Exchange Active Sync Troubleshooting
description
Transcript of Exchange Active Sync Troubleshooting
Chalk TalkActivesync troubleshootingAustin McCollum, Premier Field Engineer
architecture
Activesync troubleshooting
connectivity
troubleshooting performance
Activesync - architecture
Security• SSL for encryption and server ID validation• AD credentials or client certificates for
authentication• Activesync Mailbox policies• Remote Wipe
connectivityarchitecture
troubleshooting performance
Activesync - architecture
Security• SSL for encryption and server ID validation• AD credentials or client certificates for
authentication• Activesync Mailbox policies• Remote Wipe• Allow/Block/Quarantine• Throttling
connectivityarchitecture
troubleshooting performance
Activesync – architecture -ABQ
Logic Flow
• Is the mobile device authenticated? If not, challenge the mobile device for the correct credentials. Otherwise, go on to the next step.
• Is Exchange ActiveSync enabled for the current user? If not, return an "access restricted" error to the device. Otherwise, go on to the next step.
• Are the mobile policy enforcement criteria met by the current mobile device? If not, block access. Otherwise, go on to the next step.
• Is this mobile device blocked by a personal exemption for the user? If so, block access. Otherwise, go on to the next step.
• Is this mobile device allowed by a personal exemption for the user? If so, grant full access. Otherwise, go on to the next step.
• Is this mobile device blocked by a device access rule? If so, block access. Otherwise, go on to the next step.
• Is this mobile device quarantined by a device access rule? If so, quarantine the device. Otherwise, go on to the next step.
• Is this mobile device allowed by a device access rule? If so, grant full access. Otherwise, go on to the next step.
• Apply the default access state per the Exchange ActiveSync organizational settings. This grants access, blocks access, or quarantines the current device, depending on the organizational settings.
ca
t p
Activesync – architecture -ABQ
ABQ - Block
ca
t p
Activesync – architecture -ABQ
ABQ - Block
ca
t p
Activesync – architecture -ABQ
ABQ - Block
ca
t p
Activesync – architecture -ABQ
ABQ - Block
ca
t p
Activesync – architecture -ABQ
ABQ - Block
ca
t p
Activesync – architecture -ABQ
ABQ - Block
ca
t p
Activesync – architecture -ABQ
ABQ - Block
ca
t p
Activesync – architecture -ABQ
ABQ - Block
ca
t p
Activesync – architecture -ABQ
ABQ - Block
ca
t p
Activesync – architecture -ABQ
ABQ – Block
IIS logs - Provisioning2010-11-11 07:46:15 192.168.0.145 OPTIONS /Microsoft-Server-ActiveSync/default.eas &Log=V0_LdapC1_Pk0_Mbx:MCLAB02E14MBX01.mcLab02.internal_Throttle0_Budget:(A)Conn%3a0%2cHangingConn%3a0%2cAD%3a%24null%2f%24null%2f1%25%2cCAS%3a%24null%2f%24null%2f1%25%2cAB%3a%24null%2f%24null%2f0%25%2cRPC%3a%24null%2f%24null%2f0%25%2cFC%3a1000%2f0%2cPolicy%3aDefaultThrottlingPolicy%5Fc91213d0-c573-482e-8597-05358b7dc97b%2cNorm_ 443 mclab02\ceo 10.71.80.7 Apple-iPhone1C2/801.306 200 0 0 15
ca
t p
Activesync – architecture -ABQ
ABQ – Block
IIS logs - Attempted Foldersync2010-11-11 07:46:15 192.168.0.145 POST /Microsoft-Server-ActiveSync/default.eas User=ceo&DeviceId=Appl87831W4QY7H&DeviceType=iPhone&Cmd=FolderSync&Log=V140_Ssnf:T_LdapC4_LdapL31_RpcC43_RpcL63_Cpo19640_Fet20000_S129_Error:DeviceIsBlockedForThisUser_As:BlockedG_Mbx:MCLAB02E14MBX01.mcLab02.internal_Dc:mcE2k3BE01.mcLab02.internal_Throttle0_Budget:(D)Conn%3a1%2cHangingConn%3a0%2cAD%3a%24null%2f%24null%2f1%25%2cCAS%3a%24null%2f%24null%2f1%25%2cAB%3a%24null%2f%24null%2f0%25%2cRPC%3a%24null%2f%24null%2f1%25%2cFC%3a1000%2f0%2cPolicy%3aDefaultThrottlingPolicy%5Fc91213d0-c573-482e-8597-05358b7dc97b%2cNorm%5bResources%3a(Mdb)Mailbox+Database+1556018512(Health%3a-1%25%2cHistLoad%3a0)%2c(DC)mcE2k3BE01.mcLab02.internal(Health%3a-1%25%2cHistLoad%3a0)%2c%5d_ 443 mclab02\ceo 10.71.80.7 Apple-iPhone1C2/801.306 200 0 0 20110
ca
t p
Activesync – architecture -ABQ
ABQ – Block
ca
t p
Activesync – architecture -ABQ
ABQ – Block - Cons
• Telling the Admins• No auto email• Can only allow the device by using PowershellGet-ActiveSyncDevice -mailbox ceo | where{$_.devicemodel -eq "iPhone"} | Set-CASMailbox -id CEO -ActiveSyncAllowedDeviceIDs ($_.DeviceId)
ca
t p
Activesync – architecture -ABQ
ABQ – Quarantine
ca
t p
Activesync – architecture -ABQ
ABQ – Quarantine
• Account seems to sync fine• At first nothing is synchronized• GAL search fails• No calendar or contact information synced to device from mailbox• After the discovery process complete, the quarantine message is delivered to the device
ca
t p
Activesync – architecture -ABQ
ABQ – Quarantine
IIS logs - Discovery
2010-11-11 09:48:12 192.168.0.145 POST /Microsoft-Server-ActiveSync/default.eas User=e14mobiletester&DeviceId=Appl87831W4QY7H&DeviceType=iPhone&Cmd=FolderSync&Log=V140_St:S_LdapC1_RpcC17_RpcL15_Pk3408953401_As:DeviceDiscoveryG_Mbx:MCLAB02E14MBX01.mcLab02.internal_Throttle0_Budget:(A)Conn%3a0%2cHangingConn%3a0%2cAD%3a%24null%2f%24null%2f0%25%2cCAS%3a%24null%2f%24null%2f1%25%2cAB%3a%24null%2f%24null%2f0%25%2cRPC%3a%24null%2f%24null%2f1%25%2cFC%3a1000%2f0%2cPolicy%3aDefaultThrottlingPolicy%5Fc91213d0-c573-482e-8597-05358b7dc97b%2cNorm_ 443 mclab02\e14mobiletester 10.71.80.7 Apple-iPhone1C2/801.306 200 0 0 31
