We wanted to announce the new major build of ExBPA that we released today: v2.6 (U.S. English).
We did a lot of work to improve usability of the tool in this release. Here are the major differences and improvements that we have made since ExBPA v2.5:
1. Tabbed reporting interface instead of a drop-down control. Viewing reports is now much more intuitive with this cool reporting structure.
2. Scan types are presented through radio buttons, so the different scan types available are much more obvious.
3. Group by "Issue" option when viewing list reports. For example, if you find that multiple servers are showing the same Error, you can now easily display a list of all servers affected rather than having to manually go through the entire list of items.
4. An ExBPA shell extension which allows you to right-click on an XML in Explorer (or apps like WinZip) and "View with Exchange Server Best Practices Analyzer".
5. ExBPA now works through proxy servers that require authentication.
6. New 'Permission Structure Check' scan type. This iterates through both the domain naming context and Exchange section of the configuration naming context and will notify you if inheritance has been blocked at any level. In addition, ExBPA will also check for inheritance blocks in the configuration naming context during a regular 'Health Check'.
7. Better reporting of cluster resources and groups. In the detailed view, you will now see a great hierarchical display of:
- Cluster resource groups with current owner
- Cluster resources and properties
- Dependent resources
- Antecedent resources
- Possible owners
We have also implemented dependency checks. For example, if the System Attendant is not dependent on every physical disk resource in the same resource group, a warning will be displayed.
8. Very latest rule set, including all the updates made to v2.5, which include the IIS metabase / transport event sink checks. In addition, we have introduced some new rules including:
- If you look in the "Information Items" report, the very first info rule details the version of ExBPA that was used to capture and analyze the data.
- A new object processor that uses DsGetSiteName to ascertain the AD site membership of the Exchange server and all DC/GCs in the DSAccess topology.
- Certificate checking. For every SMTP domain defined, we attempt to obtain the SSL cert. If we find it, we'll check that the principal matches the host name and if the cert is close to expiry (or has already expired).
- For connectivity errors, ExBPA now displays the underlying exception (e.g. Access Denied) in the Error rule itself. You no longer need to manually go through the Run Time log to see the actual error string.
9. All XML files are digitally signed to improve security and prevent tampering/spoofing. On startup, ExBPA will check that a valid signature (and Microsoft certificate) is on each XML. If the XML has been modified, a popup error will be seen and ExBPA will refuse to run.