exchange active sync troubleshooting

Chalk TalkActivesync troubleshootingAustin McCollum, Premier Field Engineer

architecture

Activesync troubleshooting

connectivity

troubleshooting performance

Activesync - architecture

Security• SSL for encryption and server ID validation• AD credentials or client certificates for

authentication• Activesync Mailbox policies• Remote Wipe

connectivityarchitecture

Security• SSL for encryption and server ID validation• AD credentials or client certificates for

authentication• Activesync Mailbox policies• Remote Wipe• Allow/Block/Quarantine• Throttling

Activesync – architecture -ABQ

Logic Flow

• Is the mobile device authenticated? If not, challenge the mobile device for the correct credentials. Otherwise, go on to the next step.

• Is Exchange ActiveSync enabled for the current user? If not, return an "access restricted" error to the device. Otherwise, go on to the next step.

• Are the mobile policy enforcement criteria met by the current mobile device? If not, block access. Otherwise, go on to the next step.

• Is this mobile device blocked by a personal exemption for the user? If so, block access. Otherwise, go on to the next step.

• Is this mobile device allowed by a personal exemption for the user? If so, grant full access. Otherwise, go on to the next step.

• Is this mobile device blocked by a device access rule? If so, block access. Otherwise, go on to the next step.

• Is this mobile device quarantined by a device access rule? If so, quarantine the device. Otherwise, go on to the next step.

• Is this mobile device allowed by a device access rule? If so, grant full access. Otherwise, go on to the next step.

• Apply the default access state per the Exchange ActiveSync organizational settings. This grants access, blocks access, or quarantines the current device, depending on the organizational settings.

ABQ - Block

ABQ – Block

IIS logs - Provisioning2010-11-11 07:46:15 192.168.0.145 OPTIONS /Microsoft-Server-ActiveSync/default.eas &Log=V0_LdapC1_Pk0_Mbx:MCLAB02E14MBX01.mcLab02.internal_Throttle0_Budget:(A)Conn%3a0%2cHangingConn%3a0%2cAD%3a%24null%2f%24null%2f1%25%2cCAS%3a%24null%2f%24null%2f1%25%2cAB%3a%24null%2f%24null%2f0%25%2cRPC%3a%24null%2f%24null%2f0%25%2cFC%3a1000%2f0%2cPolicy%3aDefaultThrottlingPolicy%5Fc91213d0-c573-482e-8597-05358b7dc97b%2cNorm_ 443 mclab02\ceo 10.71.80.7 Apple-iPhone1C2/801.306 200 0 0 15

ABQ – Block

IIS logs - Attempted Foldersync2010-11-11 07:46:15 192.168.0.145 POST /Microsoft-Server-ActiveSync/default.eas User=ceo&DeviceId=Appl87831W4QY7H&DeviceType=iPhone&Cmd=FolderSync&Log=V140_Ssnf:T_LdapC4_LdapL31_RpcC43_RpcL63_Cpo19640_Fet20000_S129_Error:DeviceIsBlockedForThisUser_As:BlockedG_Mbx:MCLAB02E14MBX01.mcLab02.internal_Dc:mcE2k3BE01.mcLab02.internal_Throttle0_Budget:(D)Conn%3a1%2cHangingConn%3a0%2cAD%3a%24null%2f%24null%2f1%25%2cCAS%3a%24null%2f%24null%2f1%25%2cAB%3a%24null%2f%24null%2f0%25%2cRPC%3a%24null%2f%24null%2f1%25%2cFC%3a1000%2f0%2cPolicy%3aDefaultThrottlingPolicy%5Fc91213d0-c573-482e-8597-05358b7dc97b%2cNorm%5bResources%3a(Mdb)Mailbox+Database+1556018512(Health%3a-1%25%2cHistLoad%3a0)%2c(DC)mcE2k3BE01.mcLab02.internal(Health%3a-1%25%2cHistLoad%3a0)%2c%5d_ 443 mclab02\ceo 10.71.80.7 Apple-iPhone1C2/801.306 200 0 0 20110

ABQ – Block

ABQ – Block - Cons

• Telling the Admins• No auto email• Can only allow the device by using PowershellGet-ActiveSyncDevice -mailbox ceo | where{$_.devicemodel -eq "iPhone"} | Set-CASMailbox -id CEO -ActiveSyncAllowedDeviceIDs ($_.DeviceId)

ABQ – Quarantine

• Account seems to sync fine• At first nothing is synchronized• GAL search fails• No calendar or contact information synced to device from mailbox• After the discovery process complete, the quarantine message is delivered to the device