ca
t p
Activesync – architecture -ABQ
ABQ – Quarantine
ca
t p
Activesync – architecture -ABQ
ABQ – Quarantine
ca
t p
Activesync – architecture -ABQ
ABQ – Quarantine
ca
t p
Activesync – architecture -ABQ
ABQ – Quarantine
ca
t p
Activesync – architecture -ABQ
ABQ – Quarantine
ca
t p
Activesync – architecture -ABQ
ABQ – Quarantine
ca
t p
Activesync – architecture -ABQ
ABQ – Quarantine
ca
t p
Activesync – architecture -ABQ
ABQ – Quarantine
ca
t p
Activesync – architecture -ABQ
ABQ – Quarantine
ca
t p
Activesync – architecture -ABQ
ABQ – Quarantine
ca
t p
Activesync – architecture -ABQ
ABQ – Quarantine
ca
t p
Activesync – architecture -ABQ
ABQ – Limitations
• User Agent• Zero day exploits• Firmware level agnostic• ISA / TMG / other firewall solutions• manual powershell after the fact
ca
t p
Activesync - architecture ca
t p
Airsync Protocol
Activesync features available in Exchange 2007 sp3
http://msdn.microsoft.com/en-us/library/aa996303(v=EXCHG.80).aspx
Activesync feature available in Exchange 2010 sp2
http://technet.microsoft.com/en-us/library/bb123484
List of Activesync build / features and what mobile devices implement
http://en.wikipedia.org/wiki/Comparison_of_Exchange_ActiveSync_Clients
Activesync - architecture ca
t p
ISAPI
Activesync - architecture
Internet facing CAS - [internal site CAS]- XSO RPC MBX
connectivityarchitecture
troubleshooting performance
Activesync - architecture
Internet facing CAS - [internal site CAS]- XSO RPC MBX
connectivityarchitecture
troubleshooting performance
Activesync - architecture
Partnership
connectivityarchitecture
troubleshooting performance
Activesync - architecture
Partnership
connectivityarchitecture
troubleshooting performance
Activesync - connectivity
connectivityarchitecture
troubleshooting performance
Autodiscover
Activesync - connectivity
connectivityarchitecture
troubleshooting performance
Direct Push
Activesync - connectivity ca
t p
Activesync - connectivity ca
t p
Activesync - connectivity ca
t p
Activesync - connectivity ca
t p
Activesync - connectivity ca
t p
Activesync - connectivity ca
t p
Activesync - connectivity ca
t p
Activesync - connectivity ca
t p
Activesync - connectivity ca
t p
Affinity
Exchange ActiveSync Common Status CodesPing Command Status
Value Meaning
1 The heartbeat interval expired before any changes occurred in the folders being monitored. The client should reissue the Ping command request.
2 Changes occurred in at least one of the folders that were being monitored. The response includes the folders in which these changes have occurred.
3 The client Ping command request did not specify all of the necessary parameters. The client is expected to issue a Ping request that includes both the heartbeat interval and the folder list.
4 There has been a general error in the Ping request issued by the client, which can be caused by poorly formatted WBXML.
5 The heartbeat interval specified by the client is outside the range set by the server administrator. I f the specified interval was too great, the returned interval will be the maximum allowable value. I f the specified interval was too low, the returned interval will be the minimum allowable value.
6 The Ping command request specified more folders to monitor for changes than is allowed by the limit configured by the server administrator. The response specifies the limit in the MaxFolders element.
7 The client specified a folder that has been moved or deleted or the server that the client has been accessing has been upgraded from Exchange Server 2003 SP1 to SP2. The client should issue a FolderSync request.
Exchange ActiveSync Common Status Codes
Value Meaning
1 Success.
2 Protocol version mismatch.
3 Invalid sync key.
4 Protocol error.
5 Server error.
6 Error in client/server conversion.
7 Conflict matching the client and server object.
8 Object not found.
9 User account may be out of disk space.
10 An error occurred while setting the notification GUID.
11 Device has not been provisioned for notifications yet.
Sync Command Status
Exchange ActiveSync Common Status Codes
Search Command StatusValue Meaning
1 Success.
2 Protocol Error.
3 An error on the Exchange server occurred.
4 Bad Link.
5 Access Denied.
6 Not Found.
7 Connection Failed.
8 Too Complex.
9 Index not loaded.
10 TimeOut.
11 NeedToFolderSync.
12 EndOfRetrieveableRangeWarning.
Exchange ActiveSync Common Status Codes
FolderSync Command Status
Value Meaning
1 Success.
2 A folder with that name already exists.
3 Folder is a special folder.
4 Folder not found.
5 The specified parent folder was not found.
6 An error on the Exchange server occurred.
7 Access denied.
8 The request timed out.
9 Sync key mismatch or invalid sync key.
10 Misformatted request.
11 An unknown error occurred.
Server Response Status Codes:Server informs the device that there is mail in specific folder(s). Device then syncs only those folders, (though it may choose to sync others as well). The status code is used to indicate success, failure, timeout and other error conditions.
