfiles/entra-port445$($PSStyle.Reset)'" + Write-TestingFailed -Message $errMsg -ErrorAction Stop } } } @@ -3789,7 +3787,7 @@ function Debug-AzStorageAccountAuth { } } -function Debug-AzStorageAccountEntraKerbAuth { +function Debug-AzStorageAccountEntraKerbAuth { [CmdletBinding()] param ( [Parameter(Mandatory=$True, HelpMessage="Storage account name")] @@ -3872,7 +3870,7 @@ function Debug-AzStorageAccountEntraKerbAuth { Write-TestingPassed } catch { Write-TestingFailed -Message $_ -IsUnexpected $true - $checks["CheckPort445Connectivity"].Result = "Failed" + $checks["CheckPort445Connectivity"].Result = "Unexpected" $checks["CheckPort445Connectivity"].Issue = $_ } } From aab8070e2803b71623f970604cc28d8f235960e0 Mon Sep 17 00:00:00 2001 From: Valerio Marcelli Date: Mon, 27 Jan 2025 15:23:24 -0800 Subject: [PATCH 05/77] Updated CheckAADConnectivity try/catch with 'Unexpected' --- AzFilesHybrid/AzFilesHybrid.psm1 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/AzFilesHybrid/AzFilesHybrid.psm1 b/AzFilesHybrid/AzFilesHybrid.psm1 index fa1e913d..b57a915d 100644 --- a/AzFilesHybrid/AzFilesHybrid.psm1 +++ b/AzFilesHybrid/AzFilesHybrid.psm1 @@ -3895,8 +3895,8 @@ function Debug-AzStorageAccountEntraKerbAuth { } } catch { - Write-TestingFailed -Message $_ - $checks["CheckAADConnectivity"].Result = "Failed" + Write-TestingFailed -Message $_ -IsUnexpected $true + $checks["CheckAADConnectivity"].Result = "Unexpected" $checks["CheckAADConnectivity"].Issue = $_ } } From f9d668dc372296c8b4d3a5f1db17b2b58d17c930 Mon Sep 17 00:00:00 2001 From: Valerio Marcelli Date: Tue, 28 Jan 2025 15:17:36 -0800 Subject: [PATCH 06/77] Updated AAD Connectivity try/catch --- AzFilesHybrid/AzFilesHybrid.psm1 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/AzFilesHybrid/AzFilesHybrid.psm1 b/AzFilesHybrid/AzFilesHybrid.psm1 index b57a915d..ececb577 100644 --- a/AzFilesHybrid/AzFilesHybrid.psm1 +++ b/AzFilesHybrid/AzFilesHybrid.psm1 @@ -3955,8 +3955,8 @@ function Debug-AzStorageAccountEntraKerbAuth { $checks["CheckEntraObject"].Result = "Passed" } } catch { - Write-TestingFailed -Message $_ - $checks["CheckEntraObject"].Result = "Failed" + Write-TestingFailed -Message $_ -IsUnexpected $true + $checks["CheckEntraObject"].Result = "Unexpected" $checks["CheckEntraObject"].Issue = $_ } } From 10c98887cfc045a852ed6fb122da593c63216c43 Mon Sep 17 00:00:00 2001 From: Valerio Marcelli Date: Tue, 28 Jan 2025 15:19:22 -0800 Subject: [PATCH 07/77] Updated Reg Key check try/catch --- AzFilesHybrid/AzFilesHybrid.psm1 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/AzFilesHybrid/AzFilesHybrid.psm1 b/AzFilesHybrid/AzFilesHybrid.psm1 index ececb577..a3830a0e 100644 --- a/AzFilesHybrid/AzFilesHybrid.psm1 +++ b/AzFilesHybrid/AzFilesHybrid.psm1 @@ -3980,8 +3980,8 @@ function Debug-AzStorageAccountEntraKerbAuth { $checks["CheckRegKey"].Issue = "The CloudKerberosTicketRetrievalEnabled need to be enabled to get kerberos ticket" } } catch { - Write-TestingFailed -Message $_ - $checks["CheckRegKey"].Result = "Failed" + Write-TestingFailed -Message $_ -IsUnexpected $true + $checks["CheckRegKey"].Result = "Unexpected" $checks["CheckRegKey"].Issue = $_ } } From 2386e2b49905b605bfce62cf57535d0287eb84d5 Mon Sep 17 00:00:00 2001 From: Valerio Marcelli Date: Tue, 28 Jan 2025 15:19:46 -0800 Subject: [PATCH 08/77] Updated Kerb realm mapping try/catch --- AzFilesHybrid/AzFilesHybrid.psm1 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/AzFilesHybrid/AzFilesHybrid.psm1 b/AzFilesHybrid/AzFilesHybrid.psm1 index a3830a0e..7e552b9d 100644 --- a/AzFilesHybrid/AzFilesHybrid.psm1 +++ b/AzFilesHybrid/AzFilesHybrid.psm1 @@ -4032,8 +4032,8 @@ function Debug-AzStorageAccountEntraKerbAuth { } } } catch { - Write-TestingFailed -Message $_ - $checks["CheckKerbRealmMapping"].Result = "Failed" + Write-TestingFailed -Message $_ -IsUnexpected $true + $checks["CheckKerbRealmMapping"].Result = "Unexpected" $checks["CheckKerbRealmMapping"].Issue = $_ } } From 885e96d1c5223820d948f0882ab0efbd976421bf Mon Sep 17 00:00:00 2001 From: Valerio Marcelli Date: Tue, 28 Jan 2025 15:21:18 -0800 Subject: [PATCH 09/77] updated default rbac permissions try/catch --- AzFilesHybrid/AzFilesHybrid.psm1 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/AzFilesHybrid/AzFilesHybrid.psm1 b/AzFilesHybrid/AzFilesHybrid.psm1 index 7e552b9d..f94c9ed6 100644 --- a/AzFilesHybrid/AzFilesHybrid.psm1 +++ b/AzFilesHybrid/AzFilesHybrid.psm1 @@ -4491,8 +4491,8 @@ function Debug-EntraKerbAdminConsent { $checkResult.Issue = "Admin Consent is not granted" } } catch { - Write-TestingFailed -Message $_ - $checkResult.Result = "Failed" + Write-TestingFailed -Message $_ -IsUnexpected $true + $checkResult.Result = "Unexpected" $checkResult.Issue = $_ } } From af1fdcf6b1f6b4f34a76905bcba2be2e5b6ca210 Mon Sep 17 00:00:00 2001 From: Valerio Marcelli Date: Tue, 28 Jan 2025 15:32:50 -0800 Subject: [PATCH 10/77] Updated debug-rbaccheck try/catch --- AzFilesHybrid/AzFilesHybrid.psm1 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/AzFilesHybrid/AzFilesHybrid.psm1 b/AzFilesHybrid/AzFilesHybrid.psm1 index f94c9ed6..8515e4ab 100644 --- a/AzFilesHybrid/AzFilesHybrid.psm1 +++ b/AzFilesHybrid/AzFilesHybrid.psm1 @@ -4385,9 +4385,9 @@ function Debug-RBACCheck { } catch { - $checkResult.Result = "Failed" + $checkResult.Result = "Unexpected" $checkResult.Issue = $_ - Write-TestingFailed -Message $_ + Write-TestingFailed -Message $_ -IsUnexpected $true } } } From f6c448a1418ad8f6d74a2e896eaf8698db97813d Mon Sep 17 00:00:00 2001 From: Valerio Marcelli Date: Tue, 28 Jan 2025 15:33:41 -0800 Subject: [PATCH 11/77] updated WinHttpAutoProxySvc try/catch --- AzFilesHybrid/AzFilesHybrid.psm1 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/AzFilesHybrid/AzFilesHybrid.psm1 b/AzFilesHybrid/AzFilesHybrid.psm1 index 8515e4ab..21144bf5 100644 --- a/AzFilesHybrid/AzFilesHybrid.psm1 +++ b/AzFilesHybrid/AzFilesHybrid.psm1 @@ -4124,8 +4124,8 @@ function Debug-AzStorageAccountEntraKerbAuth { } catch { - Write-TestingFailed -Message $_ - $checks["CheckWinHttpAutoProxySvc"].Result = "Failed" + Write-TestingFailed -Message $_ -IsUnexpected $true + $checks["CheckWinHttpAutoProxySvc"].Result = "Unexpected" $checks["CheckWinHttpAutoProxySvc"].Issue = $_ } } From dfc24afa8764135a59495281ca3fb4b063a995ff Mon Sep 17 00:00:00 2001 From: Valerio Marcelli Date: Tue, 28 Jan 2025 15:34:36 -0800 Subject: [PATCH 12/77] Updated iphlpsvc check try/catch --- AzFilesHybrid/AzFilesHybrid.psm1 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/AzFilesHybrid/AzFilesHybrid.psm1 b/AzFilesHybrid/AzFilesHybrid.psm1 index 21144bf5..c0bd1b0f 100644 --- a/AzFilesHybrid/AzFilesHybrid.psm1 +++ b/AzFilesHybrid/AzFilesHybrid.psm1 @@ -4153,8 +4153,8 @@ function Debug-AzStorageAccountEntraKerbAuth { } catch { - Write-TestingFailed -Message $_ - $checks["CheckIpHlpScv"].Result = "Failed" + Write-TestingFailed -Message $_ -IsUnexpected $true + $checks["CheckIpHlpScv"].Result = "Unexpected" $checks["CheckIpHlpScv"].Issue = $_ } From fb7921a85576803606dd6bbea2832c61af85a44f Mon Sep 17 00:00:00 2001 From: Valerio Marcelli Date: Tue, 28 Jan 2025 15:35:50 -0800 Subject: [PATCH 13/77] updated fiddler proxy check try/catch --- AzFilesHybrid/AzFilesHybrid.psm1 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/AzFilesHybrid/AzFilesHybrid.psm1 b/AzFilesHybrid/AzFilesHybrid.psm1 index c0bd1b0f..46e13b8b 100644 --- a/AzFilesHybrid/AzFilesHybrid.psm1 +++ b/AzFilesHybrid/AzFilesHybrid.psm1 @@ -4201,8 +4201,8 @@ function Debug-AzStorageAccountEntraKerbAuth { } catch { - Write-TestingFailed -Message $_ - $checks["CheckFiddlerProxy"].Result = "Failed" + Write-TestingFailed -Message $_ -IsUnexpected $true + $checks["CheckFiddlerProxy"].Result = "Unexpected" $checks["CheckFiddlerProxy"].Issue = $_ } } From bd03a948d68acc98376b80ab26d0862585d31197 Mon Sep 17 00:00:00 2001 From: Valerio Marcelli Date: Tue, 28 Jan 2025 15:36:54 -0800 Subject: [PATCH 14/77] updated HAADJ/AADJ check try/catch --- AzFilesHybrid/AzFilesHybrid.psm1 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/AzFilesHybrid/AzFilesHybrid.psm1 b/AzFilesHybrid/AzFilesHybrid.psm1 index 46e13b8b..6708a311 100644 --- a/AzFilesHybrid/AzFilesHybrid.psm1 +++ b/AzFilesHybrid/AzFilesHybrid.psm1 @@ -4237,8 +4237,8 @@ function Debug-AzStorageAccountEntraKerbAuth { } catch { - Write-TestingFailed -Message $_ - $checks["CheckEntraJoinType"].Result = "Failed" + Write-TestingFailed -Message $_ -IsUnexpected $true + $checks["CheckEntraJoinType"].Result = "Unexpected" $checks["CheckEntraJoinType"].Issue = $_ } } From 3144d27719a2181b6aa538851657b2af286a46e3 Mon Sep 17 00:00:00 2001 From: Valerio Marcelli Date: Thu, 6 Feb 2025 15:43:28 -0800 Subject: [PATCH 15/77] added Port 445 intro --- AzFilesHybrid/AzFilesHybrid.psm1 | 1 + 1 file changed, 1 insertion(+) diff --git a/AzFilesHybrid/AzFilesHybrid.psm1 b/AzFilesHybrid/AzFilesHybrid.psm1 index 6708a311..0a8d6c70 100644 --- a/AzFilesHybrid/AzFilesHybrid.psm1 +++ b/AzFilesHybrid/AzFilesHybrid.psm1 @@ -4583,6 +4583,7 @@ function Debug-AzStorageAccountADDSAuth { # if (!$filterIsPresent -or $Filter -match "CheckPort445Connectivity") { + Write-Host "Checking Port 445" try { $checksExecuted += 1; Write-Verbose "CheckPort445Connectivity - START" From f44c2278cec3deb2cb600947ee10732d0854123b Mon Sep 17 00:00:00 2001 From: Valerio Marcelli Date: Thu, 6 Feb 2025 15:45:23 -0800 Subject: [PATCH 16/77] Added Domain Join intro --- AzFilesHybrid/AzFilesHybrid.psm1 | 1 + 1 file changed, 1 insertion(+) diff --git a/AzFilesHybrid/AzFilesHybrid.psm1 b/AzFilesHybrid/AzFilesHybrid.psm1 index 0a8d6c70..dab6ee7a 100644 --- a/AzFilesHybrid/AzFilesHybrid.psm1 +++ b/AzFilesHybrid/AzFilesHybrid.psm1 @@ -4605,6 +4605,7 @@ function Debug-AzStorageAccountADDSAuth { # if (!