ABQ – Quarantine

IIS logs - Discovery

2010-11-11 09:48:12 192.168.0.145 POST /Microsoft-Server-ActiveSync/default.eas User=e14mobiletester&DeviceId=Appl87831W4QY7H&DeviceType=iPhone&Cmd=FolderSync&Log=V140_St:S_LdapC1_RpcC17_RpcL15_Pk3408953401_As:DeviceDiscoveryG_Mbx:MCLAB02E14MBX01.mcLab02.internal_Throttle0_Budget:(A)Conn%3a0%2cHangingConn%3a0%2cAD%3a%24null%2f%24null%2f0%25%2cCAS%3a%24null%2f%24null%2f1%25%2cAB%3a%24null%2f%24null%2f0%25%2cRPC%3a%24null%2f%24null%2f1%25%2cFC%3a1000%2f0%2cPolicy%3aDefaultThrottlingPolicy%5Fc91213d0-c573-482e-8597-05358b7dc97b%2cNorm_ 443 mclab02\e14mobiletester 10.71.80.7 Apple-iPhone1C2/801.306 200 0 0 31

ABQ – Quarantine

ABQ – Limitations

• User Agent• Zero day exploits• Firmware level agnostic• ISA / TMG / other firewall solutions• manual powershell after the fact

Activesync - architecture ca

Airsync Protocol

Activesync features available in Exchange 2007 sp3

http://msdn.microsoft.com/en-us/library/aa996303(v=EXCHG.80).aspx

Activesync feature available in Exchange 2010 sp2

http://technet.microsoft.com/en-us/library/bb123484

List of Activesync build / features and what mobile devices implement

http://en.wikipedia.org/wiki/Comparison_of_Exchange_ActiveSync_Clients

Activesync - architecture ca

Internet facing CAS - [internal site CAS]- XSO RPC MBX

Partnership

Activesync - connectivity

Autodiscover

Activesync - connectivity

Direct Push

Activesync - connectivity ca

Affinity

Exchange ActiveSync Common Status CodesPing Command Status

Value Meaning

1 The heartbeat interval expired before any changes occurred in the folders being monitored. The client should reissue the Ping command request.

2 Changes occurred in at least one of the folders that were being monitored. The response includes the folders in which these changes have occurred.

3 The client Ping command request did not specify all of the necessary parameters. The client is expected to issue a Ping request that includes both the heartbeat interval and the folder list.

4 There has been a general error in the Ping request issued by the client, which can be caused by poorly formatted WBXML.

5 The heartbeat interval specified by the client is outside the range set by the server administrator. I f the specified interval was too great, the returned interval will be the maximum allowable value. I f the specified interval was too low, the returned interval will be the minimum allowable value.

6 The Ping command request specified more folders to monitor for changes than is allowed by the limit configured by the server administrator. The response specifies the limit in the MaxFolders element.

7 The client specified a folder that has been moved or deleted or the server that the client has been accessing has been upgraded from Exchange Server 2003 SP1 to SP2. The client should issue a FolderSync request.

Exchange ActiveSync Common Status Codes

Value Meaning

1 Success.

2 Protocol version mismatch.

3 Invalid sync key.

4 Protocol error.

5 Server error.

6 Error in client/server conversion.

7 Conflict matching the client and server object.

8 Object not found.

9 User account may be out of disk space.

10 An error occurred while setting the notification GUID.

11 Device has not been provisioned for notifications yet.

Sync Command Status

Search Command StatusValue Meaning

1 Success.

2 Protocol Error.

3 An error on the Exchange server occurred.

4 Bad Link.

5 Access Denied.

6 Not Found.

7 Connection Failed.

8 Too Complex.

9 Index not loaded.

10 TimeOut.

11 NeedToFolderSync.

12 EndOfRetrieveableRangeWarning.

FolderSync Command Status

Value Meaning

1 Success.

2 A folder with that name already exists.

3 Folder is a special folder.

4 Folder not found.

5 The specified parent folder was not found.

6 An error on the Exchange server occurred.

7 Access denied.

8 The request timed out.

9 Sync key mismatch or invalid sync key.

10 Misformatted request.

11 An unknown error occurred.

Server Response Status Codes:Server informs the device that there is mail in specific folder(s). Device then syncs only those folders, (though it may choose to sync others as well). The status code is used to indicate success, failure, timeout and other error conditions.

HTTP 200 OKContent-Type: ms.wbxmlPragma: no-cache <Status> 2 <\Status><Folders>

Example of PING Server Response

Activesync - troubleshooting

Scoping questions:• Is the device reaching the Internet facing

CAS?• Are all mobile devices affected?• Which CAS do we need to troubleshoot?• Is this an issue that’s well known?