HTTP 200 OKContent-Type: ms.wbxmlPragma: no-cache <Status> 2 <\Status><Folders>
<Folder> 1234 </Folder></Folders>
Example of PING Server Response
Activesync - troubleshooting
connectivityarchitecture
troubleshooting performance
Scoping questions:• Is the device reaching the Internet facing
CAS?• Are all mobile devices affected?• Which CAS do we need to troubleshoot?• Is this an issue that’s well known?
Activesync - troubleshooting
connectivityarchitecture
troubleshooting performance
Troubleshooting service
• the browser testhttps://CAS.contoso.com/microsoft-server-activesync/default.eashttps://mail.contoso.com/microsoft-server-activesync/default.eas
[501 method not implemented is the expected response]
Activesync - troubleshooting
connectivityarchitecture
troubleshooting performance
https://www.testexchangeconnectivity.com
Test-ActiveSyncConnectivity
Event logs (Source: MSExchange ActiveSync)
IIS logs (requests to /microsoft-server-activesync)
EAS Mailbox device logging
Windows Mobile emulator
Failed request tracing
Perfmon
https://www.testexchangeconnectivity.com
Test-ActiveSyncConnectivity cmdlet
To Turn up Diagnostic Logging:Set-EventLogLevel –identity “MSExchange ActiveSync\*” –level Expert
Event Name="MailboxBackingOff"> Description: Exchange ActiveSync has encountered repeated failures when it tries to access data on Mailbox server [%1]. Exchange ActiveSync will temporarily stop making Exchange ActiveSync requests to the Mailbox server. The process will be postponed for [%2] seconds. This may be caused if the Mailbox server is overloaded. If this event is frequently logged, review the Application log for other events that could indicate the root cause of performance problems on the Mailbox server specified in the event description. Event ID: 1016 Event Type: Error Severity: Error Category: Server Level: LowestComment: Due to the frequency of failures with this back-end, Exchange ActiveSync will stop accessing this server for a short period of time.
Event Log Example
Log Example of WP7 Sync:2011-10-20 01:26:31 192.168.137.206 POST /Microsoft-Server-ActiveSync/default.eas Cmd=Sync&DeviceId=DCBDD36BB0199E795529F37F7&DeviceType=WP&Log=V141_Fc5_Fid:1_Ty:Ca_Filt4_St:S_Sk:1538807520_Sst1_SsCmt1_Srv:3a0c0d0s0e0r0A0sd_BR1_BPR0_Fid:10_Ty:Em_Filt3_St:S_Sk:2063964464_SsCmt1_Srv:6a0c0d0s0e0r0A0sd_BR1_BPR0_Fid:2_Ty:Co_Filt0_St:S_Sk:468224503_SsCmt1_Srv:2a0c0d0s0e0r0A0sd_BR1_BPR0_Fid:5_Ty:Em_Filt3_St:S_Sk:185102333_SsCmt1_Srv:7a0c0d0s0e0r0A0sd_BR1_BPR0_Fid:RI_Ty:Ri_Filt0_St:S_Sk:237668282_SsCmt1_Srv:1a0c0d0s0e0r0A0sd_BR0_BPR0_LdapC23_RpcC116_RpcL203_Pk1087184048_S1_As:AllowedG_Mbx:E2K10M.x.ExchLab.local_Throttle0_Budget:(A)Conn%3a0%2cHangingConn%3a0%2cAD%3a%24null%2f%24null%2f1%25%2cCAS%3a%24null%2f%24null%2f3%25%2cAB%3a%24null%2f%24null%2f0%25%2cRPC%3a%24null%2f%24null%2f2%25%2cFC%3a1000%2f0%2cPolicy%3aDefaultThrottlingPolicy%5Fb87d2830-9dcf-42fe-b04c-c708f8866a7e%2cNorm_&Translated=T 443 x\test-msft 192.168.137.254 - 200 0 0 593
W3SVC Log Example
W3SVC Log Breakdown - ElementsLetter
identifier Element name Definition Possible values
V Protocol version
The protocol version the device is using to synchronize with the Exchange server.
Value Meaning 120 Version 12 25 Version 2.5 21 Version 2.1 20 Version 2.0 10 Version 1.0
Ty Type The type of folder that's being synchronized.
Value Meaning Em E-mail Co Contacts Ca Calendar Ta Tasks
Fid Folder ID The ID of the folder that's being synchronized.
Positive Integer
Fc Folder count The number of folders that are being synchronized.
Positive Integer
Filt Filter type The data that the user requested. Value Meaning E-mail? Calendar? Tasks? 0 No filter Yes Yes Yes 1 1 day back Yes No No 2 3 days back Yes No No 3 1 week back Yes No No 4 2 weeks back Yes Yes No 5 1 month back Yes Yes No 6 3 months back No Yes No 7 6 months back No Yes No 8 Incomplete No No Yes
W3SVC Log Breakdown - ElementsSt Sync type The type of synchronization that's being performed. Value Meaning
F First sync S Subsequent R Recovery sync I Invalid sync
Sk Sync key The actual sync key that's used between the mobile phone and the Exchange server.