$filterIsPresent -or $Filter -match "CheckDomainJoined") { + Write-Host "Checking Domain Join" try { $checksExecuted += 1; Write-Verbose "CheckDomainJoined - START" From c847cc0fa7ce21e535d4af4e0c9177fda9f573b4 Mon Sep 17 00:00:00 2001 From: Valerio Marcelli Date: Thu, 6 Feb 2025 15:50:01 -0800 Subject: [PATCH 17/77] Added AD Object check --- AzFilesHybrid/AzFilesHybrid.psm1 | 1 + 1 file changed, 1 insertion(+) diff --git a/AzFilesHybrid/AzFilesHybrid.psm1 b/AzFilesHybrid/AzFilesHybrid.psm1 index dab6ee7a..49060e8f 100644 --- a/AzFilesHybrid/AzFilesHybrid.psm1 +++ b/AzFilesHybrid/AzFilesHybrid.psm1 @@ -4632,6 +4632,7 @@ function Debug-AzStorageAccountADDSAuth { if (!$filterIsPresent -or $Filter -match "CheckADObject") { + Write-Host "Checking AD Object" try { $checksExecuted += 1; Write-Verbose "CheckADObject - START" From 5c52b524ffd0c8d579a4db1e2d3ea28db85719db Mon Sep 17 00:00:00 2001 From: Valerio Marcelli Date: Thu, 6 Feb 2025 15:50:21 -0800 Subject: [PATCH 18/77] Added Domain Join Test Pass --- AzFilesHybrid/AzFilesHybrid.psm1 | 1 + 1 file changed, 1 insertion(+) diff --git a/AzFilesHybrid/AzFilesHybrid.psm1 b/AzFilesHybrid/AzFilesHybrid.psm1 index 49060e8f..1a3a335f 100644 --- a/AzFilesHybrid/AzFilesHybrid.psm1 +++ b/AzFilesHybrid/AzFilesHybrid.psm1 @@ -4621,6 +4621,7 @@ function Debug-AzStorageAccountADDSAuth { } $checks["CheckDomainJoined"].Result = "Passed" + Write-TestingPassed Write-Verbose "CheckDomainJoined - SUCCESS" } catch { $checks["CheckDomainJoined"].Result = "Failed" From 14ab0ae3e8f00628920b84fa08dfa69d96597b35 Mon Sep 17 00:00:00 2001 From: Valerio Marcelli Date: Thu, 6 Feb 2025 15:50:31 -0800 Subject: [PATCH 19/77] Added Port445 Test Pass --- AzFilesHybrid/AzFilesHybrid.psm1 | 1 + 1 file changed, 1 insertion(+) diff --git a/AzFilesHybrid/AzFilesHybrid.psm1 b/AzFilesHybrid/AzFilesHybrid.psm1 index 1a3a335f..20ede0aa 100644 --- a/AzFilesHybrid/AzFilesHybrid.psm1 +++ b/AzFilesHybrid/AzFilesHybrid.psm1 @@ -4591,6 +4591,7 @@ function Debug-AzStorageAccountADDSAuth { Test-Port445Connectivity -StorageAccountFileEndPoint $fileEndpoint -ErrorAction Stop $checks["CheckPort445Connectivity"].Result = "Passed" + Write-TestingPassed Write-Verbose "CheckPort445Connectivity - SUCCESS" } catch { $checks["CheckPort445Connectivity"].Result = "Failed" From 7e791b28e91d2a24ac1b484b7609138e45702ce4 Mon Sep 17 00:00:00 2001 From: Valerio Marcelli Date: Thu, 6 Feb 2025 15:53:06 -0800 Subject: [PATCH 20/77] Updated Port445 try/catch error --- AzFilesHybrid/AzFilesHybrid.psm1 | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/AzFilesHybrid/AzFilesHybrid.psm1 b/AzFilesHybrid/AzFilesHybrid.psm1 index 20ede0aa..cb0f13c7 100644 --- a/AzFilesHybrid/AzFilesHybrid.psm1 +++ b/AzFilesHybrid/AzFilesHybrid.psm1 @@ -4596,8 +4596,7 @@ function Debug-AzStorageAccountADDSAuth { } catch { $checks["CheckPort445Connectivity"].Result = "Failed" $checks["CheckPort445Connectivity"].Issue = $_ - Write-Error "CheckPort445Connectivity - FAILED" - Write-Error $_ + Write-TestingFailed -Message $_ -IsUnexpected $true } } From bdc777ccd45c1f787a5b5fd6608bc55e7c92fcdc Mon Sep 17 00:00:00 2001 From: Valerio Marcelli Date: Thu, 6 Feb 2025 16:24:24 -0800 Subject: [PATCH 21/77] updated Domain Join error message --- AzFilesHybrid/AzFilesHybrid.psm1 | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/AzFilesHybrid/AzFilesHybrid.psm1 b/AzFilesHybrid/AzFilesHybrid.psm1 index cb0f13c7..34c0564e 100644 --- a/AzFilesHybrid/AzFilesHybrid.psm1 +++ b/AzFilesHybrid/AzFilesHybrid.psm1 @@ -4614,10 +4614,10 @@ function Debug-AzStorageAccountADDSAuth { { $message = "Machine is not domain-joined." ` + " Being domain-joined to an AD DS domain is a prerequisite for mounting" ` - + " Azure file shares without having to explicitly provide user credentials at every mount.See https://docs.microsoft.com/en-us/azure/storage/files/storage-files-identity-auth-active-directory-enable#prerequisites.\n\n" ` + + " Azure file shares without having to explicitly provide user credentials at every mount.See '$($PSStyle.Foreground.BrightCyan)https://aka.ms/azfiles/adds-domainjoin$($PSStyle.Reset)'\n\n" ` + " Mounting through a machine that isn't domain-joined is also supported," ` - + " but you must (1) have unimpeded network connectivity to the domain controller, and (2) explicitly provide AD DS user credentials when mounting. See https://learn.microsoft.com/en-us/azure/storage/files/storage-files-identity-ad-ds-mount-file-share#mount-the-file-share-from-a-non-domain-joined-vm-or-a-vm-joined-to-a-different-ad-domain " - Write-Error -Message $message -ErrorAction Stop + + " but you must (1) have unimpeded network connectivity to the domain controller, and (2) explicitly provide AD DS user credentials when mounting. See '$($PSStyle.Foreground.BrightCyan)https://aka.ms/azfiles/adds-mountfileshare$($PSStyle.Reset)'" + Write-TestingFailed -Message $message -ErrorAction Stop } $checks["CheckDomainJoined"].Result = "Passed" From 59a19af6f0b6a6e71c36d3507aa4068ae4679b08 Mon Sep 17 00:00:00 2001 From: Valerio Marcelli Date: Thu, 6 Feb 2025 16:30:23 -0800 Subject: [PATCH 22/77] Updated Domain Join try/catch error --- AzFilesHybrid/AzFilesHybrid.psm1 | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/AzFilesHybrid/AzFilesHybrid.psm1 b/AzFilesHybrid/AzFilesHybrid.psm1 index 34c0564e..e16fe273 100644 --- a/AzFilesHybrid/AzFilesHybrid.psm1 +++ b/AzFilesHybrid/AzFilesHybrid.psm1 @@ -4609,7 +4609,6 @@ function Debug-AzStorageAccountADDSAuth { try { $checksExecuted += 1; Write-Verbose "CheckDomainJoined - START" - if (!(Get-IsDomainJoined)) { $message = "Machine is not domain-joined." ` @@ -4626,8 +4625,7 @@ function Debug-AzStorageAccountADDSAuth { } catch { $checks["CheckDomainJoined"].Result = "Failed" $checks["CheckDomainJoined"].Issue = $_ - Write-Error "CheckDomainJoined - FAILED" - Write-Error $_ + Write-TestingFailed -Message $_ -IsUnexpected $true } } From b7b736357922415429298ddb85b8e05c2a9a1729 Mon Sep 17 00:00:00 2001 From: Valerio Marcelli Date: Thu, 6 Feb 2025 17:45:28 -0800 Subject: [PATCH 23/77] Updated Ad Object Check added updated messages for pass and for fail --- AzFilesHybrid/AzFilesHybrid.psm1 | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/AzFilesHybrid/AzFilesHybrid.psm1 b/AzFilesHybrid/AzFilesHybrid.psm1 index e16fe273..dc7dc7ee 100644 --- a/AzFilesHybrid/AzFilesHybrid.psm1 +++ b/AzFilesHybrid/AzFilesHybrid.psm1 @@ -4618,7 +4618,6 @@ function Debug-AzStorageAccountADDSAuth { + " but you must (1) have unimpeded network connectivity to the domain controller, and (2) explicitly provide AD DS user credentials when mounting. See '$($PSStyle.Foreground.BrightCyan)https://aka.ms/azfiles/adds-mountfileshare$($PSStyle.Reset)'" Write-TestingFailed -Message $message -ErrorAction Stop } - $checks["CheckDomainJoined"].Result = "Passed" Write-TestingPassed Write-Verbose "CheckDomainJoined - SUCCESS" @@ -4628,7 +4627,9 @@ function Debug-AzStorageAccountADDSAuth { Write-TestingFailed -Message $_ -IsUnexpected $true } } - + # + # AD Object Check + # if (!$filterIsPresent -or $Filter -match "CheckADObject") { Write-Host "Checking AD Object" @@ -4641,11 +4642,11 @@ function Debug-AzStorageAccountADDSAuth { $checks["CheckADObject"].Result = "Passed" Write-Verbose "CheckADObject - SUCCESS" + Write-TestingPassed } catch { $checks["CheckADObject"].Result = "Failed" $checks["CheckADObject"].Issue = $_ - Write-Error "CheckADObject - FAILED" - Write-Error $_ + Write-TestingFailed -Message $_ -IsUnexpected $true } } From ea0976ab4615a7d603f162ecab1337220db8e182 Mon Sep 17 00:00:00 2001 From: Valerio Marcelli Date: Thu, 6 Feb 2025 17:45:51 -0800 Subject: [PATCH 24/77] Added Kerberos Ticket Check intro --- AzFilesHybrid/AzFilesHybrid.psm1 | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/AzFilesHybrid/AzFilesHybrid.psm1 b/AzFilesHybrid/AzFilesHybrid.psm1 index dc7dc7ee..be8b7045 100644 --- a/AzFilesHybrid/AzFilesHybrid.psm1 +++ b/AzFilesHybrid/AzFilesHybrid.psm1 @@ -4649,9 +4649,12 @@ function Debug-AzStorageAccountADDSAuth { Write-TestingFailed -Message $_ -IsUnexpected $true } } - + # + # Kerberos Ticket Check + # if (!$filterIsPresent -or $Filter -match "CheckGetKerberosTicket") { + Write-Host "Checking Kerberos Ticket" try { $checksExecuted += 1; Write-Verbose "CheckGetKerberosTicket - START" From 81959be97023a73270d6c676089cff4fac5afd7f Mon Sep 17 00:00:00 2001 From: Valerio Marcelli Date: Thu, 6 Feb 2025 17:46:11 -0800 Subject: [PATCH 25/77] Kerberos Ticket Pass updated --- AzFilesHybrid/AzFilesHybrid.psm1 | 1 + 1 file changed, 1 insertion(+) diff --git a/AzFilesHybrid/AzFilesHybrid.psm1 b/AzFilesHybrid/AzFilesHybrid.psm1 index be8b7045..fff936f1 100644 --- a/AzFilesHybrid/AzFilesHybrid.psm1 +++ b/AzFilesHybrid/AzFilesHybrid.psm1 @@ -4664,6 +4664,7 @@ function Debug-AzStorageAccountADDSAuth { $checks["CheckGetKerberosTicket"].Result = "Passed" Write-Verbose "CheckGetKerberosTicket - SUCCESS" + Write-TestingPassed } catch { $checks["CheckGetKerberosTicket"].Result = "Failed" $checks["CheckGetKerberosTicket"].Issue = $_ From 13ef48ee81e29047015765ed873e818c6f399eb6 Mon Sep 17 00:00:00 2001 From: Valerio Marcelli Date: Thu, 6 Feb 2025 17:46:33 -0800 Subject: [PATCH 26/77] Updated Kerberos ticket try/catch fail --- AzFilesHybrid/AzFilesHybrid.psm1 | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/AzFilesHybrid/AzFilesHybrid.psm1 b/AzFilesHybrid/AzFilesHybrid.psm1 index fff936f1..df553a8d 100644 --- a/AzFilesHybrid/AzFilesHybrid.psm1 +++ b/AzFilesHybrid/AzFilesHybrid.psm1 @@ -4668,8 +4668,7 @@ function Debug-AzStorageAccountADDSAuth { } catch { $checks["CheckGetKerberosTicket"].Result = "Failed" $checks["CheckGetKerberosTicket"].Issue = $_ - Write-Error "CheckGetKerberosTicket - FAILED" - Write-Error $_ + Write-TestingFailed -Message $_ -IsUnexpected $true } } From 4f2393432641dd5979186924c20d658a8db0e718 Mon Sep 17 00:00:00 2001 From: Valerio Marcelli Date: Thu, 6 Feb 2025 17:46:53 -0800 Subject: [PATCH 27/77] Added Kerberos Ticket Encryption intro --- AzFilesHybrid/AzFilesHybrid.psm1 | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/AzFilesHybrid/AzFilesHybrid.psm1 b/AzFilesHybrid/AzFilesHybrid.psm1 index df553a8d..7d824e12 100644 --- a/AzFilesHybrid/AzFilesHybrid.psm1 +++ b/AzFilesHybrid/AzFilesHybrid.psm1 @@ -4671,9 +4671,12 @@ function Debug-AzStorageAccountADDSAuth { Write-TestingFailed -Message $_ -IsUnexpected $true } } - + # + # Kerberos Ticket Encryption Check + # if (!