Troubleshooting service

• the browser testhttps://CAS.contoso.com/microsoft-server-activesync/default.eashttps://mail.contoso.com/microsoft-server-activesync/default.eas

[501 method not implemented is the expected response]

https://www.testexchangeconnectivity.com

Test-ActiveSyncConnectivity

Event logs (Source: MSExchange ActiveSync)

IIS logs (requests to /microsoft-server-activesync)

EAS Mailbox device logging

Windows Mobile emulator

Failed request tracing

Perfmon

https://www.testexchangeconnectivity.com

Test-ActiveSyncConnectivity cmdlet

To Turn up Diagnostic Logging:Set-EventLogLevel –identity “MSExchange ActiveSync\*” –level Expert

Event Name="MailboxBackingOff"> Description: Exchange ActiveSync has encountered repeated failures when it tries to access data on Mailbox server [%1]. Exchange ActiveSync will temporarily stop making Exchange ActiveSync requests to the Mailbox server. The process will be postponed for [%2] seconds. This may be caused if the Mailbox server is overloaded. If this event is frequently logged, review the Application log for other events that could indicate the root cause of performance problems on the Mailbox server specified in the event description. Event ID: 1016 Event Type: Error Severity: Error Category: Server Level: LowestComment: Due to the frequency of failures with this back-end, Exchange ActiveSync will stop accessing this server for a short period of time.

Event Log Example

Log Example of WP7 Sync:2011-10-20 01:26:31 192.168.137.206 POST /Microsoft-Server-ActiveSync/default.eas Cmd=Sync&DeviceId=DCBDD36BB0199E795529F37F7&DeviceType=WP&Log=V141_Fc5_Fid:1_Ty:Ca_Filt4_St:S_Sk:1538807520_Sst1_SsCmt1_Srv:3a0c0d0s0e0r0A0sd_BR1_BPR0_Fid:10_Ty:Em_Filt3_St:S_Sk:2063964464_SsCmt1_Srv:6a0c0d0s0e0r0A0sd_BR1_BPR0_Fid:2_Ty:Co_Filt0_St:S_Sk:468224503_SsCmt1_Srv:2a0c0d0s0e0r0A0sd_BR1_BPR0_Fid:5_Ty:Em_Filt3_St:S_Sk:185102333_SsCmt1_Srv:7a0c0d0s0e0r0A0sd_BR1_BPR0_Fid:RI_Ty:Ri_Filt0_St:S_Sk:237668282_SsCmt1_Srv:1a0c0d0s0e0r0A0sd_BR0_BPR0_LdapC23_RpcC116_RpcL203_Pk1087184048_S1_As:AllowedG_Mbx:E2K10M.x.ExchLab.local_Throttle0_Budget:(A)Conn%3a0%2cHangingConn%3a0%2cAD%3a%24null%2f%24null%2f1%25%2cCAS%3a%24null%2f%24null%2f3%25%2cAB%3a%24null%2f%24null%2f0%25%2cRPC%3a%24null%2f%24null%2f2%25%2cFC%3a1000%2f0%2cPolicy%3aDefaultThrottlingPolicy%5Fb87d2830-9dcf-42fe-b04c-c708f8866a7e%2cNorm_&Translated=T 443 x\test-msft 192.168.137.254 - 200 0 0 593

W3SVC Log Example

W3SVC Log Breakdown - ElementsLetter

identifier Element name Definition Possible values

V Protocol version

The protocol version the device is using to synchronize with the Exchange server.

Value Meaning 120 Version 12 25 Version 2.5 21 Version 2.1 20 Version 2.0 10 Version 1.0

Ty Type The type of folder that's being synchronized.

Value Meaning Em E-mail Co Contacts Ca Calendar Ta Tasks

Fid Folder ID The ID of the folder that's being synchronized.

Positive Integer

Fc Folder count The number of folders that are being synchronized.

Positive Integer

Filt Filter type The data that the user requested. Value Meaning E-mail? Calendar? Tasks? 0 No filter Yes Yes Yes 1 1 day back Yes No No 2 3 days back Yes No No 3 1 week back Yes No No 4 2 weeks back Yes Yes No 5 1 month back Yes Yes No 6 3 months back No Yes No 7 6 months back No Yes No 8 Incomplete No No Yes

W3SVC Log Breakdown - ElementsSt Sync type The type of synchronization that's being performed. Value Meaning

F First sync S Subsequent R Recovery sync I Invalid sync

Sk Sync key The actual sync key that's used between the mobile phone and the Exchange server.

Positive integer

Cli: Client statistics

Stores the count of each type of activity from the Client. Output is in the form Cli: 0A0C3D1F0E.

Identifier value Meaning A Adds C Changes D Deletes F Fetches E Errors

Svr: Server statistics

Stores the count of each type of activity from the server. Output is in the form Svr:2A0C2D1F1E.

Identifier Meaning A Adds C Changes D Deletes F Fetches E Errors

E Number of errors

The number of errors encountered in a request. Positive integer

Io I tems opened The number of items that were opened. This feature hasn't yet been implemented.