Positive integer
Cli: Client statistics
Stores the count of each type of activity from the Client. Output is in the form Cli: 0A0C3D1F0E.
Identifier value Meaning A Adds C Changes D Deletes F Fetches E Errors
Svr: Server statistics
Stores the count of each type of activity from the server. Output is in the form Svr:2A0C2D1F1E.
Identifier Meaning A Adds C Changes D Deletes F Fetches E Errors
E Number of errors
The number of errors encountered in a request. Positive integer
Io I tems opened The number of items that were opened. This feature hasn't yet been implemented.
Positive integer
Hb Heartbeat interval
The Heartbeat interval that's used for the PING command. Positive integer
W3SVC Log Breakdown - ElementsSsp SharePoint
documents The number of files that were accessed from Windows SharePoint Services.
Positive integer
Sspb SharePoint bytes The number of bytes that were accessed from Windows SharePoint Services.
Positive integer
Unc UNC files The number of files that were accessed through Windows file shares.
Positive integer
Uncb UNC bytes The number of bytes that were accessed through Windows file shares.
Positive integer
Att Attachments The number of attachments that were retrieved. Positive integer
Attb Attachment bytes The number of bytes that were retrieved for attachments. Positive integer
Pk Policy key received
The element that's used by the client and server to correlate acknowledgements to a particular policy setting.
Not applicable
Pa Policy acknowledge status
The element that indicates success if all the policy settings were applied correctly.
Value Meaning 1Policy was successfully applied 2Policy was partially applied 3Policy was not applied
W3SVC Log Breakdown - ElementsOof OOf action The action that is performed on the Out of
Office status stored on the Exchange server.
Value Meaning GetRetrieves the OOF status and message SetSets the OOF status and message
UserInfo User information action
The parameter that specifies retrieval of the user information data.
Get
DevModel Device model The device information that is supplied by the device manufacturer.
Possible values include manufacturer name, model name, and model number.
DevIMEI IMEI The International Mobile Equipment Identity (IMEI ). I t is a 15-digit code that's assigned to each device.
String
DevName Device friendly name
This element stores the user's description of their device.
String
DevOS Device OS The operating system that is running on the device.
String
DevLang Device OS language
The localized language of the device operating system.
String
Error Error The error section of the request. String
S Status This element returns the status of the device.
String
R Not Relevant This element returns a count of items that have changed but aren't relevant to the mobile phone or device.
Positive integer
W3SVC Log Breakdown - ElementsPfs PerFolderStatus
BR BodyRequested
BPR BodyPartRequested
LdapC LdapCount
LdapL LdapLatency
RpcC RpcCount
RpcL RpcLatency
E NumErrors
Io NumItemsOpened
W3SVC Log Breakdown - ElementsDevAgent DeviceInfoUserAgent
Rto RequestTimedOut
Erq EmptyRequest
Ers EmptyResponse
Cpo CompletionOffset
Fet FinalElapsedTime
DevEnaSMS DeviceInfoEnableOutboundSMS
DevMoOp DeviceInfoMobileOperator
W3SVC Log Breakdown - ElementsRR NumberOfRecipientsToResolve
Fb "Fb"=AvailabilityRequested
Ct CertificatesRequested
Pic PictureRequested
As AccessStateAndReason
Ssu Ssu
Mbx MailboxServer
Dc DomainController
Throttle ThrottledTime
Log Example of WP7 Sync:2011-10-20 01:26:31 192.168.137.206 POST /Microsoft-Server-ActiveSync/default.eas Cmd=Sync&DeviceId=DCBDD36BB0199E795529F37F7&DeviceType=WP&Log=V141_Fc5_Fid:1_Ty:Ca_Filt4_St:S_Sk:1538807520_Sst1_SsCmt1_Srv:3a0c0d0s0e0r0A0sd_BR1_BPR0_Fid:10_Ty:Em_Filt3_St:S_Sk:2063964464_SsCmt1_Srv:6a0c0d0s0e0r0A0sd_BR1_BPR0_Fid:2_Ty:Co_Filt0_St:S_Sk:468224503_SsCmt1_Srv:2a0c0d0s0e0r0A0sd_BR1_BPR0_Fid:5_Ty:Em_Filt3_St:S_Sk:185102333_SsCmt1_Srv:7a0c0d0s0e0r0A0sd_BR1_BPR0_Fid:RI_Ty:Ri_Filt0_St:S_Sk:237668282_SsCmt1_Srv:1a0c0d0s0e0r0A0sd_BR0_BPR0_LdapC23_RpcC116_RpcL203_Pk1087184048_S1_As:AllowedG_Mbx:E2K10M.x.ExchLab.local_Throttle0_Budget:(A)Conn%3a0%2cHangingConn%3a0%2cAD%3a%24null%2f%24null%2f1%25%2cCAS%3a%24null%2f%24null%2f3%25%2cAB%3a%24null%2f%24null%2f0%25%2cRPC%3a%24null%2f%24null%2f2%25%2cFC%3a1000%2f0%2cPolicy%3aDefaultThrottlingPolicy%5Fb87d2830-9dcf-42fe-b04c-c708f8866a7e%2cNorm_&Translated=T 443 x\test-msft 192.168.137.254 - 200 0 0 593
W3SVC Log Example
W3SVC Log Example BreakdownProtocol Version 14.1
Type E-mail
Folder ID 10
Folder Count 5
Filter Type 3 days back
Sync Type Subsequent sync
Sync Key 2063964464
Status Success
BodyRequested 1
BodyPartRequested 0
Server Stats
Adds 6
Changes 0
Deletes 0
Soft-Deletes 0
Errors 0
LDAPCount 23
RPCCount 116
RPCLatency 203
PolicyKey 1087184048
Status 1
AccessStateandReason Allowed
Mailbox E2k10
Throttle 0
W3SVC Log Sample – Break it Down!