$filterIsPresent -or $Filter -match "CheckKerberosTicketEncryption") { + Write-Host "Checking Kerberos Ticket Encryption" try { $checksExecuted += 1; Write-Verbose "CheckKerberosTicketEncryption - START" From a04869d9db9bc528f48e1a131eda83c6de8f9db9 Mon Sep 17 00:00:00 2001 From: Valerio Marcelli Date: Thu, 6 Feb 2025 17:47:12 -0800 Subject: [PATCH 28/77] Updated Kerb Ticket Encryption Pass --- AzFilesHybrid/AzFilesHybrid.psm1 | 1 + 1 file changed, 1 insertion(+) diff --git a/AzFilesHybrid/AzFilesHybrid.psm1 b/AzFilesHybrid/AzFilesHybrid.psm1 index 7d824e12..7ab40daa 100644 --- a/AzFilesHybrid/AzFilesHybrid.psm1 +++ b/AzFilesHybrid/AzFilesHybrid.psm1 @@ -4686,6 +4686,7 @@ function Debug-AzStorageAccountADDSAuth { $checks["CheckKerberosTicketEncryption"].Result = "Passed" Write-Verbose "CheckKerberosTicketEncryption - SUCCESS" + Write-TestingPassed } catch { $checks["CheckKerberosTicketEncryption"].Result = "Failed" $checks["CheckKerberosTicketEncryption"].Issue = $_ From ab000471a4c98290da938aa3587fb983808b968b Mon Sep 17 00:00:00 2001 From: Valerio Marcelli Date: Thu, 6 Feb 2025 17:47:32 -0800 Subject: [PATCH 29/77] Updated Kerberos Ticket Encryption Fail --- AzFilesHybrid/AzFilesHybrid.psm1 | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/AzFilesHybrid/AzFilesHybrid.psm1 b/AzFilesHybrid/AzFilesHybrid.psm1 index 7ab40daa..a85027ef 100644 --- a/AzFilesHybrid/AzFilesHybrid.psm1 +++ b/AzFilesHybrid/AzFilesHybrid.psm1 @@ -4690,8 +4690,7 @@ function Debug-AzStorageAccountADDSAuth { } catch { $checks["CheckKerberosTicketEncryption"].Result = "Failed" $checks["CheckKerberosTicketEncryption"].Issue = $_ - Write-Error "CheckKerberosTicketEncryption - FAILED" - Write-Error $_ + Write-TestingFailed -Message $_ -IsUnexpected $true } } From e4844389d1692e9fdc4375cc5d729a0757886fb6 Mon Sep 17 00:00:00 2001 From: Valerio Marcelli Date: Thu, 6 Feb 2025 17:47:44 -0800 Subject: [PATCH 30/77] Added Channel Encryption Intro --- AzFilesHybrid/AzFilesHybrid.psm1 | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/AzFilesHybrid/AzFilesHybrid.psm1 b/AzFilesHybrid/AzFilesHybrid.psm1 index a85027ef..b633ad9f 100644 --- a/AzFilesHybrid/AzFilesHybrid.psm1 +++ b/AzFilesHybrid/AzFilesHybrid.psm1 @@ -4693,9 +4693,12 @@ function Debug-AzStorageAccountADDSAuth { Write-TestingFailed -Message $_ -IsUnexpected $true } } - + # + # Channel Encryption Check + # if (!$filterIsPresent -or $Filter -match "CheckChannelEncryption") { + Write-Host "Checking Channel Encryption" try { $checksExecuted += 1; Write-Verbose "CheckChannelEncryption - START" From 2f60e3364f25fd76ba80eec9088367f032406334 Mon Sep 17 00:00:00 2001 From: Valerio Marcelli Date: Fri, 7 Feb 2025 08:26:39 -0800 Subject: [PATCH 31/77] updated channel encryption warning --- AzFilesHybrid/AzFilesHybrid.psm1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/AzFilesHybrid/AzFilesHybrid.psm1 b/AzFilesHybrid/AzFilesHybrid.psm1 index b633ad9f..0a607c24 100644 --- a/AzFilesHybrid/AzFilesHybrid.psm1 +++ b/AzFilesHybrid/AzFilesHybrid.psm1 @@ -4708,7 +4708,7 @@ function Debug-AzStorageAccountADDSAuth { $cmdletNeeded = "Get-SmbServerConfiguration" if(!(Get-Command $cmdletNeeded -ErrorAction SilentlyContinue)) { - Write-Verbose -Message "Your system does not have or support the command needed for the check '$cmdletNeeded'." -ErrorAction Stop + Write-TestingWarning -Message "Your system does not have or support the command needed for the check '$cmdletNeeded'." -ErrorAction Stop $checks["CheckChannelEncryption"].Result = "Skipped" } From ca041775afdf212fea38054046c375f2333aa059 Mon Sep 17 00:00:00 2001 From: Valerio Marcelli Date: Fri, 7 Feb 2025 08:32:57 -0800 Subject: [PATCH 32/77] Updated Channel Encryption Warning --- AzFilesHybrid/AzFilesHybrid.psm1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/AzFilesHybrid/AzFilesHybrid.psm1 b/AzFilesHybrid/AzFilesHybrid.psm1 index 0a607c24..463039b2 100644 --- a/AzFilesHybrid/AzFilesHybrid.psm1 +++ b/AzFilesHybrid/AzFilesHybrid.psm1 @@ -4714,7 +4714,7 @@ function Debug-AzStorageAccountADDSAuth { if(!((Get-SmbServerConfiguration).PSobject.Properties.Name -contains "EncryptionCiphers")) { - Write-Verbose -Message "Your operating system does not support the property 'EncryptionCiphers' of the cmdlet 'Get-SmbServerConfiguration'. Please refer to 'https://docs.microsoft.com/en-us/powershell/module/smbshare/set-smbserverconfiguration?view=windowsserver2022-ps'" + Write-TestingWarning -Message "Your operating system does not support the property 'EncryptionCiphers' of the cmdlet 'Get-SmbServerConfiguration'. Please refer to '$($PSStyle.Foreground.BrightCyan)https://aka.ms/azfiles/adds-encryptionciphers$($PSStyle.Reset)'" $checks["CheckChannelEncryption"].Result = "Skipped" } else From 0baab7b3e63540ac8d3b0e0bf14df2f1470a62d4 Mon Sep 17 00:00:00 2001 From: Valerio Marcelli Date: Fri, 7 Feb 2025 08:33:12 -0800 Subject: [PATCH 33/77] Added Pass for Channel Encryption --- AzFilesHybrid/AzFilesHybrid.psm1 | 1 + 1 file changed, 1 insertion(+) diff --git a/AzFilesHybrid/AzFilesHybrid.psm1 b/AzFilesHybrid/AzFilesHybrid.psm1 index 463039b2..c7fa14d2 100644 --- a/AzFilesHybrid/AzFilesHybrid.psm1 +++ b/AzFilesHybrid/AzFilesHybrid.psm1 @@ -4723,6 +4723,7 @@ function Debug-AzStorageAccountADDSAuth { -ResourceGroupName $ResourceGroupName -ErrorAction Stop $checks["CheckChannelEncryption"].Result = "Passed" + Write-TestingPassed Write-Verbose "CheckChannelEncryption - SUCCESS" } } catch { From e853342b9f00a2f5f2b9886c9cfc47811ffa4ddf Mon Sep 17 00:00:00 2001 From: Valerio Marcelli Date: Fri, 7 Feb 2025 08:34:32 -0800 Subject: [PATCH 34/77] Updated Channel Encryption try/catch error --- AzFilesHybrid/AzFilesHybrid.psm1 | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/AzFilesHybrid/AzFilesHybrid.psm1 b/AzFilesHybrid/AzFilesHybrid.psm1 index c7fa14d2..37479e9a 100644 --- a/AzFilesHybrid/AzFilesHybrid.psm1 +++ b/AzFilesHybrid/AzFilesHybrid.psm1 @@ -4729,8 +4729,7 @@ function Debug-AzStorageAccountADDSAuth { } catch { $checks["CheckChannelEncryption"].Result = "Failed" $checks["CheckChannelEncryption"].Issue = $_ - Write-Error "CheckChannelEncryption - FAILED" - Write-Error $_ + Write-TestingFailed -Message $_ -IsUnexpected $true } } From 31410190bf895e2cd4339b4774977057579048f4 Mon Sep 17 00:00:00 2001 From: Valerio Marcelli Date: Fri, 7 Feb 2025 14:39:45 -0800 Subject: [PATCH 35/77] Domain Line of Sight updated updated intro, testing pass, and try/catch error message --- AzFilesHybrid/AzFilesHybrid.psm1 | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/AzFilesHybrid/AzFilesHybrid.psm1 b/AzFilesHybrid/AzFilesHybrid.psm1 index 37479e9a..c8bcdb48 100644 --- a/AzFilesHybrid/AzFilesHybrid.psm1 +++ b/AzFilesHybrid/AzFilesHybrid.psm1 @@ -4731,10 +4731,13 @@ function Debug-AzStorageAccountADDSAuth { $checks["CheckChannelEncryption"].Issue = $_ Write-TestingFailed -Message $_ -IsUnexpected $true } - } - + } + # + # Domain Line of Sight Check + # if (!$filterIsPresent -or $Filter -match "CheckDomainLineOfSight") { + Write-Host "Checking Domain Line of Sight" try { $checksExecuted += 1; Write-Verbose "CheckDomainLineOfSight - START" @@ -4744,11 +4747,11 @@ function Debug-AzStorageAccountADDSAuth { $checks["CheckDomainLineOfSight"].Result = "Passed" Write-Verbose "CheckDomainLineOfSight - SUCCESS" + Write-TestingPassed } catch { $checks["CheckDomainLineOfSight"].Result = "Failed" $checks["CheckDomainLineOfSight"].Issue = $_ - Write-Error "CheckDomainLineOfSight - FAILED" - Write-Error $_ + Write-TestingFailed -Message $_ -IsUnexpected $true } } From 527bf5c14f6ae5790e74cb1ec12e8f55f0be7421 Mon Sep 17 00:00:00 2001 From: Valerio Marcelli Date: Fri, 7 Feb 2025 14:40:08 -0800 Subject: [PATCH 36/77] Updated AD Object Password Check intro --- AzFilesHybrid/AzFilesHybrid.psm1 | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/AzFilesHybrid/AzFilesHybrid.psm1 b/AzFilesHybrid/AzFilesHybrid.psm1 index c8bcdb48..83f49d00 100644 --- a/AzFilesHybrid/AzFilesHybrid.psm1 +++ b/AzFilesHybrid/AzFilesHybrid.psm1 @@ -4754,9 +4754,12 @@ function Debug-AzStorageAccountADDSAuth { Write-TestingFailed -Message $_ -IsUnexpected $true } } - + # + # AD Object Password Check + # if (!