Positive integer

Hb Heartbeat interval

The Heartbeat interval that's used for the PING command. Positive integer

W3SVC Log Breakdown - ElementsSsp SharePoint

documents The number of files that were accessed from Windows SharePoint Services.

Positive integer

Sspb SharePoint bytes The number of bytes that were accessed from Windows SharePoint Services.

Positive integer

Unc UNC files The number of files that were accessed through Windows file shares.

Positive integer

Uncb UNC bytes The number of bytes that were accessed through Windows file shares.

Positive integer

Att Attachments The number of attachments that were retrieved. Positive integer

Attb Attachment bytes The number of bytes that were retrieved for attachments. Positive integer

Pk Policy key received

The element that's used by the client and server to correlate acknowledgements to a particular policy setting.

Not applicable

Pa Policy acknowledge status

The element that indicates success if all the policy settings were applied correctly.

Value Meaning 1Policy was successfully applied 2Policy was partially applied 3Policy was not applied

W3SVC Log Breakdown - ElementsOof OOf action The action that is performed on the Out of

Office status stored on the Exchange server.

Value Meaning GetRetrieves the OOF status and message SetSets the OOF status and message

UserInfo User information action

The parameter that specifies retrieval of the user information data.

DevModel Device model The device information that is supplied by the device manufacturer.

Possible values include manufacturer name, model name, and model number.

DevIMEI IMEI The International Mobile Equipment Identity (IMEI ). I t is a 15-digit code that's assigned to each device.

String

DevName Device friendly name

This element stores the user's description of their device.

String

DevOS Device OS The operating system that is running on the device.

String

DevLang Device OS language

The localized language of the device operating system.

String

Error Error The error section of the request. String

S Status This element returns the status of the device.

String

R Not Relevant This element returns a count of items that have changed but aren't relevant to the mobile phone or device.

Positive integer

W3SVC Log Breakdown - ElementsPfs PerFolderStatus

BR BodyRequested

BPR BodyPartRequested

LdapC LdapCount

LdapL LdapLatency

RpcC RpcCount

RpcL RpcLatency

E NumErrors

Io NumItemsOpened

W3SVC Log Breakdown - ElementsDevAgent DeviceInfoUserAgent

Rto RequestTimedOut

Erq EmptyRequest

Ers EmptyResponse

Cpo CompletionOffset

Fet FinalElapsedTime

DevEnaSMS DeviceInfoEnableOutboundSMS

DevMoOp DeviceInfoMobileOperator

W3SVC Log Breakdown - ElementsRR NumberOfRecipientsToResolve

Fb "Fb"=AvailabilityRequested

Ct CertificatesRequested

Pic PictureRequested

As AccessStateAndReason

Ssu Ssu

Mbx MailboxServer

Dc DomainController

Throttle ThrottledTime

Log Example of WP7 Sync:2011-10-20 01:26:31 192.168.137.206 POST /Microsoft-Server-ActiveSync/default.eas Cmd=Sync&DeviceId=DCBDD36BB0199E795529F37F7&DeviceType=WP&Log=V141_Fc5_Fid:1_Ty:Ca_Filt4_St:S_Sk:1538807520_Sst1_SsCmt1_Srv:3a0c0d0s0e0r0A0sd_BR1_BPR0_Fid:10_Ty:Em_Filt3_St:S_Sk:2063964464_SsCmt1_Srv:6a0c0d0s0e0r0A0sd_BR1_BPR0_Fid:2_Ty:Co_Filt0_St:S_Sk:468224503_SsCmt1_Srv:2a0c0d0s0e0r0A0sd_BR1_BPR0_Fid:5_Ty:Em_Filt3_St:S_Sk:185102333_SsCmt1_Srv:7a0c0d0s0e0r0A0sd_BR1_BPR0_Fid:RI_Ty:Ri_Filt0_St:S_Sk:237668282_SsCmt1_Srv:1a0c0d0s0e0r0A0sd_BR0_BPR0_LdapC23_RpcC116_RpcL203_Pk1087184048_S1_As:AllowedG_Mbx:E2K10M.x.ExchLab.local_Throttle0_Budget:(A)Conn%3a0%2cHangingConn%3a0%2cAD%3a%24null%2f%24null%2f1%25%2cCAS%3a%24null%2f%24null%2f3%25%2cAB%3a%24null%2f%24null%2f0%25%2cRPC%3a%24null%2f%24null%2f2%25%2cFC%3a1000%2f0%2cPolicy%3aDefaultThrottlingPolicy%5Fb87d2830-9dcf-42fe-b04c-c708f8866a7e%2cNorm_&Translated=T 443 x\test-msft 192.168.137.254 - 200 0 0 593

W3SVC Log Example

W3SVC Log Example BreakdownProtocol Version 14.1

Type E-mail

Folder ID 10

Folder Count 5

Filter Type 3 days back

Sync Type Subsequent sync

Sync Key 2063964464

Status Success

BodyRequested 1

BodyPartRequested 0

Server Stats

Adds 6

Changes 0

Deletes 0

Soft-Deletes 0

Errors 0

LDAPCount 23

RPCCount 116

RPCLatency 203

PolicyKey 1087184048

Status 1

AccessStateandReason Allowed

Mailbox E2k10

Throttle 0

W3SVC Log Sample – Break it Down!