Example Ping command:&Log=V120_Hb780_S1
W3SVC Log – Too Easy!
Protocol Version 12Heartbeat Interval 780 sec (13min)Status 1 (Success)
Logparser "SELECT c-ip AS ClientIP, cs-username AS User, cs(User-Agent) AS Client, Count(cs-username) AS ExchangeHits from 'C:\Windows\System32\LogFiles\W3SVC1\ex*.log' WHERE cs-username IS NOT NULL GROUP BY User, c-ip, cs(User-Agent) ORDER BY ExchangeHits desc" -o:csv > Output.csv
ClientIP User Client ExchangeHits192.168.137.254 x\test-apple Apple-iPhone2C1/808.7 4324192.168.137.234 x\test-msft MSFT-WP7/4243.0 157192.168.137.224 x\test-android Android/0.3 132192.168.137.254 x\test-nokia NokiaE74/8800 1323
Log Parser Query and Results
Export-ActiveSyncLog Example
Export-ActiveSyncLog Example
In order to discover additional data such as the user agent, we would need to run the Log Parser cmdlet as well or run an additional powershell cmdlet:Get-ActiveSyncDevice –Mailbox test-apple | fl DeviceUserAgent,Identity
Get-ActiveSyncDevice cmdlet
In Exchange 2007, we had to enable the Mailbox Logging within the Web.Config file in the <ExchangeInstallation>\Sync directory on the Exchange 2007 CAS serverBy default, the logging is off. It can be turned on and tweaked easily from CAS server’s web.config:
<add key="MailboxLoggingEnabled" value="true"></add><add key="NumOfQueuedMailboxLogEntries" value="15"></add><add key="MaxSizeOfMailboxLog" value="8000"></add>
After the Exchange administrator turns on the logging and device starts syncing, a "Retrieve Log..." link will show on the OWA device page to let the device owner grab the log, which will be dropped into the Inbox as an attachment of an Action email, titled as "Log retrieved for device: XXXXXX". Source: http://msexchangeteam.com/archive/2007/05/30/439568.aspx
EAS Mailbox Logging
In Exchange 2010, the EAS Mailbox Logging must be enabled using Exchange Management Shell or within the ECP.
When you go to the Phones page in the control panel in Exchange 2010 and select a Device from the list (you can have more than one) you see a new option called Start Logging. This is a very easy way to get logs from a user after they reproduce their problem.
When the user clicks on the Start Logging button, the server runs some Exchange Management Shell cmdlets that initiate Exchange Active Sync logging and tracks all interaction with the device. Before the log is started, the user is explained what is going to take place.
EAS Mailbox Logging
EAS Mailbox Logging
When the user clicks Yes, the following cmdlets are executed:
Set-CasMailbox –ActiveSyncDebugLogging $true –Identity <userMailbox>
When the logging starts, the Start Logging changes to Retrieve Log; Once the Retrieve Log button is clicked, the following cmdlet is run:
Set-CasMailbox –ActiveSyncDebugLogging $false –Identity <userMailbox>
Then, then log is sent to the user which can also be done manually by running the following cmdlet:
Get-ActiveSyncDeviceStatistics –mailbox <userMailbox> -GetMailboxLog –NotificationEmailAddress <userEmail>
EAS Mailbox Logging
EAS Mailbox Logging is similar to device side loggingLog Entry: 70-----------------RequestTime : 10/20/2011 11:00:19 ServerName : E2K10CH AssemblyVersion : 14.01.0325.000 Identifier : 70F0FE13
EAS Mailbox Logging – WP7
RequestHeader : POST /Microsoft-Server-ActiveSync/default.eas?Cmd=Sync&DeviceId=DCBDD36BB0199E795529F37F7&DeviceType=WP HTTP/1.1Cache-Control: no-cacheConnection: Keep-AliveContent-Length: 112Content-Type: application/vnd.ms-sync.wbxmlAccept-Language: en-usAuthorization: ********Host: mail.exchlab.comReverse-Via: EXCHLAB-ISAMS-ASProtocolVersion: 14.1X-MS-PolicyKey: 1087184048
EAS Mailbox Logging – WP7
RequestBody : <?xml version="1.0" encoding="utf-8" ?>
<Sync xmlns="AirSync:"><Collections>
<Collection><SyncKey>1771316587</SyncKey><CollectionId>1</CollectionId><WindowSize>25</WindowSize>
</Collection><Collection>
<SyncKey>1235562199</SyncKey><CollectionId>10</CollectionId>
</Collection><Collection>
<SyncKey>1625655252</SyncKey><CollectionId>2</CollectionId><WindowSize>25</WindowSize>
</Collection><Collection>
<SyncKey>446359207</SyncKey><CollectionId>5</CollectionId>
</Collection></Collections>
<HeartbeatInterval>1380</HeartbeatInterval></Sync> WasPending : [Response was pending]