$filterIsPresent -or $Filter -match "CheckADObjectPasswordIsCorrect") { + Write-Host "Checking Ad Object Password" try { $checksExecuted += 1; Write-Verbose "CheckADObjectPasswordIsCorrect - START" From 1748f8275b0c9b431d0419f4cef89277c0869b0f Mon Sep 17 00:00:00 2001 From: Valerio Marcelli Date: Fri, 7 Feb 2025 14:40:27 -0800 Subject: [PATCH 37/77] Updated Ad Object testing pass --- AzFilesHybrid/AzFilesHybrid.psm1 | 1 + 1 file changed, 1 insertion(+) diff --git a/AzFilesHybrid/AzFilesHybrid.psm1 b/AzFilesHybrid/AzFilesHybrid.psm1 index 83f49d00..f974e58c 100644 --- a/AzFilesHybrid/AzFilesHybrid.psm1 +++ b/AzFilesHybrid/AzFilesHybrid.psm1 @@ -4769,6 +4769,7 @@ function Debug-AzStorageAccountADDSAuth { $checks["CheckADObjectPasswordIsCorrect"].Result = "Passed" Write-Verbose "CheckADObjectPasswordIsCorrect - SUCCESS" + Write-TestingPassed } catch { $checks["CheckADObjectPasswordIsCorrect"].Result = "Failed" $checks["CheckADObjectPasswordIsCorrect"].Issue = $_ From 48bae93d4d5a2b0c8774e9d82a404b865bf7fd38 Mon Sep 17 00:00:00 2001 From: Valerio Marcelli Date: Fri, 7 Feb 2025 14:41:56 -0800 Subject: [PATCH 38/77] updated ad object try/catch error --- AzFilesHybrid/AzFilesHybrid.psm1 | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/AzFilesHybrid/AzFilesHybrid.psm1 b/AzFilesHybrid/AzFilesHybrid.psm1 index f974e58c..810fbc12 100644 --- a/AzFilesHybrid/AzFilesHybrid.psm1 +++ b/AzFilesHybrid/AzFilesHybrid.psm1 @@ -4773,8 +4773,7 @@ function Debug-AzStorageAccountADDSAuth { } catch { $checks["CheckADObjectPasswordIsCorrect"].Result = "Failed" $checks["CheckADObjectPasswordIsCorrect"].Issue = $_ - Write-Error "CheckADObjectPasswordIsCorrect - FAILED" - Write-Error $_ + Write-TestingFailed -Mesage $_ -IsUnexpected $true } } From 779a021b59ed8a988f66c32138eca0fd01640a8d Mon Sep 17 00:00:00 2001 From: Valerio Marcelli Date: Fri, 7 Feb 2025 14:46:43 -0800 Subject: [PATCH 39/77] Updated AAD User SID Check Added intro Updated $null check message Updated testing pass output Updated try/catch error message --- AzFilesHybrid/AzFilesHybrid.psm1 | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/AzFilesHybrid/AzFilesHybrid.psm1 b/AzFilesHybrid/AzFilesHybrid.psm1 index 810fbc12..01466e17 100644 --- a/AzFilesHybrid/AzFilesHybrid.psm1 +++ b/AzFilesHybrid/AzFilesHybrid.psm1 @@ -4776,9 +4776,12 @@ function Debug-AzStorageAccountADDSAuth { Write-TestingFailed -Mesage $_ -IsUnexpected $true } } - + # + # SID for AAD User Check + # if (!$filterIsPresent -or $Filter -match "CheckSidHasAadUser") { + Write-Host "Checking SID for AAD User" try { $checksExecuted += 1; Write-Verbose "CheckSidHasAadUser - START" @@ -4794,18 +4797,18 @@ function Debug-AzStorageAccountADDSAuth { + " user $UserName' in domain '$Domain'. Please ensure the domain '$Domain' is" ` + " synced to Azure Active Directory using Azure AD Connect" ` + " (https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-install-roadmap)" - Write-Error -Message $message -ErrorAction Stop + Write-TestingFailed -Message $message -ErrorAction Stop } Write-Verbose "Found AAD user '$($aadUser.UserPrincipalName)' for SID $($currentUser.Sid)" $checks["CheckSidHasAadUser"].Result = "Passed" Write-Verbose "CheckSidHasAadUser - SUCCESS" + Write-TestingPassed } catch { $checks["CheckSidHasAadUser"].Result = "Failed" $checks["CheckSidHasAadUser"].Issue = $_ - Write-Error "CheckSidHasAadUser - FAILED" - Write-Error $_ + Write-TestingFailed -Message $_ -IsUnexpected $true } } From 44a97b18ecf2a80d9f3d8840e6f8a9728057c5ef Mon Sep 17 00:00:00 2001 From: Valerio Marcelli Date: Fri, 7 Feb 2025 15:03:33 -0800 Subject: [PATCH 40/77] Updated AAD User has SID Check Added intro Updated null check error message Updated string check error messages Updated testing pass check Updated try/catch error message --- AzFilesHybrid/AzFilesHybrid.psm1 | 19 +++++++++++-------- 1 file changed, 11 insertions(+), 8 deletions(-) diff --git a/AzFilesHybrid/AzFilesHybrid.psm1 b/AzFilesHybrid/AzFilesHybrid.psm1 index 01466e17..1f293e48 100644 --- a/AzFilesHybrid/AzFilesHybrid.psm1 +++ b/AzFilesHybrid/AzFilesHybrid.psm1 @@ -4811,15 +4811,18 @@ function Debug-AzStorageAccountADDSAuth { Write-TestingFailed -Message $_ -IsUnexpected $true } } - + # + # AAD User has SID Check + # if (!$filterIsPresent -or $Filter -match "CheckAadUserHasSid") { + Write-Host "Checking AAD User has SID" try { $checksExecuted += 1; Write-Verbose "CheckAadUserHasSid - START" if ([string]::IsNullOrEmpty($ObjectId)) { - Write-Verbose -Message "Missing required parameter ObjectId for CheckAadUserHasSid requires ObjectId parameter to be present, skipping CheckAadUserHasSid" + Write-Warning -Message "Missing required parameter ObjectId for CheckAadUserHasSid requires ObjectId parameter to be present, skipping CheckAadUserHasSid" $checks["CheckAadUserHasSid"].Result = "Skipped" } else { @@ -4835,14 +4838,14 @@ function Debug-AzStorageAccountADDSAuth { if ($null -eq $aadUser) { $message = "Cannot find an Azure AD user with ObjectId $ObjectId. Please check" ` + " whether the provided ObjecId is correct or not." - Write-Error -Message $message -ErrorAction Stop + Write-TestingFailed -Message $message -ErrorAction Stop } if ([string]::IsNullOrEmpty($aadUser.OnPremisesSecurityIdentifier)) { $message = "Azure AD user $ObjectId has no OnPremisesSecurityIdentifier. Please" ` + " ensure the domain '$Domain' is synced to Azure Active Directory using Azure AD Connect" ` - + " (https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-install-roadmap)" - Write-Error -Message $message -ErrorAction Stop + + " '$($PSStyle.Foreground.BrightCyan)https://aka.ms/azfiles/adds-activedirectory-roadmap$($PSStyle.Reset)'" + Write-TestingFailed -Message $message -ErrorAction Stop } $user = Get-ADUser -Identity $aadUser.OnPremisesSecurityIdentifier -Server $Domain @@ -4850,20 +4853,20 @@ function Debug-AzStorageAccountADDSAuth { if ($null -eq $user) { $message = "Azure AD user $ObjectId's SID $($aadUser.OnPremisesSecurityIdentifier)" ` + " is not found in domain $Domain. Please check whether the provided SID is correct." - Write-Error -Message $message -ErrorAction Stop + Write-TestingFailed -Message $message -ErrorAction Stop } Write-Verbose "Azure AD user $ObjectId has SID $($aadUser.OnPremisesSecurityIdentifier) in domain $Domain" $checks["CheckAadUserHasSid"].Result = "Passed" Write-Verbose "CheckAadUserHasSid - SUCCESS" + Write-TestingPassed } } catch { $checks["CheckAadUserHasSid"].Result = "Failed" $checks["CheckAadUserHasSid"].Issue = $_ - Write-Error "CheckAadUserHasSid - FAILED" - Write-Error $_ + Write-TestingFailed -Message $_ -IsUnexpected $true } } From 9733dc5c54ae7b4c1cbd4e0dea813ba4505a1a41 Mon Sep 17 00:00:00 2001 From: Valerio Marcelli Date: Fri, 7 Feb 2025 15:24:49 -0800 Subject: [PATCH 41/77] Updated AAD User has SID Check Added intro Added testing passed output Updated try/catch error message --- AzFilesHybrid/AzFilesHybrid.psm1 | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/AzFilesHybrid/AzFilesHybrid.psm1 b/AzFilesHybrid/AzFilesHybrid.psm1 index 1f293e48..4ce0e4f2 100644 --- a/AzFilesHybrid/AzFilesHybrid.psm1 +++ b/AzFilesHybrid/AzFilesHybrid.psm1 @@ -4869,9 +4869,12 @@ function Debug-AzStorageAccountADDSAuth { Write-TestingFailed -Message $_ -IsUnexpected $true } } - + # + # AAD User has SID Check + # if (!$filterIsPresent -or ($Filter -match "CheckStorageAccountDomainJoined")) { + Write-Host "Checking AAD User has SID" try { $checksExecuted += 1 Write-Verbose "CheckStorageAccountDomainJoined - START" @@ -4883,11 +4886,11 @@ function Debug-AzStorageAccountADDSAuth { $checks["CheckStorageAccountDomainJoined"].Result = "Passed" Write-Verbose "CheckStorageAccountDomainJoined - SUCCESS" + Write-TestingPassed } catch { $checks["CheckStorageAccountDomainJoined"].Result = "Failed" $checks["CheckStorageAccountDomainJoined"].Issue = $_ - Write-Error "CheckStorageAccountDomainJoined - FAILED" - Write-Error $_ + Write-TestingFailed -Message $_ -IsUnexpected $true } } From ef88a300d54addf5f656e00739a33ed0c1f6caa7 Mon Sep 17 00:00:00 2001 From: Valerio Marcelli Date: Fri, 7 Feb 2025 15:25:15 -0800 Subject: [PATCH 42/77] Added User RBAC Assignment Check Intro --- AzFilesHybrid/AzFilesHybrid.psm1 | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/AzFilesHybrid/AzFilesHybrid.psm1 b/AzFilesHybrid/AzFilesHybrid.psm1 index 4ce0e4f2..c7158273 100644 --- a/AzFilesHybrid/AzFilesHybrid.psm1 +++ b/AzFilesHybrid/AzFilesHybrid.psm1 @@ -4893,8 +4893,11 @@ function Debug-AzStorageAccountADDSAuth { Write-TestingFailed -Message $_ -IsUnexpected $true } } - + # + # User RBAC Assignment Check + # if (!$filterIsPresent -or ($Filter -match "CheckUserRbacAssignment")) { + Write-Host "Checking User RBAC Assignment" try { $checksExecuted += 1 Write-Verbose "CheckUserRbacAssignment - START" From 08fe78803064c8ee3289ec3c71f0ba0e6126ca93 Mon Sep 17 00:00:00 2001 From: Valerio Marcelli Date: Fri, 7 Feb 2025 15:25:42 -0800 Subject: [PATCH 43/77] Updated User RBAC Assignment error message added testing passed message --- AzFilesHybrid/AzFilesHybrid.psm1 | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/AzFilesHybrid/AzFilesHybrid.psm1 b/AzFilesHybrid/AzFilesHybrid.psm1 index c7158273..799f7716 100644 --- a/AzFilesHybrid/AzFilesHybrid.psm1 +++ b/AzFilesHybrid/AzFilesHybrid.psm1 @@ -4962,8 +4962,8 @@ function Debug-AzStorageAccountADDSAuth { $message = "User '$($user.UserPrincipalName)' is not assigned any SMB share-level permission to" ` + " storage account '$StorageAccountName' in resource group '$ResourceGroupName'. Please" ` + " configure proper share-level permission following the guidance at" ` - + " https://docs.microsoft.com/en-us/azure/storage/files/storage-files-identity-ad-ds-assign-permissions" - Write-Error -Message $message -ErrorAction Stop + + " $($PSStyle.Foreground.BrightCyan)https://aka.ms/azfiles/adds-assignpermissions$($PSStyle.Reset)" + Write-TestingFailed -Message $message -ErrorAction Stop } Write-Host "------------------------------------------" @@ -4981,6 +4981,7 @@ function Debug-AzStorageAccountADDSAuth { $checks["CheckUserRbacAssignment"].Result = "Passed" Write-Verbose "CheckUserRbacAssignment - SUCCESS" + Write-TestingPassed } catch { $checks["CheckUserRbacAssignment"].Result = "Failed" $checks["CheckUserRbacAssignment"].Issue = $_ From 017fdb4deb53215b57bbd65bb93341b6305eeee6 Mon Sep 17 00:00:00 2001 From: Valerio Marcelli Date: Fri, 7 Feb 2025 15:26:04 -0800 Subject: [PATCH 44/77] Updated User RBAC Assignment try/catch updated error message --- AzFilesHybrid/AzFilesHybrid.psm1 | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/AzFilesHybrid/AzFilesHybrid.psm1 b/AzFilesHybrid/AzFilesHybrid.psm1 index 799f7716..854e1852 100644 --- a/AzFilesHybrid/AzFilesHybrid.psm1 +++ b/AzFilesHybrid/AzFilesHybrid.psm1 @@ -4985,8 +4985,7 @@ function Debug-AzStorageAccountADDSAuth { } catch { $checks["CheckUserRbacAssignment"].Result = "Failed" $checks["CheckUserRbacAssignment"].Issue = $_ - Write-Error "CheckUserRbacAssignment - FAILED" - Write-Error $_ + Write-TestingFailed -Message $_ -IsUnexpected $true } } From 788565829c1bc7f5164a97820c821d6d01791669 Mon Sep 17 00:00:00 2001 From: Valerio Marcelli Date: Fri, 7 Feb 2025 15:41:11 -0800 Subject: [PATCH 45/77] Added User RBAC Assignment Check Intro --- AzFilesHybrid/AzFilesHybrid.psm1 | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/AzFilesHybrid/AzFilesHybrid.psm1 b/AzFilesHybrid/AzFilesHybrid.psm1 index 854e1852..efd1e1b3 100644 --- a/AzFilesHybrid/AzFilesHybrid.psm1 +++ b/AzFilesHybrid/AzFilesHybrid.psm1 @@ -4988,9 +4988,12 @@ function Debug-AzStorageAccountADDSAuth { Write-TestingFailed -Message $_ -IsUnexpected $true } } - + # + # User RBAC Assignment Check + # if (!$filterIsPresent -or $Filter -match "CheckUserFileAccess") { + Write-Host "Checking User RBAC Assignment" try { $checksExecuted += 1; Write-Verbose "CheckUserFileAccess - START" From f558ba8b13f1cf503507494732368b5173e6c790 Mon Sep 17 00:00:00 2001 From: Valerio Marcelli Date: Fri, 7 Feb 2025 15:43:41 -0800 Subject: [PATCH 46/77] Updated null check error output --- AzFilesHybrid/AzFilesHybrid.psm1 | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/AzFilesHybrid/AzFilesHybrid.psm1 b/AzFilesHybrid/AzFilesHybrid.psm1 index efd1e1b3..44508f83 100644 --- a/AzFilesHybrid/AzFilesHybrid.psm1 +++ b/AzFilesHybrid/AzFilesHybrid.psm1 @@ -5004,8 +5004,7 @@ function Debug-AzStorageAccountADDSAuth { } else { $fileAcl = Get-Acl -Path $FilePath if ($null -eq $fileAcl) { - $message = "Unable to get the ACL of '$FilePath'. Please check if the provided file path is correct." - Write-Error -Message $message -ErrorAction Stop + Write-TestingFailed -Message "Unable to get the ACL of '$FilePath'. Please check if the provided file path is correct." -ErrorAction Stop } # Get the access rules explicitly assigned to and inherited by the file From 4a4ffde296ce8f7a19f8b1f7385c2cbc4b48a3b5 Mon Sep 17 00:00:00 2001 From: Valerio Marcelli Date: Fri, 7 Feb 2025 15:45:05 -0800 Subject: [PATCH 47/77] Updated error messages --- AzFilesHybrid/AzFilesHybrid.psm1 | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/AzFilesHybrid/AzFilesHybrid.psm1 b/AzFilesHybrid/AzFilesHybrid.psm1 index 44508f83..d31158fd 100644 --- a/AzFilesHybrid/AzFilesHybrid.psm1 +++ b/AzFilesHybrid/AzFilesHybrid.psm1 @@ -5012,7 +5012,7 @@ function Debug-AzStorageAccountADDSAuth { if ($fileAccessRules.Count -eq 0) { $message = "There is no access rule granted to '$FilePath'. Please consider setting up proper access rules" ` + " for the file (for example, using https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/icacls)" - Write-Error -Message $message -ErrorAction Stop + Write-TestingFailed -Message $message -ErrorAction Stop } $user = Get-OnPremAdUser -Identity $UserName -Domain $Domain -ErrorAction Stop @@ -5034,7 +5034,6 @@ function Debug-AzStorageAccountADDSAuth { if (-not $sidRules.ContainsKey($accessRule.IdentityReference)) { $sidRules[$accessRule.IdentityReference] = @() } - $sidRules[$accessRule.IdentityReference] += $accessRule } } @@ -5045,7 +5044,7 @@ function Debug-AzStorageAccountADDSAuth { $message = "User '$($user.UserPrincipalName)' is not assigned any permission to '$FilePath'." ` + " Please configure proper permission for the user to access the file (for example," ` + " using https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/icacls)" - Write-Error -Message $message -ErrorAction Stop + Write-TestingFailed -Message $message -ErrorAction Stop } Write-Host "------------------------------------------" From 45585fa86ef4783f61d142a8f971edbd98cd3735 Mon Sep 17 00:00:00 2001 From: Valerio Marcelli Date: Fri, 7 Feb 2025 15:45:33 -0800 Subject: [PATCH 48/77] Updated try/catch error message --- AzFilesHybrid/AzFilesHybrid.psm1 | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/AzFilesHybrid/AzFilesHybrid.psm1 b/AzFilesHybrid/AzFilesHybrid.psm1 index d31158fd..a55357a4 100644 --- a/AzFilesHybrid/AzFilesHybrid.psm1 +++ b/AzFilesHybrid/AzFilesHybrid.psm1 @@ -5063,8 +5063,7 @@ function Debug-AzStorageAccountADDSAuth { } catch { $checks["CheckUserFileAccess"].Result = "Failed" $checks["CheckUserFileAccess"].Issue = $_ - Write-Error "CheckUserFileAccess - FAILED" - Write-Error $_ + Write-TestingFailed -Messages $_ -IsUnexpected $true } } From 41d2f0a061576a0b7b633e2fbcea4e13c6cb5a69 Mon Sep 17 00:00:00 2001 From: Valerio Marcelli Date: Fri, 7 Feb 2025 15:49:15 -0800 Subject: [PATCH 49/77] Updated Default Share Permissions Check Added intro Added test passed output Updated try/catch error message --- AzFilesHybrid/AzFilesHybrid.psm1 | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/AzFilesHybrid/AzFilesHybrid.psm1 b/AzFilesHybrid/AzFilesHybrid.psm1 index a55357a4..9db2f69b 100644 --- a/AzFilesHybrid/AzFilesHybrid.psm1 +++ b/AzFilesHybrid/AzFilesHybrid.psm1 @@ -5066,9 +5066,12 @@ function Debug-AzStorageAccountADDSAuth { Write-TestingFailed -Messages $_ -IsUnexpected $true } } - + # + # Default Share Permissions Check + # if (!$filterIsPresent -or $Filter -match "CheckDefaultSharePermission") { + Write-Host "Checking Default Share Permission" try { $checksExecuted += 1 Write-Verbose "CheckDefaultSharePermission - START" @@ -5087,11 +5090,11 @@ function Debug-AzStorageAccountADDSAuth { Write-Verbose "DefaultSharePermission: $DefaultSharePermission" Write-Verbose "CheckDefaultSharePermission - SUCCESS" $checks["CheckDefaultSharePermission"].Result = "Passed" + Write-TestingPassed } catch { $checks["CheckDefaultSharePermission"].Result = "Failed" $checks["CheckDefaultSharePermission"].Issue = $_ - Write-Error "CheckDefaultSharePermission - FAILED" - Write-Error $_ + Write-TestingFailed -Message $_ -IsUnexpected $true } } # From 71d1d1b70dc55059839788eb81dd4cb317d88951 Mon Sep 17 00:00:00 2001 From: Valerio Marcelli Date: Fri, 7 Feb 2025 15:51:54 -0800 Subject: [PATCH 50/77] Added AAD Kerb Registry Key Intro --- AzFilesHybrid/AzFilesHybrid.psm1 | 1 + 1 file changed, 1 insertion(+) diff --git a/AzFilesHybrid/AzFilesHybrid.psm1 b/AzFilesHybrid/AzFilesHybrid.psm1 index 9db2f69b..675e70d7 100644 --- a/AzFilesHybrid/AzFilesHybrid.psm1 +++ b/AzFilesHybrid/AzFilesHybrid.psm1 @@ -5102,6 +5102,7 @@ function Debug-AzStorageAccountADDSAuth { # if (!$filterIsPresent -or $Filter -match "CheckAadKerberosRegistryKeyIsOff") { + Write-Host "Checking AAD Kerberos Registry Key" try { $checksExecuted += 1; Write-Verbose "CheckAadKerberosRegistryKeyIsOff - START" From a80c16dde8c49f200fc6e491790ec8479ad127b8 Mon Sep 17 00:00:00 2001 From: Valerio Marcelli Date: Fri, 7 Feb 2025 16:11:02 -0800 Subject: [PATCH 51/77] Updated AADKerb RegKey error message --- AzFilesHybrid/AzFilesHybrid.psm1 | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/AzFilesHybrid/AzFilesHybrid.psm1 b/AzFilesHybrid/AzFilesHybrid.psm1 index 675e70d7..85ca159e 100644 --- a/AzFilesHybrid/AzFilesHybrid.psm1 +++ b/AzFilesHybrid/AzFilesHybrid.psm1 @@ -5117,8 +5117,7 @@ function Debug-AzStorageAccountADDSAuth { $checks["CheckAadKerberosRegistryKeyIsOff"].Result = "Failed" $checks["CheckAadKerberosRegistryKeyIsOff"].Issue = "CloudKerberosTicketRetrievalEnabled registry key is enabled. Disable it to retrieve Kerberos tickets from AD DS." - Write-Error "CheckAadKerberosRegistryKeyIsOff - FAILED" - Write-Error "For AD DS authentication, you must disable the registry key for retrieving Kerberos tickets from AAD. See https://learn.microsoft.com/en-us/azure/storage/files/storage-files-identity-auth-hybrid-identities-enable?tabs=azure-portal#undo-the-client-configuration-to-retrieve-kerberos-tickets" + Write-TestingFailed -Message "For AD DS authentication, you must disable the registry key for retrieving Kerberos tickets from AAD.