Example Ping command:&Log=V120_Hb780_S1

W3SVC Log – Too Easy!

Protocol Version 12Heartbeat Interval 780 sec (13min)Status 1 (Success)

Logparser "SELECT c-ip AS ClientIP, cs-username AS User, cs(User-Agent) AS Client, Count(cs-username) AS ExchangeHits from 'C:\Windows\System32\LogFiles\W3SVC1\ex*.log' WHERE cs-username IS NOT NULL GROUP BY User, c-ip, cs(User-Agent) ORDER BY ExchangeHits desc" -o:csv > Output.csv

ClientIP User Client ExchangeHits192.168.137.254 x\test-apple Apple-iPhone2C1/808.7 4324192.168.137.234 x\test-msft MSFT-WP7/4243.0 157192.168.137.224 x\test-android Android/0.3 132192.168.137.254 x\test-nokia NokiaE74/8800 1323

Log Parser Query and Results

Export-ActiveSyncLog Example

In order to discover additional data such as the user agent, we would need to run the Log Parser cmdlet as well or run an additional powershell cmdlet:Get-ActiveSyncDevice –Mailbox test-apple | fl DeviceUserAgent,Identity

Get-ActiveSyncDevice cmdlet

In Exchange 2007, we had to enable the Mailbox Logging within the Web.Config file in the <ExchangeInstallation>\Sync directory on the Exchange 2007 CAS serverBy default, the logging is off. It can be turned on and tweaked easily from CAS server’s web.config:

After the Exchange administrator turns on the logging and device starts syncing, a "Retrieve Log..." link will show on the OWA device page to let the device owner grab the log, which will be dropped into the Inbox as an attachment of an Action email, titled as "Log retrieved for device: XXXXXX". Source: http://msexchangeteam.com/archive/2007/05/30/439568.aspx

EAS Mailbox Logging

In Exchange 2010, the EAS Mailbox Logging must be enabled using Exchange Management Shell or within the ECP.

When you go to the Phones page in the control panel in Exchange 2010 and select a Device from the list (you can have more than one) you see a new option called Start Logging. This is a very easy way to get logs from a user after they reproduce their problem.

When the user clicks on the Start Logging button, the server runs some Exchange Management Shell cmdlets that initiate Exchange Active Sync logging and tracks all interaction with the device. Before the log is started, the user is explained what is going to take place.

EAS Mailbox Logging

When the user clicks Yes, the following cmdlets are executed:

Set-CasMailbox –ActiveSyncDebugLogging $true –Identity <userMailbox>

When the logging starts, the Start Logging changes to Retrieve Log; Once the Retrieve Log button is clicked, the following cmdlet is run:

Set-CasMailbox –ActiveSyncDebugLogging $false –Identity <userMailbox>

Then, then log is sent to the user which can also be done manually by running the following cmdlet:

Get-ActiveSyncDeviceStatistics –mailbox <userMailbox> -GetMailboxLog –NotificationEmailAddress <userEmail>

EAS Mailbox Logging

EAS Mailbox Logging is similar to device side loggingLog Entry: 70-----------------RequestTime : 10/20/2011 11:00:19 ServerName : E2K10CH AssemblyVersion : 14.01.0325.000 Identifier : 70F0FE13

EAS Mailbox Logging – WP7

RequestHeader : POST /Microsoft-Server-ActiveSync/default.eas?Cmd=Sync&DeviceId=DCBDD36BB0199E795529F37F7&DeviceType=WP HTTP/1.1Cache-Control: no-cacheConnection: Keep-AliveContent-Length: 112Content-Type: application/vnd.ms-sync.wbxmlAccept-Language: en-usAuthorization: ********Host: mail.exchlab.comReverse-Via: EXCHLAB-ISAMS-ASProtocolVersion: 14.1X-MS-PolicyKey: 1087184048

RequestBody : <?xml version="1.0" encoding="utf-8" ?>

</Collection><Collection>

</Collection></Collections>

<HeartbeatInterval>1380</HeartbeatInterval></Sync> WasPending : [Response was pending]

ResponseHeader : HTTP/1.1 200 OKMS-Server-ActiveSync: 14.1 ResponseBody : <?xml version="1.0" encoding="utf-8" ?><Sync xmlns="AirSync:">