EAS Mailbox Logging – WP7
ResponseHeader : HTTP/1.1 200 OKMS-Server-ActiveSync: 14.1 ResponseBody : <?xml version="1.0" encoding="utf-8" ?><Sync xmlns="AirSync:">
<Collections><Collection>
<SyncKey>268775212</SyncKey><CollectionId>5</CollectionId><Status>1</Status><Commands>
<Add><ServerId>5:11</ServerId><ApplicationData>
…</ApplicationData>
</Add></Commands>
</Collection></Collections>
</Sync> ResponseTime : 10/20/2011 11:01:46
EAS Mailbox Logging – WP7
RequestBody : <?xml version="1.0" encoding="utf-8" ?><Sync xmlns="AirSync:">
<Collections><Collection>
<SyncKey>268775212</SyncKey><CollectionId>5</CollectionId>
</Collection></Collections><HeartbeatInterval>1380</HeartbeatInterval><Partial/>
</Sync>
EAS Mailbox Logging – WP7
Log Entry: 61-----------------RequestTime : 10/20/2011 12:29:45 ServerName : E2K10CH AssemblyVersion : 14.01.0325.000
Identifier : 6E3B9610 RequestHeader : POST /Microsoft-Server-ActiveSync/default.eas?User=test-apple&DeviceId=Appl889333NP&DeviceType=iPhone&Cmd=Ping HTTP/1.1Connection: Keep-AliveContent-Length: 0Accept: */*Accept-Language: en-usAuthorization: ********Host: mail.exchlab.comUser-Agent: Apple-iPhone2C1/808.7Reverse-Via: EXCHLAB-ISAMs-Asprotocolversion: 14.0X-Ms-Policykey: 2891930116
RequestBody :
WasPending : [Response was pending]
EAS Mailbox Logging - iPhone
ResponseHeader : HTTP/1.1 200 OKMS-Server-ActiveSync: 14.1 ResponseBody : <?xml version="1.0" encoding="utf-8" ?><Ping xmlns="Ping:">
<Status>2</Status><Folders>
<Folder>5</Folder></Folders>
</Ping> ResponseTime : 10/20/2011 12:30:30
EAS Mailbox Logging - iPhone
Log Entry: 62----------------- RequestTime : 10/20/2011 12:31:01
……….
RequestBody : <?xml version="1.0" encoding="utf-8" ?><Sync xmlns="AirSync:">
<Collections><Collection>
<SyncKey>1116787565</SyncKey><CollectionId>5</CollectionId><GetChanges/>
EAS Mailbox Logging - iPhone
ResponseHeader : HTTP/1.1 200 OKMS-Server-ActiveSync: 14.1 ResponseBody : <?xml version="1.0" encoding="utf-8" ?><Sync xmlns="AirSync:">
<Collections><Collection>
<SyncKey>2657206</SyncKey><CollectionId>5</CollectionId><Status>1</Status><Commands>
<Add><ServerId>5:10</ServerId><ApplicationData>
<To xmlns="Email:" bytes="37"/>
ResponseTime : 10/20/2011 12:31:01
EAS Mailbox Logging - iPhone
Log Entry: 63-----------------RequestTime : 10/20/2011 12:31:01
Identifier : 3BB1439B RequestHeader : POST /Microsoft-Server-ActiveSync/default.eas?User=test-apple&DeviceId=Appl889333NP&DeviceType=iPhone&Cmd=Sync HTTP/1.1<Sync xmlns="AirSync:">
<Collections><Collection>
<SyncKey>2657206</SyncKey><CollectionId>5</CollectionId><GetChanges>0</GetChanges>
……….<Fetch>
<ServerId>5:10</ServerId></Fetch>
EAS Mailbox Logging - iPhone
ResponseHeader : HTTP/1.1 200 OKMS-Server-ActiveSync: 14.1
ResponseBody : <?xml version="1.0" encoding="utf-8" ?><Sync xmlns="AirSync:">
<Collections><Collection>
<SyncKey>530022051</SyncKey><CollectionId>5</CollectionId><Status>1</Status><Responses>
<Fetch><ServerId>5:10</ServerId><Status>1</Status>
EAS Mailbox Logging - iPhone
RequestBody : <?xml version="1.0" encoding="utf-8" ?><Sync xmlns="AirSync:">
<Collections><Collection>
<SyncKey>644101135</SyncKey><CollectionId>5</CollectionId><GetChanges/><WindowSize>25</WindowSize><Options>
<FilterType>2</FilterType><MIMETruncation>1</MIMETruncation><MIMESupport>0</MIMESupport><BodyPreference xmlns="AirSyncBase:">
<Type>1</Type><TruncationSize>500</TruncationSize>
</BodyPreference></Options>
</Collection></Collections>
EAS Mailbox Logging – iPhone ???
</Sync> SyncCommand_GenerateResponsesXmlNode_AddChange_ConvertServerToClientObject_Exception : Microsoft.Exchange.AirSync.ChangeTrackingItemRejectedException at Microsoft.Exchange.AirSync.ChangeTrackingFilter.Filter(XmlNode xmlItemRoot, Nullable`1[] oldChangeTrackingInformation) at Microsoft.Exchange.AirSync.SyncCollection.ConvertServerToClientObject(ISyncItem syncItem, XmlNode airSyncParentNode, SyncOperation changeObject, GlobalInfo globalInfo) at Microsoft.Exchange.AirSync.SyncCollection.<>c__DisplayClassd.<GenerateCommandsXmlNode>b__4(SyncOperation changeObject) LogicalRequest : <?xml version="1.0" encoding="utf-8" ?><Sync xmlns="AirSync:">
<Collections><Collection>
<SyncKey>644101135</SyncKey><CollectionId>5</CollectionId>
EAS Mailbox Logging – iPhone ???