`n`tSee '$($PSStyle.Foreground.BrightCyan)https://aka.ms/azfiles/adds-disableregkey$($PSStyle.Reset)'" } } catch { From 0a264ec72e3c5328c563c9312abfb0120ade3e46 Mon Sep 17 00:00:00 2001 From: Valerio Marcelli Date: Fri, 7 Feb 2025 16:11:22 -0800 Subject: [PATCH 52/77] Updated AADKerbRegKey try/catch error --- AzFilesHybrid/AzFilesHybrid.psm1 | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/AzFilesHybrid/AzFilesHybrid.psm1 b/AzFilesHybrid/AzFilesHybrid.psm1 index 85ca159e..4b3e8287 100644 --- a/AzFilesHybrid/AzFilesHybrid.psm1 +++ b/AzFilesHybrid/AzFilesHybrid.psm1 @@ -5123,8 +5123,7 @@ function Debug-AzStorageAccountADDSAuth { } catch { $checks["CheckAadKerberosRegistryKeyIsOff"].Result = "Failed" $checks["CheckAadKerberosRegistryKeyIsOff"].Issue = $_ - Write-Error "CheckAadKerberosRegistryKeyIsOff - FAILED" - Write-Error $_ + Write-TestingFailed -Message $_ -IsUnexpected $true } } From 10d550f268212e6cf95fae49cc33f15b22269b35 Mon Sep 17 00:00:00 2001 From: Valerio Marcelli Date: Fri, 7 Feb 2025 16:54:34 -0800 Subject: [PATCH 53/77] replaced with relevant function SummaryOfChecks does the same thing at the following code block replaced --- AzFilesHybrid/AzFilesHybrid.psm1 | 22 +--------------------- 1 file changed, 1 insertion(+), 21 deletions(-) diff --git a/AzFilesHybrid/AzFilesHybrid.psm1 b/AzFilesHybrid/AzFilesHybrid.psm1 index 4b3e8287..420d100a 100644 --- a/AzFilesHybrid/AzFilesHybrid.psm1 +++ b/AzFilesHybrid/AzFilesHybrid.psm1 @@ -5127,26 +5127,7 @@ function Debug-AzStorageAccountADDSAuth { } } - - if ($filterIsPresent -and $checksExecuted -eq 0) - { - $message = "Filter '$Filter' provided does not match any options. No checks were executed." ` - + " Available filters are {$($checks.Keys -join ', ')}" - Write-Error -Message $message -ErrorAction Stop - } - else - { - Write-Host "Summary of checks:" - $checks.Values | Format-Table -Property Name,Result - - $issues = $checks.Values | Where-Object { $_.Result -ieq "Failed" } - - if ($issues.Length -gt 0) { - Write-Host "Issues found:" - $issues | ForEach-Object { Write-Host -ForegroundColor Red "---- $($_.Name) ----`n$($_.Issue)" } - } - } - + SummaryOfChecks -checks $checks -filterIsPresent $filterIsPresent -checksExecuted $checksExecuted $message = "********************`r`n" ` + "If above checks are not helpful and further investigation/debugging is needed from the Azure Files team.`r`n" ` + "Please prepare the full console log from the cmdlet and Wireshark traces for any mount or access errors to`r`n" ` @@ -5156,7 +5137,6 @@ function Debug-AzStorageAccountADDSAuth { + "********************`r`n" Write-Host $message - } } From 6e7574350537ff5c52b5a541624a55266e0f6ad6 Mon Sep 17 00:00:00 2001 From: Valerio Marcelli Date: Fri, 7 Feb 2025 17:06:45 -0800 Subject: [PATCH 54/77] replaced output with updated warning output --- AzFilesHybrid/AzFilesHybrid.psm1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/AzFilesHybrid/AzFilesHybrid.psm1 b/AzFilesHybrid/AzFilesHybrid.psm1 index 420d100a..310eb217 100644 --- a/AzFilesHybrid/AzFilesHybrid.psm1 +++ b/AzFilesHybrid/AzFilesHybrid.psm1 @@ -4822,7 +4822,7 @@ function Debug-AzStorageAccountADDSAuth { Write-Verbose "CheckAadUserHasSid - START" if ([string]::IsNullOrEmpty($ObjectId)) { - Write-Warning -Message "Missing required parameter ObjectId for CheckAadUserHasSid requires ObjectId parameter to be present, skipping CheckAadUserHasSid" + Write-TestingWarning -Message "Missing required parameter ObjectId for CheckAadUserHasSid requires ObjectId parameter to be present, skipping CheckAadUserHasSid" $checks["CheckAadUserHasSid"].Result = "Skipped" } else { From 675eca6f94253c151a01de2fd1dfa3fa6236e42c Mon Sep 17 00:00:00 2001 From: Valerio Marcelli Date: Fri, 7 Feb 2025 17:07:27 -0800 Subject: [PATCH 55/77] updated error message --- AzFilesHybrid/AzFilesHybrid.psm1 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/AzFilesHybrid/AzFilesHybrid.psm1 b/AzFilesHybrid/AzFilesHybrid.psm1 index 310eb217..17b37c96 100644 --- a/AzFilesHybrid/AzFilesHybrid.psm1 +++ b/AzFilesHybrid/AzFilesHybrid.psm1 @@ -4960,9 +4960,9 @@ function Debug-AzStorageAccountADDSAuth { if ($roleDefinitions.Count -eq 0) { $message = "User '$($user.UserPrincipalName)' is not assigned any SMB share-level permission to" ` - + " storage account '$StorageAccountName' in resource group '$ResourceGroupName'. Please" ` + + " storage account '$StorageAccountName' in resource group '$ResourceGroupName'.`n`tPlease" ` + " configure proper share-level permission following the guidance at" ` - + " $($PSStyle.Foreground.BrightCyan)https://aka.ms/azfiles/adds-assignpermissions$($PSStyle.Reset)" + + " '$($PSStyle.Foreground.BrightCyan)`n`thttps://aka.ms/azfiles/adds-assignpermissions$($PSStyle.Reset)'" Write-TestingFailed -Message $message -ErrorAction Stop } From d16f2328a5bed4a366c3237491f4280d90d2abf6 Mon Sep 17 00:00:00 2001 From: Valerio Marcelli Date: Tue, 11 Feb 2025 12:13:58 -0800 Subject: [PATCH 56/77] Update AzFilesHybrid/AzFilesHybrid/AzFilesHybrid.psm1 Co-authored-by: Maxime Kjaer --- AzFilesHybrid/AzFilesHybrid/AzFilesHybrid.psm1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/AzFilesHybrid/AzFilesHybrid/AzFilesHybrid.psm1 b/AzFilesHybrid/AzFilesHybrid/AzFilesHybrid.psm1 index c31078f0..150f48d9 100644 --- a/AzFilesHybrid/AzFilesHybrid/AzFilesHybrid.psm1 +++ b/AzFilesHybrid/AzFilesHybrid/AzFilesHybrid.psm1 @@ -3585,7 +3585,7 @@ function Debug-AzStorageAccountAuth { } } -function Debug-AzStorageAccountEntraKerbAuth { +function Debug-AzStorageAccountEntraKerbAuth { [CmdletBinding()] param ( [Parameter(Mandatory=$True, HelpMessage="Storage account name")] From f90e80cc5120304320d4da2a8632aefe769f8e2c Mon Sep 17 00:00:00 2001 From: Valerio Marcelli Date: Thu, 13 Feb 2025 15:12:52 -0800 Subject: [PATCH 57/77] Update AzFilesHybrid/AzFilesHybrid/AzFilesHybrid.psm1 updated aka.ms link to https://learn.microsoft.com/en-us/troubleshoot/azure/azure-storage/files/connectivity/files-troubleshoot?tabs=powershell#check-tcp-connectivity Co-authored-by: Maxime Kjaer --- AzFilesHybrid/AzFilesHybrid/AzFilesHybrid.psm1 | 2 -- 1 file changed, 2 deletions(-) diff --git a/AzFilesHybrid/AzFilesHybrid/AzFilesHybrid.psm1 b/AzFilesHybrid/AzFilesHybrid/AzFilesHybrid.psm1 index 150f48d9..3f49b3af 100644 --- a/AzFilesHybrid/AzFilesHybrid/AzFilesHybrid.psm1 +++ b/AzFilesHybrid/AzFilesHybrid/AzFilesHybrid.psm1 @@ -3171,8 +3171,6 @@ function Test-Port445Connectivity if ($result.TcpTestSucceeded -eq $False) { $errMsg = "Unable to reach the storage account file endpoint." ` - + "`n`tTo debug connectivity problems, please refer to the following," ` - + "`n`t'AzFileDiagnostics.ps1'($($PSStyle.Foreground.BrightCyan)https://github.com/Azure-Samples/azure-files-samples/tree/master/AzFileDiagnostics/Windows$($PSStyle.Reset))'." ` + "`n`tFor possible solutions please refer to '$($PSStyle.Foreground.BrightCyan)https://aka.ms/azfiles/entra-port445$($PSStyle.Reset)'" Write-TestingFailed -Message $errMsg -ErrorAction Stop } From 8c9c2ca987fe54459cfd13ef3320556b24fec3bd Mon Sep 17 00:00:00 2001 From: Valerio Marcelli Date: Thu, 13 Feb 2025 15:13:28 -0800 Subject: [PATCH 58/77] Update AzFilesHybrid/AzFilesHybrid/AzFilesHybridUtilities.ps1 Co-authored-by: Maxime Kjaer --- AzFilesHybrid/AzFilesHybrid/AzFilesHybridUtilities.ps1 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/AzFilesHybrid/AzFilesHybrid/AzFilesHybridUtilities.ps1 b/AzFilesHybrid/AzFilesHybrid/AzFilesHybridUtilities.ps1 index 3b056775..5549c44c 100644 --- a/AzFilesHybrid/AzFilesHybrid/AzFilesHybridUtilities.ps1 +++ b/AzFilesHybrid/AzFilesHybrid/AzFilesHybridUtilities.ps1 @@ -10,8 +10,8 @@ function Write-TestingPassed( function Write-TestingFailed( [Parameter(Mandatory=$true, Position=0)] [string]$Message, - [Parameter(Mandatory=$false, Position=1)] - [bool]$IsUnexpected = 0 + [Parameter(Mandatory=$false)] + [switch]$Unexpected ) { [string] $eType = $IsUnexpected ? "Unexpected" : "Failed"; $cross = [System.Char]::ConvertFromUtf32([System.Convert]::ToInt32("2715", 16)) From 74bee508e1ad6919eaa5c71cc5a192ba16cbc7f8 Mon Sep 17 00:00:00 2001 From: Valerio Marcelli Date: Thu, 13 Feb 2025 15:14:02 -0800 Subject: [PATCH 59/77] Update AzFilesHybrid/AzFilesHybrid/AzFilesHybrid.psm1 Co-authored-by: Maxime Kjaer --- AzFilesHybrid/AzFilesHybrid/AzFilesHybrid.psm1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/AzFilesHybrid/AzFilesHybrid/AzFilesHybrid.psm1 b/AzFilesHybrid/AzFilesHybrid/AzFilesHybrid.psm1 index 3f49b3af..b2b67f64 100644 --- a/AzFilesHybrid/AzFilesHybrid/AzFilesHybrid.psm1 +++ b/AzFilesHybrid/AzFilesHybrid/AzFilesHybrid.psm1 @@ -4425,7 +4425,7 @@ function Debug-AzStorageAccountADDSAuth { { $message = "Machine is not domain-joined." ` + " Being domain-joined to an AD DS domain is a prerequisite for mounting" ` - + " Azure file shares without having to explicitly provide user credentials at every mount.See '$($PSStyle.Foreground.BrightCyan)https://aka.ms/azfiles/adds-domainjoin$($PSStyle.Reset)'\n\n" ` + + " Azure file shares without having to explicitly provide user credentials at every mount. See '$($PSStyle.Foreground.BrightCyan)https://aka.ms/azfiles/adds-domainjoin$($PSStyle.Reset)'\n\n" ` + " Mounting through a machine that isn't domain-joined is also supported," ` + " but you must (1) have unimpeded network connectivity to the domain controller, and (2) explicitly provide AD DS user credentials when mounting. See '$($PSStyle.Foreground.BrightCyan)https://aka.ms/azfiles/adds-mountfileshare$($PSStyle.Reset)'" Write-TestingFailed -Message $message -ErrorAction Stop From d1365026f83e5e786e06853fa56c6013e1884c40 Mon Sep 17 00:00:00 2001 From: Valerio Marcelli Date: Thu, 20 Feb 2025 11:55:51 -0800 Subject: [PATCH 60/77] alignment fixes --- AzFilesHybrid/AzFilesHybrid/AzFilesHybrid.psm1 | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/AzFilesHybrid/AzFilesHybrid/AzFilesHybrid.psm1 b/AzFilesHybrid/AzFilesHybrid/AzFilesHybrid.psm1 index b2b67f64..185101b8 100644 --- a/AzFilesHybrid/AzFilesHybrid/AzFilesHybrid.psm1 +++ b/AzFilesHybrid/AzFilesHybrid/AzFilesHybrid.psm1 @@ -3914,9 +3914,9 @@ function Debug-AzStorageAccountEntraKerbAuth { # if (!$filterIsPresent -or $Filter -match "CheckWinHttpAutoProxySvc") { - Write-Host "Checking WinHttpAutoProxySvc" - try - { + Write-Host "Checking WinHttpAutoProxySvc" + try + { $checksExecuted += 1; $service = Get-Service WinHttpAutoProxySvc if (($service -eq $null) -or ($service.Status -ne "Running")) @@ -3942,9 +3942,9 @@ function Debug-AzStorageAccountEntraKerbAuth { # if (!$filterIsPresent -or $Filter -match "CheckIpHlpScv") { - Write-Host "Checking Iphplpsvc Service" - try - { + Write-Host "Checking Iphplpsvc Service" + try + { $checksExecuted += 1; $services = Get-Service iphlpsvc if (($services -eq $null) -or ($services.Status -ne "Running")) @@ -3972,9 +3972,9 @@ function Debug-AzStorageAccountEntraKerbAuth { # if (!