…</ApplicationData>

</Add></Commands>

</Sync> ResponseTime : 10/20/2011 11:01:46

RequestBody : <?xml version="1.0" encoding="utf-8" ?><Sync xmlns="AirSync:">

</Collection></Collections><HeartbeatInterval>1380</HeartbeatInterval><Partial/>

</Sync>

Log Entry: 61-----------------RequestTime : 10/20/2011 12:29:45 ServerName : E2K10CH AssemblyVersion : 14.01.0325.000

Identifier : 6E3B9610 RequestHeader : POST /Microsoft-Server-ActiveSync/default.eas?User=test-apple&DeviceId=Appl889333NP&DeviceType=iPhone&Cmd=Ping HTTP/1.1Connection: Keep-AliveContent-Length: 0Accept: */*Accept-Language: en-usAuthorization: ********Host: mail.exchlab.comUser-Agent: Apple-iPhone2C1/808.7Reverse-Via: EXCHLAB-ISAMs-Asprotocolversion: 14.0X-Ms-Policykey: 2891930116

RequestBody :

WasPending : [Response was pending]

EAS Mailbox Logging - iPhone

ResponseHeader : HTTP/1.1 200 OKMS-Server-ActiveSync: 14.1 ResponseBody : <?xml version="1.0" encoding="utf-8" ?><Ping xmlns="Ping:">

</Ping> ResponseTime : 10/20/2011 12:30:30

Log Entry: 62----------------- RequestTime : 10/20/2011 12:31:01

……….

ResponseHeader : HTTP/1.1 200 OKMS-Server-ActiveSync: 14.1 ResponseBody : <?xml version="1.0" encoding="utf-8" ?><Sync xmlns="AirSync:">

ResponseTime : 10/20/2011 12:31:01

Log Entry: 63-----------------RequestTime : 10/20/2011 12:31:01

Identifier : 3BB1439B RequestHeader : POST /Microsoft-Server-ActiveSync/default.eas?User=test-apple&DeviceId=Appl889333NP&DeviceType=iPhone&Cmd=Sync HTTP/1.1<Sync xmlns="AirSync:">

……….<Fetch>

ResponseHeader : HTTP/1.1 200 OKMS-Server-ActiveSync: 14.1

ResponseBody : <?xml version="1.0" encoding="utf-8" ?><Sync xmlns="AirSync:">

</BodyPreference></Options>

EAS Mailbox Logging – iPhone ???

</Sync> SyncCommand_GenerateResponsesXmlNode_AddChange_ConvertServerToClientObject_Exception : Microsoft.Exchange.AirSync.ChangeTrackingItemRejectedException at Microsoft.Exchange.AirSync.ChangeTrackingFilter.Filter(XmlNode xmlItemRoot, Nullable`1[] oldChangeTrackingInformation) at Microsoft.Exchange.AirSync.SyncCollection.ConvertServerToClientObject(ISyncItem syncItem, XmlNode airSyncParentNode, SyncOperation changeObject, GlobalInfo globalInfo) at Microsoft.Exchange.AirSync.SyncCollection.<>c__DisplayClassd.<GenerateCommandsXmlNode>b__4(SyncOperation changeObject) LogicalRequest : <?xml version="1.0" encoding="utf-8" ?><Sync xmlns="AirSync:">

-----------------

Log Entry: 69-----------------

RequestTime : 10/20/2011 12:49:23 ServerName : E2K10CHAssemblyVersion : 14.01.0325.000

Identifier : 7FF1CC78RequestHeader :

POST /Microsoft-Server-ActiveSync/default.eas?User=test-apple&DeviceId=Appl889333NP&DeviceType=iPhone&Cmd=Ping HTTP/1.1

Connection: Keep-AliveContent-Length: 15Content-Type: application/vnd.ms-sync.wbxmlAccept: */*Accept-Language: en-usAuthorization: ********Host: mail.exchlab.comUser-Agent: Apple-iPhone2C1/808.7Reverse-Via: EXCHLAB-ISAMs-Asprotocolversion: 14.0

X-Ms-Policykey: 2891930116RequestBody : <?xml version="1.0" encoding="utf-8" ?>

</Ping>

-----------------

Log Entry: 70-----------------RequestTime :

10/20/2011 13:01:53 ServerName : E2K10CHAssemblyVersion : 14.01.0325.000

Identifier : 24B088EB RequestHeader :

Connection: Keep-AliveContent-Length: 15Content-Type: application/vnd.ms-sync.wbxmlAccept: */*Accept-Language: en-usAuthorization: ********Host: mail.exchlab.comUser-Agent: Apple-iPhone2C1/808.7Reverse-Via: EXCHLAB-ISAMs-Asprotocolversion: 14.0X-Ms-Policykey: 2891930116RequestBody : <?xml version="1.0" encoding="utf-8" ?>