-----------------
Log Entry: 69-----------------
RequestTime : 10/20/2011 12:49:23 ServerName : E2K10CHAssemblyVersion : 14.01.0325.000
Identifier : 7FF1CC78RequestHeader :
POST /Microsoft-Server-ActiveSync/default.eas?User=test-apple&DeviceId=Appl889333NP&DeviceType=iPhone&Cmd=Ping HTTP/1.1
Connection: Keep-AliveContent-Length: 15Content-Type: application/vnd.ms-sync.wbxmlAccept: */*Accept-Language: en-usAuthorization: ********Host: mail.exchlab.comUser-Agent: Apple-iPhone2C1/808.7Reverse-Via: EXCHLAB-ISAMs-Asprotocolversion: 14.0
X-Ms-Policykey: 2891930116RequestBody : <?xml version="1.0" encoding="utf-8" ?>
<Ping xmlns="Ping:"><HeartbeatInterval>700</HeartbeatInterval>
</Ping>
EAS Mailbox Logging – iPhone ???
-----------------
Log Entry: 70-----------------RequestTime :
10/20/2011 13:01:53 ServerName : E2K10CHAssemblyVersion : 14.01.0325.000
Identifier : 24B088EB RequestHeader :
POST /Microsoft-Server-ActiveSync/default.eas?User=test-apple&DeviceId=Appl889333NP&DeviceType=iPhone&Cmd=Ping HTTP/1.1
Connection: Keep-AliveContent-Length: 15Content-Type: application/vnd.ms-sync.wbxmlAccept: */*Accept-Language: en-usAuthorization: ********Host: mail.exchlab.comUser-Agent: Apple-iPhone2C1/808.7Reverse-Via: EXCHLAB-ISAMs-Asprotocolversion: 14.0X-Ms-Policykey: 2891930116RequestBody : <?xml version="1.0" encoding="utf-8" ?>
<Ping xmlns="Ping:"><HeartbeatInterval>801</HeartbeatInterval>
</Ping>
EAS Mailbox Logging - iPhone
-----------------
Log Entry: 71-----------------RequestTime :
10/20/2011 13:15:21 ServerName : E2K10CHAssemblyVersion : 14.01.0325.000
Identifier : 47C28128 RequestHeader :
POST /Microsoft-Server-ActiveSync/default.eas?User=test-apple&DeviceId=Appl889333NP&DeviceType=iPhone&Cmd=Ping HTTP/1.1
Connection: Keep-AliveContent-Length: 15Content-Type: application/vnd.ms-sync.wbxmlAccept: */*Accept-Language: en-usAuthorization: ********Host: mail.exchlab.comUser-Agent: Apple-iPhone2C1/808.7Reverse-Via: EXCHLAB-ISAMs-Asprotocolversion: 14.0X-Ms-Policykey: 2891930116 RequestBody : <?xml version="1.0" encoding="utf-8" ?>
<Ping xmlns="Ping:"><HeartbeatInterval>700</HeartbeatInterval>
</Ping>
EAS Mailbox Logging - iPhone
The following component tags in EXTRA should be enabled to trace Exchange ActiveSync requests.
MSExchangeSync\*
If one is required to check sync requests to the mailbox level to track message changes or deletes (to include calendaring changes and deletes), then the following tags are recommended and helpful to enable on the mailbox server
Store\tagCalendarChange, tagCalendarDelete, tagMessageChange, tagMessageDelete
NOTE: These will help identify who or what device changed and deleted the message or calendar item
EXTRA
The following component tags in EXTRA should be enabled to trace Exchange ActiveSync requests.
MSExchangeSync\*
If one is required to check sync requests to the mailbox level to track message changes or deletes (to include calendaring changes and deletes), then the following tags are recommended and helpful to enable on the mailbox server
Store\tagCalendarChange, tagCalendarDelete, tagMessageChange, tagMessageDelete
NOTE: These will help identify who or what device changed and deleted the message or calendar item
Calendar Diagnostic Logging
Run EXTRA
Click Trace Control and OK to prompt
Configure and Set manual trace tags
Select Types, Components and Tags
Start, Repro the issue, then Stop trace
This would require Windows Mobile Emulator to run on the internal network against the CAS.
The CAS /Microsoft-Server-ActiveSync Virtual Directory would also need to have SSL Requirement unchecked to run the device against it while capturing the traffic.