$filterIsPresent -or $Filter -match "CheckFiddlerProxy") { - Write-Host "Checking Fiddler Proxy" - try - { + Write-Host "Checking Fiddler Proxy" + try + { $checksExecuted += 1; $ProxysubFolder = Get-ChildItem ` -Path Registry::HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Parameters\ProxyMgr ` From 99b07b74eec8ea02a8249aba49b9d15303cc6e12 Mon Sep 17 00:00:00 2001 From: Valerio Marcelli Date: Thu, 20 Feb 2025 11:57:21 -0800 Subject: [PATCH 61/77] port445 verbose removed --- AzFilesHybrid/AzFilesHybrid/AzFilesHybrid.psm1 | 3 --- 1 file changed, 3 deletions(-) diff --git a/AzFilesHybrid/AzFilesHybrid/AzFilesHybrid.psm1 b/AzFilesHybrid/AzFilesHybrid/AzFilesHybrid.psm1 index 185101b8..9de1e183 100644 --- a/AzFilesHybrid/AzFilesHybrid/AzFilesHybrid.psm1 +++ b/AzFilesHybrid/AzFilesHybrid/AzFilesHybrid.psm1 @@ -4397,13 +4397,10 @@ function Debug-AzStorageAccountADDSAuth { Write-Host "Checking Port 445" try { $checksExecuted += 1; - Write-Verbose "CheckPort445Connectivity - START" - Test-Port445Connectivity -StorageAccountFileEndPoint $fileEndpoint -ErrorAction Stop $checks["CheckPort445Connectivity"].Result = "Passed" Write-TestingPassed - Write-Verbose "CheckPort445Connectivity - SUCCESS" } catch { $checks["CheckPort445Connectivity"].Result = "Failed" $checks["CheckPort445Connectivity"].Issue = $_ From 3f791ba9e006b6d543df8a0476abb0d6afec0bf1 Mon Sep 17 00:00:00 2001 From: Valerio Marcelli Date: Thu, 20 Feb 2025 11:57:55 -0800 Subject: [PATCH 62/77] Domain Check verbose removed --- AzFilesHybrid/AzFilesHybrid/AzFilesHybrid.psm1 | 2 -- 1 file changed, 2 deletions(-) diff --git a/AzFilesHybrid/AzFilesHybrid/AzFilesHybrid.psm1 b/AzFilesHybrid/AzFilesHybrid/AzFilesHybrid.psm1 index 9de1e183..88e82564 100644 --- a/AzFilesHybrid/AzFilesHybrid/AzFilesHybrid.psm1 +++ b/AzFilesHybrid/AzFilesHybrid/AzFilesHybrid.psm1 @@ -4417,7 +4417,6 @@ function Debug-AzStorageAccountADDSAuth { Write-Host "Checking Domain Join" try { $checksExecuted += 1; - Write-Verbose "CheckDomainJoined - START" if (!(Get-IsDomainJoined)) { $message = "Machine is not domain-joined." ` @@ -4429,7 +4428,6 @@ function Debug-AzStorageAccountADDSAuth { } $checks["CheckDomainJoined"].Result = "Passed" Write-TestingPassed - Write-Verbose "CheckDomainJoined - SUCCESS" } catch { $checks["CheckDomainJoined"].Result = "Failed" $checks["CheckDomainJoined"].Issue = $_ From 2724ead7e58d1890d3f8291f518b9e8ba8407dc8 Mon Sep 17 00:00:00 2001 From: Valerio Marcelli Date: Thu, 20 Feb 2025 11:58:10 -0800 Subject: [PATCH 63/77] spacing --- AzFilesHybrid/AzFilesHybrid/AzFilesHybrid.psm1 | 1 - 1 file changed, 1 deletion(-) diff --git a/AzFilesHybrid/AzFilesHybrid/AzFilesHybrid.psm1 b/AzFilesHybrid/AzFilesHybrid/AzFilesHybrid.psm1 index 88e82564..c5db5c18 100644 --- a/AzFilesHybrid/AzFilesHybrid/AzFilesHybrid.psm1 +++ b/AzFilesHybrid/AzFilesHybrid/AzFilesHybrid.psm1 @@ -4411,7 +4411,6 @@ function Debug-AzStorageAccountADDSAuth { # # Domain-Joined Check # - if (!$filterIsPresent -or $Filter -match "CheckDomainJoined") { Write-Host "Checking Domain Join" From 77e8179911e414894bfdf4492dd52e146ae3e390 Mon Sep 17 00:00:00 2001 From: Valerio Marcelli Date: Thu, 20 Feb 2025 11:58:53 -0800 Subject: [PATCH 64/77] AdObject Verbose removed --- AzFilesHybrid/AzFilesHybrid/AzFilesHybrid.psm1 | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/AzFilesHybrid/AzFilesHybrid/AzFilesHybrid.psm1 b/AzFilesHybrid/AzFilesHybrid/AzFilesHybrid.psm1 index c5db5c18..fb3e860f 100644 --- a/AzFilesHybrid/AzFilesHybrid/AzFilesHybrid.psm1 +++ b/AzFilesHybrid/AzFilesHybrid/AzFilesHybrid.psm1 @@ -4441,13 +4441,10 @@ function Debug-AzStorageAccountADDSAuth { Write-Host "Checking AD Object" try { $checksExecuted += 1; - Write-Verbose "CheckADObject - START" - Debug-AzStorageAccountADObject -StorageAccountName $StorageAccountName ` -ResourceGroupName $ResourceGroupName -ErrorAction Stop - $checks["CheckADObject"].Result = "Passed" - Write-Verbose "CheckADObject - SUCCESS" + $checks["CheckADObject"].Result = "Passed" Write-Verbose "CheckADObject - SUCCESS" Write-TestingPassed } catch { $checks["CheckADObject"].Result = "Failed" From a3945b96a034190ecbcc3ad7eb5907400a40951c Mon Sep 17 00:00:00 2001 From: Valerio Marcelli Date: Thu, 20 Feb 2025 11:59:26 -0800 Subject: [PATCH 65/77] Kerberos Ticket verbose removed --- AzFilesHybrid/AzFilesHybrid/AzFilesHybrid.psm1 | 3 --- 1 file changed, 3 deletions(-) diff --git a/AzFilesHybrid/AzFilesHybrid/AzFilesHybrid.psm1 b/AzFilesHybrid/AzFilesHybrid/AzFilesHybrid.psm1 index fb3e860f..6384e80a 100644 --- a/AzFilesHybrid/AzFilesHybrid/AzFilesHybrid.psm1 +++ b/AzFilesHybrid/AzFilesHybrid/AzFilesHybrid.psm1 @@ -4460,13 +4460,10 @@ function Debug-AzStorageAccountADDSAuth { Write-Host "Checking Kerberos Ticket" try { $checksExecuted += 1; - Write-Verbose "CheckGetKerberosTicket - START" - Get-AzStorageKerberosTicketStatus -StorageaccountName $StorageAccountName ` -ResourceGroupName $ResourceGroupName -ErrorAction Stop $checks["CheckGetKerberosTicket"].Result = "Passed" - Write-Verbose "CheckGetKerberosTicket - SUCCESS" Write-TestingPassed } catch { $checks["CheckGetKerberosTicket"].Result = "Failed" From 176f1e55931f44aade1ee402a3823e701e79d633 Mon Sep 17 00:00:00 2001 From: Valerio Marcelli Date: Thu, 20 Feb 2025 12:00:03 -0800 Subject: [PATCH 66/77] Kerb Ticket Encryption Verbose removed --- AzFilesHybrid/AzFilesHybrid/AzFilesHybrid.psm1 | 3 --- 1 file changed, 3 deletions(-) diff --git a/AzFilesHybrid/AzFilesHybrid/AzFilesHybrid.psm1 b/AzFilesHybrid/AzFilesHybrid/AzFilesHybrid.psm1 index 6384e80a..f95a9a00 100644 --- a/AzFilesHybrid/AzFilesHybrid/AzFilesHybrid.psm1 +++ b/AzFilesHybrid/AzFilesHybrid/AzFilesHybrid.psm1 @@ -4479,13 +4479,10 @@ function Debug-AzStorageAccountADDSAuth { Write-Host "Checking Kerberos Ticket Encryption" try { $checksExecuted += 1; - Write-Verbose "CheckKerberosTicketEncryption - START" - Debug-KerberosTicketEncryption -StorageAccountName $StorageAccountName ` -ResourceGroupName $ResourceGroupName -ErrorAction Stop $checks["CheckKerberosTicketEncryption"].Result = "Passed" - Write-Verbose "CheckKerberosTicketEncryption - SUCCESS" Write-TestingPassed } catch { $checks["CheckKerberosTicketEncryption"].Result = "Failed" From 5d3fa785a1c6bc1f949635f7dba2aeffe3cd99ed Mon Sep 17 00:00:00 2001 From: Valerio Marcelli Date: Thu, 20 Feb 2025 12:01:20 -0800 Subject: [PATCH 67/77] Channel encryption verbose removed --- AzFilesHybrid/AzFilesHybrid/AzFilesHybrid.psm1 | 5 ----- 1 file changed, 5 deletions(-) diff --git a/AzFilesHybrid/AzFilesHybrid/AzFilesHybrid.psm1 b/AzFilesHybrid/AzFilesHybrid/AzFilesHybrid.psm1 index f95a9a00..086cdc28 100644 --- a/AzFilesHybrid/AzFilesHybrid/AzFilesHybrid.psm1 +++ b/AzFilesHybrid/AzFilesHybrid/AzFilesHybrid.psm1 @@ -4498,17 +4498,13 @@ function Debug-AzStorageAccountADDSAuth { Write-Host "Checking Channel Encryption" try { $checksExecuted += 1; - Write-Verbose "CheckChannelEncryption - START" - Assert-IsElevatedSession - $cmdletNeeded = "Get-SmbServerConfiguration" if(!(Get-Command $cmdletNeeded -ErrorAction SilentlyContinue)) { Write-TestingWarning -Message "Your system does not have or support the command needed for the check '$cmdletNeeded'." -ErrorAction Stop $checks["CheckChannelEncryption"].Result = "Skipped" } - if(!((Get-SmbServerConfiguration).PSobject.Properties.Name -contains "EncryptionCiphers")) { Write-TestingWarning -Message "Your operating system does not support the property 'EncryptionCiphers' of the cmdlet 'Get-SmbServerConfiguration'. Please refer to '$($PSStyle.Foreground.BrightCyan)https://aka.ms/azfiles/adds-encryptionciphers$($PSStyle.Reset)'" @@ -4521,7 +4517,6 @@ function Debug-AzStorageAccountADDSAuth { $checks["CheckChannelEncryption"].Result = "Passed" Write-TestingPassed - Write-Verbose "CheckChannelEncryption - SUCCESS" } } catch { $checks["CheckChannelEncryption"].Result = "Failed" From 390c707abecc6d804614db643d1e79f5bbb7b366 Mon Sep 17 00:00:00 2001 From: Valerio Marcelli Date: Thu, 20 Feb 2025 12:01:50 -0800 Subject: [PATCH 68/77] Domain line of sight verbose removed --- AzFilesHybrid/AzFilesHybrid/AzFilesHybrid.psm1 | 3 --- 1 file changed, 3 deletions(-) diff --git a/AzFilesHybrid/AzFilesHybrid/AzFilesHybrid.psm1 b/AzFilesHybrid/AzFilesHybrid/AzFilesHybrid.psm1 index 086cdc28..a2ce6778 100644 --- a/AzFilesHybrid/AzFilesHybrid/AzFilesHybrid.psm1 +++ b/AzFilesHybrid/AzFilesHybrid/AzFilesHybrid.psm1 @@ -4532,13 +4532,10 @@ function Debug-AzStorageAccountADDSAuth { Write-Host "Checking Domain Line of Sight" try { $checksExecuted += 1; - Write-Verbose "CheckDomainLineOfSight - START" - Debug-DomainLineOfSight -StorageAccountName $StorageAccountName ` -ResourceGroupName $ResourceGroupName -ErrorAction Stop $checks["CheckDomainLineOfSight"].Result = "Passed" - Write-Verbose "CheckDomainLineOfSight - SUCCESS" Write-TestingPassed } catch { $checks["CheckDomainLineOfSight"].Result = "Failed" From f5c3899bbd66864c17934ba363193decb8a31d68 Mon Sep 17 00:00:00 2001 From: Valerio Marcelli Date: Thu, 20 Feb 2025 12:02:25 -0800 Subject: [PATCH 69/77] AD Object Password Verbose removed --- AzFilesHybrid/AzFilesHybrid/AzFilesHybrid.psm1 | 3 --- 1 file changed, 3 deletions(-) diff --git a/AzFilesHybrid/AzFilesHybrid/AzFilesHybrid.psm1 b/AzFilesHybrid/AzFilesHybrid/AzFilesHybrid.psm1 index a2ce6778..b4e53bc2 100644 --- a/AzFilesHybrid/AzFilesHybrid/AzFilesHybrid.psm1 +++ b/AzFilesHybrid/AzFilesHybrid/AzFilesHybrid.psm1 @@ -4551,13 +4551,10 @@ function Debug-AzStorageAccountADDSAuth { Write-Host "Checking Ad Object Password" try { $checksExecuted += 1; - Write-Verbose "CheckADObjectPasswordIsCorrect - START" - Test-AzStorageAccountADObjectPasswordIsKerbKey -StorageAccountName $StorageAccountName ` -ResourceGroupName $ResourceGroupName -ErrorIfNoMatch -ErrorAction Stop $checks["CheckADObjectPasswordIsCorrect"].Result = "Passed" - Write-Verbose "CheckADObjectPasswordIsCorrect - SUCCESS" Write-TestingPassed } catch { $checks["CheckADObjectPasswordIsCorrect"].Result = "Failed" From 0f69b526ec38449fab63723459d15a11f6f68aaa Mon Sep 17 00:00:00 2001 From: Valerio Marcelli Date: Thu, 20 Feb 2025 12:03:56 -0800 Subject: [PATCH 70/77] SID AAD User check verbose removed removed verbose messages that were replaced by new output. Messages which were not replaced were not removed. --- AzFilesHybrid/AzFilesHybrid/AzFilesHybrid.psm1 | 3 --- 1 file changed, 3 deletions(-) diff --git a/AzFilesHybrid/AzFilesHybrid/AzFilesHybrid.psm1 b/AzFilesHybrid/AzFilesHybrid/AzFilesHybrid.psm1 index b4e53bc2..b208ce34 100644 --- a/AzFilesHybrid/AzFilesHybrid/AzFilesHybrid.psm1 +++ b/AzFilesHybrid/AzFilesHybrid/AzFilesHybrid.psm1 @@ -4570,8 +4570,6 @@ function Debug-AzStorageAccountADDSAuth { Write-Host "Checking SID for AAD User" try { $checksExecuted += 1; - Write-Verbose "CheckSidHasAadUser - START" - $currentUser = Get-OnPremAdUser -Identity $UserName -Domain $Domain -ErrorAction Stop Write-Verbose "User $UserName in domain $Domain has SID = $($currentUser.Sid)" @@ -4589,7 +4587,6 @@ function Debug-AzStorageAccountADDSAuth { Write-Verbose "Found AAD user '$($aadUser.UserPrincipalName)' for SID $($currentUser.Sid)" $checks["CheckSidHasAadUser"].Result = "Passed" - Write-Verbose "CheckSidHasAadUser - SUCCESS" Write-TestingPassed } catch { $checks["CheckSidHasAadUser"].Result = "Failed" From 34a7c484a2c4d4f1d2e4e42ad0de1f975fdd9116 Mon Sep 17 00:00:00 2001 From: Valerio Marcelli Date: Thu, 20 Feb 2025 12:05:16 -0800 Subject: [PATCH 71/77] AAD User SID Check verbose removed --- AzFilesHybrid/AzFilesHybrid/AzFilesHybrid.psm1 | 3 --- 1 file changed, 3 deletions(-) diff --git a/AzFilesHybrid/AzFilesHybrid/AzFilesHybrid.psm1 b/AzFilesHybrid/AzFilesHybrid/AzFilesHybrid.psm1 index b208ce34..51155081 100644 --- a/AzFilesHybrid/AzFilesHybrid/AzFilesHybrid.psm1 +++ b/AzFilesHybrid/AzFilesHybrid/AzFilesHybrid.psm1 @@ -4602,8 +4602,6 @@ function Debug-AzStorageAccountADDSAuth { Write-Host "Checking AAD User has SID" try { $checksExecuted += 1; - Write-Verbose "CheckAadUserHasSid - START" - if ([string]::IsNullOrEmpty($ObjectId)) { Write-TestingWarning -Message "Missing required parameter ObjectId for CheckAadUserHasSid requires ObjectId parameter to be present, skipping CheckAadUserHasSid" $checks["CheckAadUserHasSid"].Result = "Skipped" @@ -4643,7 +4641,6 @@ function Debug-AzStorageAccountADDSAuth { Write-Verbose "Azure AD user $ObjectId has SID $($aadUser.OnPremisesSecurityIdentifier) in domain $Domain" $checks["CheckAadUserHasSid"].Result = "Passed" - Write-Verbose "CheckAadUserHasSid - SUCCESS" Write-TestingPassed } From 134cd59ea795a8c50a625cd9b29fe1864f80cb7b Mon Sep 17 00:00:00 2001 From: Valerio Marcelli Date: Thu, 20 Feb 2025 12:06:33 -0800 Subject: [PATCH 72/77] AAD User has SID verbose removed --- AzFilesHybrid/AzFilesHybrid/AzFilesHybrid.psm1 | 3 --- 1 file changed, 3 deletions(-) diff --git a/AzFilesHybrid/AzFilesHybrid/AzFilesHybrid.psm1 b/AzFilesHybrid/AzFilesHybrid/AzFilesHybrid.psm1 index 51155081..4ac66ec7 100644 --- a/AzFilesHybrid/AzFilesHybrid/AzFilesHybrid.psm1 +++ b/AzFilesHybrid/AzFilesHybrid/AzFilesHybrid.psm1 @@ -4658,15 +4658,12 @@ function Debug-AzStorageAccountADDSAuth { Write-Host "Checking AAD User has SID" try { $checksExecuted += 1 - Write-Verbose "CheckStorageAccountDomainJoined - START" - $activeDirectoryProperties = Get-AzStorageAccountActiveDirectoryProperties ` -ResourceGroupName $ResourceGroupName -StorageAccountName $StorageAccountName -ErrorAction Stop Write-Verbose -Message "Storage account $StorageAccountName is already joined in domain $($activeDirectoryProperties.DomainName)." $checks["CheckStorageAccountDomainJoined"].Result = "Passed" - Write-Verbose "CheckStorageAccountDomainJoined - SUCCESS" Write-TestingPassed } catch { $checks["CheckStorageAccountDomainJoined"].Result = "Failed" From d7e8bca3ddf51c69da0e8aabc87c4c3acc9780fa Mon Sep 17 00:00:00 2001 From: Valerio Marcelli Date: Thu, 20 Feb 2025 12:07:21 -0800 Subject: [PATCH 73/77] RBAC Check verbose removed --- AzFilesHybrid/AzFilesHybrid/AzFilesHybrid.psm1 | 3 --- 1 file changed, 3 deletions(-) diff --git a/AzFilesHybrid/AzFilesHybrid/AzFilesHybrid.psm1 b/AzFilesHybrid/AzFilesHybrid/AzFilesHybrid.psm1 index 4ac66ec7..eb80eb50 100644 --- a/AzFilesHybrid/AzFilesHybrid/AzFilesHybrid.psm1 +++ b/AzFilesHybrid/AzFilesHybrid/AzFilesHybrid.psm1 @@ -4678,8 +4678,6 @@ function Debug-AzStorageAccountADDSAuth { Write-Host "Checking User RBAC Assignment" try { $checksExecuted += 1 - Write-Verbose "CheckUserRbacAssignment - START" - Request-ConnectMsGraph -Scopes "User.Read.All", "GroupMember.Read.All" $sidNames = @{} @@ -4761,7 +4759,6 @@ function Debug-AzStorageAccountADDSAuth { Write-Host "------------------------------------------" $checks["CheckUserRbacAssignment"].Result = "Passed" - Write-Verbose "CheckUserRbacAssignment - SUCCESS" Write-TestingPassed } catch { $checks["CheckUserRbacAssignment"].Result = "Failed" From 86ba0c454e3ae3272b83038c60f3cc211cc2efd0 Mon Sep 17 00:00:00 2001 From: Valerio Marcelli Date: Thu, 20 Feb 2025 12:09:06 -0800 Subject: [PATCH 74/77] User RBAC Check verbose removed replaced with new output --- AzFilesHybrid/AzFilesHybrid/AzFilesHybrid.psm1 | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/AzFilesHybrid/AzFilesHybrid/AzFilesHybrid.psm1 b/AzFilesHybrid/AzFilesHybrid/AzFilesHybrid.psm1 index eb80eb50..f5eeeceb 100644 --- a/AzFilesHybrid/AzFilesHybrid/AzFilesHybrid.psm1 +++ b/AzFilesHybrid/AzFilesHybrid/AzFilesHybrid.psm1 @@ -4774,8 +4774,6 @@ function Debug-AzStorageAccountADDSAuth { Write-Host "Checking User RBAC Assignment" try { $checksExecuted += 1; - Write-Verbose "CheckUserFileAccess - START" - if ([string]::IsNullOrEmpty($FilePath)) { Write-Verbose -Message "Missing required parameter FilePath for CheckUserFileAccess, skipping CheckUserFileAccess" $checks["CheckUserFileAccess"].Result = "Skipped" @@ -4835,7 +4833,7 @@ function Debug-AzStorageAccountADDSAuth { Write-Host "------------------------------------------" $checks["CheckUserFileAccess"].Result = "Passed" - Write-Verbose "CheckUserFileAccess - SUCCESS" + Write-TestingPassed } } catch { From 5847ae90d73543e5bbc336908be51254a11fc0b8 Mon Sep 17 00:00:00 2001 From: Valerio Marcelli Date: Thu, 20 Feb 2025 12:10:01 -0800 Subject: [PATCH 75/77] Domain Share Permissions Check verbose removed --- AzFilesHybrid/AzFilesHybrid/AzFilesHybrid.psm1 | 3 --- 1 file changed, 3 deletions(-) diff --git a/AzFilesHybrid/AzFilesHybrid/AzFilesHybrid.psm1 b/AzFilesHybrid/AzFilesHybrid/AzFilesHybrid.psm1 index f5eeeceb..f75f61d8 100644 --- a/AzFilesHybrid/AzFilesHybrid/AzFilesHybrid.psm1 +++ b/AzFilesHybrid/AzFilesHybrid/AzFilesHybrid.psm1 @@ -4850,8 +4850,6 @@ function Debug-AzStorageAccountADDSAuth { Write-Host "Checking Default Share Permission" try { $checksExecuted += 1 - Write-Verbose "CheckDefaultSharePermission - START" - $StorageAccountObject = Validate-StorageAccount ` -ResourceGroupName $ResourceGroupName ` -StorageAccountName $StorageAccountName ` @@ -4864,7 +4862,6 @@ function Debug-AzStorageAccountADDSAuth { $DefaultSharePermission = "Not Configured. Please visit https://docs.microsoft.com/en-us/azure/storage/files/storage-files-identity-ad-ds-assign-permissions?tabs=azure-portal for more information if needed." } Write-Verbose "DefaultSharePermission: $DefaultSharePermission" - Write-Verbose "CheckDefaultSharePermission - SUCCESS" $checks["CheckDefaultSharePermission"].Result = "Passed" Write-TestingPassed } catch { From 70f57c04543b89491c1e96a5958e39cd4aed9210 Mon Sep 17 00:00:00 2001 From: Valerio Marcelli Date: Thu, 20 Feb 2025 12:11:05 -0800 Subject: [PATCH 76/77] Kerb Reg Key Is Off Check Verbose removed replaced with new output --- AzFilesHybrid/AzFilesHybrid/AzFilesHybrid.psm1 | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/AzFilesHybrid/AzFilesHybrid/AzFilesHybrid.psm1 b/AzFilesHybrid/AzFilesHybrid/AzFilesHybrid.psm1 index f75f61d8..0aeb9295 100644 --- a/AzFilesHybrid/AzFilesHybrid/AzFilesHybrid.psm1 +++ b/AzFilesHybrid/AzFilesHybrid/AzFilesHybrid.psm1 @@ -4878,12 +4878,10 @@ function Debug-AzStorageAccountADDSAuth { Write-Host "Checking AAD Kerberos Registry Key" try { $checksExecuted += 1; - Write-Verbose "CheckAadKerberosRegistryKeyIsOff - START" - if (-not (Test-IsCloudKerberosTicketRetrievalEnabled)) { $checks["CheckAadKerberosRegistryKeyIsOff"].Result = "Passed" - Write-Verbose "CheckAadKerberosRegistryKeyIsOff - SUCCESS" + Write-TestingPassed } else { From 91d897439da4de3567ad509b67a995c5fc1e5cb7 Mon Sep 17 00:00:00 2001 From: Valerio Marcelli Date: Thu, 20 Feb 2025 12:16:08 -0800 Subject: [PATCH 77/77] Changed to 'expected' --- AzFilesHybrid/AzFilesHybrid/AzFilesHybrid.psm1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/AzFilesHybrid/AzFilesHybrid/AzFilesHybrid.psm1 b/AzFilesHybrid/AzFilesHybrid/AzFilesHybrid.psm1 index 0aeb9295..459a1a5f 100644 --- a/AzFilesHybrid/AzFilesHybrid/AzFilesHybrid.psm1 +++ b/AzFilesHybrid/AzFilesHybrid/AzFilesHybrid.psm1 @@ -4404,7 +4404,7 @@ function Debug-AzStorageAccountADDSAuth { } catch { $checks["CheckPort445Connectivity"].Result = "Failed" $checks["CheckPort445Connectivity"].Issue = $_ - Write-TestingFailed -Message $_ -IsUnexpected $true + Write-TestingFailed -Message $_ } }