</Ping>

-----------------

Log Entry: 71-----------------RequestTime :

10/20/2011 13:15:21 ServerName : E2K10CHAssemblyVersion : 14.01.0325.000

Identifier : 47C28128 RequestHeader :

Connection: Keep-AliveContent-Length: 15Content-Type: application/vnd.ms-sync.wbxmlAccept: */*Accept-Language: en-usAuthorization: ********Host: mail.exchlab.comUser-Agent: Apple-iPhone2C1/808.7Reverse-Via: EXCHLAB-ISAMs-Asprotocolversion: 14.0X-Ms-Policykey: 2891930116 RequestBody : <?xml version="1.0" encoding="utf-8" ?>

</Ping>

The following component tags in EXTRA should be enabled to trace Exchange ActiveSync requests.

MSExchangeSync\*

If one is required to check sync requests to the mailbox level to track message changes or deletes (to include calendaring changes and deletes), then the following tags are recommended and helpful to enable on the mailbox server

Store\tagCalendarChange, tagCalendarDelete, tagMessageChange, tagMessageDelete

NOTE: These will help identify who or what device changed and deleted the message or calendar item

The following component tags in EXTRA should be enabled to trace Exchange ActiveSync requests.

MSExchangeSync\*

If one is required to check sync requests to the mailbox level to track message changes or deletes (to include calendaring changes and deletes), then the following tags are recommended and helpful to enable on the mailbox server

Store\tagCalendarChange, tagCalendarDelete, tagMessageChange, tagMessageDelete

NOTE: These will help identify who or what device changed and deleted the message or calendar item

Calendar Diagnostic Logging

Run EXTRA

Click Trace Control and OK to prompt

Configure and Set manual trace tags

Select Types, Components and Tags

Start, Repro the issue, then Stop trace

This would require Windows Mobile Emulator to run on the internal network against the CAS.

The CAS /Microsoft-Server-ActiveSync Virtual Directory would also need to have SSL Requirement unchecked to run the device against it while capturing the traffic.

To download and install Windows Mobile Emulator, see http://blogs.technet.com/b/exchange/archive/2007/09/17/3403937.aspx

Network Captures

Failed Request Tracing (FREB)

<?xml version="1.0" encoding="UTF-8" ?><?xml-stylesheet type='text/xsl' href='freb.xsl'?><failedRequest url="https://mail.exchlab.com:443/Microsoft-Server-ActiveSync/default.eas?Cmd=FolderSync&DeviceId=DCBDD36BB0199E795529F37F7&DeviceType=WP" siteId="1" appPoolId="MSExchangeSyncAppPool" processId="5212" verb="POST" remoteUserName="x\test-msft" userName="x\test-msft" tokenUserName="X\test-msft" authenticationType="Basic" activityId="{00000000-0000-0000-CB00-0080000000F5}" failureReason="STATUS_CODE" statusCode="401.3" triggerStatusCode="401.3" timeTaken="0" xmlns:freb="http://schemas.microsoft.com/win/2006/06/iis/freb"

FREB Log Example

<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="WWW Server" Guid="{3A2A4E84-4C21-4981-AE10-3FDA0D9B0F83}"/> <EventID>0</EventID> <Version>1</Version> <Level>4</Level> <Opcode>10</Opcode> <Keywords>0x80</Keywords> <TimeCreated SystemTime="2011-10-20T03:32:15.560Z"/> <Correlation ActivityID="{00000000-0000-0000-CB00-0080000000F5}"/> <Execution ProcessID="5212" ThreadID="5316"/> <Computer>E2K10CH</Computer> </System> <EventData> <Data Name="ContextId">{00000000-0000-0000-CB00-0080000000F5}</Data> <Data Name="FileName">C:\Program Files\Microsoft\Exchange Server\V14\ClientAccess\sync\default.eas</Data> <Data Name="UserName">test-msft</Data> <Data Name="DomainName">X</Data> </EventData> <RenderingInfo Culture="en-US"> <Opcode>FILE_CACHE_ACCESS_START</Opcode> <Keywords> <Keyword>Cache</Keyword> </Keywords> </RenderingInfo> <ExtendedTracingInfo xmlns="http://schemas.microsoft.com/win/2004/08/events/trace"> <EventGuid>{AC1D69F1-BF33-4CA0-9313-BCA13873E1DC}</EventGuid> </ExtendedTracingInfo></Event>