To download and install Windows Mobile Emulator, see http://blogs.technet.com/b/exchange/archive/2007/09/17/3403937.aspx
Network Captures
Failed Request Tracing (FREB)
Failed Request Tracing (FREB)
Failed Request Tracing (FREB)
Failed Request Tracing (FREB)
Failed Request Tracing (FREB)
Failed Request Tracing (FREB)
<?xml version="1.0" encoding="UTF-8" ?><?xml-stylesheet type='text/xsl' href='freb.xsl'?><!-- saved from url=(0014)about:internet --><failedRequest url="https://mail.exchlab.com:443/Microsoft-Server-ActiveSync/default.eas?Cmd=FolderSync&DeviceId=DCBDD36BB0199E795529F37F7&DeviceType=WP" siteId="1" appPoolId="MSExchangeSyncAppPool" processId="5212" verb="POST" remoteUserName="x\test-msft" userName="x\test-msft" tokenUserName="X\test-msft" authenticationType="Basic" activityId="{00000000-0000-0000-CB00-0080000000F5}" failureReason="STATUS_CODE" statusCode="401.3" triggerStatusCode="401.3" timeTaken="0" xmlns:freb="http://schemas.microsoft.com/win/2006/06/iis/freb"
FREB Log Example
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="WWW Server" Guid="{3A2A4E84-4C21-4981-AE10-3FDA0D9B0F83}"/> <EventID>0</EventID> <Version>1</Version> <Level>4</Level> <Opcode>10</Opcode> <Keywords>0x80</Keywords> <TimeCreated SystemTime="2011-10-20T03:32:15.560Z"/> <Correlation ActivityID="{00000000-0000-0000-CB00-0080000000F5}"/> <Execution ProcessID="5212" ThreadID="5316"/> <Computer>E2K10CH</Computer> </System> <EventData> <Data Name="ContextId">{00000000-0000-0000-CB00-0080000000F5}</Data> <Data Name="FileName">C:\Program Files\Microsoft\Exchange Server\V14\ClientAccess\sync\default.eas</Data> <Data Name="UserName">test-msft</Data> <Data Name="DomainName">X</Data> </EventData> <RenderingInfo Culture="en-US"> <Opcode>FILE_CACHE_ACCESS_START</Opcode> <Keywords> <Keyword>Cache</Keyword> </Keywords> </RenderingInfo> <ExtendedTracingInfo xmlns="http://schemas.microsoft.com/win/2004/08/events/trace"> <EventGuid>{AC1D69F1-BF33-4CA0-9313-BCA13873E1DC}</EventGuid> </ExtendedTracingInfo></Event>
FREB Log Example
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="WWW Server" Guid="{3A2A4E84-4C21-4981-AE10-3FDA0D9B0F83}"/> <EventID>0</EventID> <Version>1</Version> <Level>4</Level> <Opcode>11</Opcode> <Keywords>0x80</Keywords> <TimeCreated SystemTime="2011-10-20T03:32:15.560Z"/> <Correlation ActivityID="{00000000-0000-0000-CB00-0080000000F5}"/> <Execution ProcessID="5212" ThreadID="5316"/> <Computer>E2K10CH</Computer> </System> <EventData> <Data Name="ContextId">{00000000-0000-0000-CB00-0080000000F5}</Data> <Data Name="Successful">false</Data> <Data Name="FileFromCache">false</Data> <Data Name="FileAddedToCache">false</Data> <Data Name="FileDirmoned">true</Data> <Data Name="LastModCheckErrorIgnored">true</Data> <Data Name="ErrorCode">2147942405</Data> <Data Name="LastModifiedTime"></Data> </EventData> <RenderingInfo Culture="en-US"> <Opcode>FILE_CACHE_ACCESS_END</Opcode> <Keywords> <Keyword>Cache</Keyword> </Keywords> <freb:Description Data="ErrorCode">Access is denied. (0x80070005)</freb:Description> </RenderingInfo> <ExtendedTracingInfo xmlns="http://schemas.microsoft.com/win/2004/08/events/trace"> <EventGuid>{AC1D69F1-BF33-4CA0-9313-BCA13873E1DC}</EventGuid> </ExtendedTracingInfo></Event>
FREB Log Example
Activesync - performance
connectivityarchitecture
troubleshooting performance
Throttling
• EASMaxConcurrency : 10• EASPercentTimeInAD :• EASPercentTimeInCAS : • EASPercentTimeInMailboxRPC :• EASMaxDevices : 10• EASMaxDeviceDeletesPerMonth :
Activesync - performance
Trending analysis
• using AD tools since partnership is kept in leaf objectCsvde –d “cn=users,DC=Contoso,DC=com” –r (objectclass=msexchactivesyncdevice) -l dn,msExchDeviceUserAgent,whenChanged,whenCreated –f c:\allExchange2010mobiledevicepartnerships.csv
"CN=iPhone§Appl87831W4QY7H,CN=ExchangeActiveSyncDevices,CN=e14MobileTester,CN=Users,DC=Contoso,DC=com",20101111173928.0Z,20101111173948.0Z,Apple-iPhone1C2/802.117"CN=PocketPC§BAD73E6E02156460E800185977C03182,CN=ExchangeActiveSyncDevices,CN=e14manager,CN=Users,DC=Contoso,DC=com",20101231183218.0Z,20101231183326.0Z,MSFT-PPC/5.2.5001"CN=WP§C01D49121ABAFAFD3C72924235668667,CN=ExchangeActiveSyncDevices,CN=wp7user,CN=Users,DC=Contoso,DC=com",20110421115008.0Z,20110421115100.0Z,MSFT-WP/7.0.7390"CN=iPhone§Appl87831W4QY7H,CN=ExchangeActiveSyncDevices,CN=iuser01,CN=Users,DC=Contoso,DC=com",20110426120447.0Z,20110426120505.0Z,Apple-iPhone1C2/803.148…
• Compare this to the shell approach. From Management ShellGet-Mailbox alias | Get-ActivesyncDeviceStatistics | ft identity,DeviceType,DeviceModel
ca
t p
Activesync - performance
connectivityarchitecture
troubleshooting performance
Log Parser Studio
#demo
The following tables shows ActiveSync service counters for Exchange 2010. The following counters may be able to assist in troubleshooting performance issues:MSExchange ActiveSync\Ping Commands PendingMSExchange ActiveSync\Sync Commands PendingMSExchange ActiveSync\Requests QueuedMSExchangeIS\RPC RequestsMSExchangeIS\RPC Average LatencyMSExchangeIS Client (*)\RPC Average Latency
For CAS: http://technet.microsoft.com/en-us/library/ff367877.aspx
For Mailbox, see http://technet.microsoft.com/en-us/library/ff367871.aspx
Performance Monitor ca
t p
© 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.