Activesync logging in Exchange 2003 and 2007
In this topic we will discuss the different tools or components that can be used to generate logs when troubleshooting Activesync issues. Let's start with Exchange 2003 :
1. Nextags. This software can be obtained from Microsoft PSS and is the best tool available for tracing Activesync in Exchange 2003. It is a small executable file that only needs to be copied, not installed, on an Exchange server running Activesync (usually a Front-end server). It has countless tags that can be used for tracing, and if their names are too confusing you can use the buttons User, Errors, Warning or Info which will activate the corresponding tags. Output can be traced to a file directly, and the tracing can be filtered for one or more users. Here is an example of a Nextags fragment showing a 400 error :
09/25/09 13:46:36 Dump of HTTP response for ConnId [0x010B7198] User [username]
HTTP/1.1 400 Bad Request
Content-Type: text/html
Date: Fri, 25 Sep 2009 13:46:36 GMT
Connection: close
Content-Length: 46
<h1>Bad Request (Request Header Too Long)</h1>
2. IIS logs. These logs show the date, time, client IP address and port, device type and device ID along with the HTTP status code for mobile connections.
Here is a sample:
2009-12-30 07:47:40 W3SVC1 10.102.100.203 PROPFIND /exchange/username/NON_IPM_SUBTREE/Microsoft-Server-ActiveSync/iPhone/Appl879400V23NP - 80 domain\username 10.102.100.203 Microsoft-Server-ActiveSync/6.5.7638.1 503 0 0
Exchange 2007 :
1. Nextags is no longer needed in Exchange 2007 (and quite possibly, doesn't work with E2K7) because we now have the MSExchangeSync component in ExTRA (Exchange Troubleshooting Assistant, included in Exchange 2007). ExTRA trace control with this component enabled will create a very detailed ETL trace of Activesync activity, that can be converted and analyzed by PSS.
2. IIS logs. These can now be parsed using the Export-ActiveSyncLog Powershell command.The output contains a large number of items, whose meanings are explained here:
https://technet.microsoft.com/en-us/library/bb201675(EXCHG.80).aspx - Exchange ActiveSync Reporting Services
In both Exchange 2007 and 2003, we also have device logs, that can be enabled by going into Activesync, Menu, Configure Server, hit Next two times, then Menu again, Advanced, and select Verbose in the Event logging drop-down list. The logs are generated into Windows\Activesync on the device and look like this:
-=-=-=- Start of Body -=-=-=-
<?xml version="1.0" encoding="utf-8"?><MeetingResponse xmlns="MeetingResponse:"><Request><UserResponse>1</UserResponse><CollectionId>e7f2c5f82fbb2b4eba0ad65f2c7cccf1-101b822</CollectionId><RequestId>3:2</RequestId></Request></MeetingResponse>
=-=- [15/04/2010 14:18:38.000] -=-=
=-=-=-= Server Response =-=-=-
HTTP/1.1 200 OK
Date: Thu, 15 Apr 2010 12:18:26 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Pragma: no-cache
Content-Type: application/vnd.ms-sync.wbxml
Content-Length: 29
MS-Server-ActiveSync: 6.5.7638.1
Connection: close
In addition, there are other logs that can be worth checking, although they are not Activesync specific:
1. Server's application log. Some of the HTTP error codes are logged here an can be useful (for instance when the user's mailbox is over-quota, or if the mailbox server cannot be reached)
2. HTTPERR logs. This is the http.sys log output, showing information about connections and requests. Here is what it looks like:
2009-12-01 08:26:36 192.168.10.118 52157 172.16.50.110 443 HTTP/1.1 POST /Microsoft-Server-ActiveSync?User=username&DeviceId=Appl8184305RY7H&DeviceType=iPhone&Cmd=Ping - 1 Connection_Abandoned_By_AppPool ExchangeApplicationPool
2009-12-01 08:26:36 192.168.10.118 52160 172.16.50.110 443 HTTP/1.1 POST /Microsoft-Server-ActiveSync?User=username&DeviceId=Appl5K9381H13NP&DeviceType=iPhone&Cmd=Ping - 1 Connection_Abandoned_By_AppPool ExchangeApplicationPool
3. Wfetch. This tool can be used to test a number of features like HTTP verbs, Authentication, Client-certificate support, host names. You can download the tool and read about its usage here :
https://support.microsoft.com/kb/284285/EN-US/ - HOW TO: Use Wfetch.exe to Troubleshoot HTTP Connections