FREB Log Example

<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="WWW Server" Guid="{3A2A4E84-4C21-4981-AE10-3FDA0D9B0F83}"/> <EventID>0</EventID> <Version>1</Version> <Level>4</Level> <Opcode>11</Opcode> <Keywords>0x80</Keywords> <TimeCreated SystemTime="2011-10-20T03:32:15.560Z"/> <Correlation ActivityID="{00000000-0000-0000-CB00-0080000000F5}"/> <Execution ProcessID="5212" ThreadID="5316"/> <Computer>E2K10CH</Computer> </System> <EventData> <Data Name="ContextId">{00000000-0000-0000-CB00-0080000000F5}</Data> <Data Name="Successful">false</Data> <Data Name="FileFromCache">false</Data> <Data Name="FileAddedToCache">false</Data> <Data Name="FileDirmoned">true</Data> <Data Name="LastModCheckErrorIgnored">true</Data> <Data Name="ErrorCode">2147942405</Data> <Data Name="LastModifiedTime"></Data> </EventData> <RenderingInfo Culture="en-US"> <Opcode>FILE_CACHE_ACCESS_END</Opcode> <Keywords> <Keyword>Cache</Keyword> </Keywords> <freb:Description Data="ErrorCode">Access is denied. (0x80070005)</freb:Description> </RenderingInfo> <ExtendedTracingInfo xmlns="http://schemas.microsoft.com/win/2004/08/events/trace"> <EventGuid>{AC1D69F1-BF33-4CA0-9313-BCA13873E1DC}</EventGuid> </ExtendedTracingInfo></Event>

FREB Log Example

Activesync - performance

Throttling

• EASMaxConcurrency : 10• EASPercentTimeInAD :• EASPercentTimeInCAS : • EASPercentTimeInMailboxRPC :• EASMaxDevices : 10• EASMaxDeviceDeletesPerMonth :

Trending analysis

• using AD tools since partnership is kept in leaf objectCsvde –d “cn=users,DC=Contoso,DC=com” –r (objectclass=msexchactivesyncdevice) -l dn,msExchDeviceUserAgent,whenChanged,whenCreated –f c:\allExchange2010mobiledevicepartnerships.csv

"CN=iPhone§Appl87831W4QY7H,CN=ExchangeActiveSyncDevices,CN=e14MobileTester,CN=Users,DC=Contoso,DC=com",20101111173928.0Z,20101111173948.0Z,Apple-iPhone1C2/802.117"CN=PocketPC§BAD73E6E02156460E800185977C03182,CN=ExchangeActiveSyncDevices,CN=e14manager,CN=Users,DC=Contoso,DC=com",20101231183218.0Z,20101231183326.0Z,MSFT-PPC/5.2.5001"CN=WP§C01D49121ABAFAFD3C72924235668667,CN=ExchangeActiveSyncDevices,CN=wp7user,CN=Users,DC=Contoso,DC=com",20110421115008.0Z,20110421115100.0Z,MSFT-WP/7.0.7390"CN=iPhone§Appl87831W4QY7H,CN=ExchangeActiveSyncDevices,CN=iuser01,CN=Users,DC=Contoso,DC=com",20110426120447.0Z,20110426120505.0Z,Apple-iPhone1C2/803.148…

• Compare this to the shell approach. From Management ShellGet-Mailbox alias | Get-ActivesyncDeviceStatistics | ft identity,DeviceType,DeviceModel

Log Parser Studio

The following tables shows ActiveSync service counters for Exchange 2010. The following counters may be able to assist in troubleshooting performance issues:MSExchange ActiveSync\Ping Commands PendingMSExchange ActiveSync\Sync Commands PendingMSExchange ActiveSync\Requests QueuedMSExchangeIS\RPC RequestsMSExchangeIS\RPC Average LatencyMSExchangeIS Client (*)\RPC Average Latency

For CAS: http://technet.microsoft.com/en-us/library/ff367877.aspx

For Mailbox, see http://technet.microsoft.com/en-us/library/ff367871.aspx

Performance Monitor ca

© 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

exchange active sync troubleshooting

c t pabq block

c t plogic flow

pabq quarantine account

block access

device access rule

current mobile device

current device

quarantine message

Education

tibco activematrix bpm troubleshooting guide · dependent...

cloudy vision: how cloud integration complicates...

troubleshooting of passive cabling and active...

11 active directory maintenance, troubleshooting, and...

6425c: configuring and troubleshooting windows server 2008...

active directory troubleshooting, auditing, and best … ·...

troubleshooting active directory lingering...

troubleshooting network performance issues with active...

w11 server active sync

digi embedded - compel.ru€¦ · internet browser pnp ......

troubleshooting techniques for microsoft active...

domino active directory sync details

exchange active sync for developers

ecosine active sync - schaffner.com

microsoft, active sync, active x, excel, hotmail, infopath,...

active directory troubleshooting, auditing, and best · pdf...

active directory sync with lotus adsync

technical catalog november 2019 - schaffner · power...

active directory troubleshooting

scenari di utilizzo di una mail con active sync (exchange)