Exchange 2010: Options for ActiveSync error analysis

In most environments, the Windows Event Viewer is a good first port of call to identify ActiveSync problems. In environments with multiple CAS servers, the logs of each CAS server must be checked.

The Windows Event Log can be filtered according to the source "MSExchange ActiveSync":

Parallel to the event display, the general function can also be checked using the test CMDlet:

test-activesyncconnectivity | ft -autosize

The test CMDLet checks the basic function of ActiveSync, but does not test completely, because upstream proxies or firewalls are not checked. However, if errors occur at this point, then the problem is most likely local to the Exchange server.

If only a few users report problems, you should also check whether a corresponding ActiveSync device is connected to the mailbox at all. The Exchange Management Shell provides the most detailed information on ActiveSync devices for a mailbox:

Get-ActiveSyncDevice -mailbox frank@frankysweb.de

In the screenshot above you can see 2 ActiveSync devices, which values are displayed depends on the device. It is therefore quite normal if no IMEI or phone number etc. is displayed. However, if you take a closer look at the output, you will quickly find features on how a device can be identified. Apple devices, for example, pass the serial number preceded by Appl.... under DeviceID.

The following command provides a further overview with additional data (e.g. last successful synchronization)

Get-ActiveSyncDevice -mailbox frank@frankysweb.de | Get-ActiveSyncDeviceStatistics

If several users report problems at the same time, or the Windows EventLog does not provide any indications of problems, the "Remote Connectivity Analyzer" can be used to narrow down the cause. ExRCA attempts to establish a connection to a mailbox via ActiveSync and provides an overview of where the problem lies.

In larger environments, this test should also be carried out with caution, as the connection will run against one of the CAS servers. It is therefore conceivable that ActiveSync does not work on one of two CAS servers and a load balancer routes the test connection to the working server.

 

Verbose mode should be activated in order to obtain the most detailed log file possible. To do this, it is necessary to adjust the web.config of the IIS. The web.config for ActiveSync can be found under the following path:

C:\Program Files\Microsoft\Exchange Server\V14\ClientAccess\Sync\web.config

The following line must now be searched for in this file:

<add key=“EnableMailboxLoggingVerboseMode“ value=“false“></add>

The value in the line must be changed to "True".

Switch on ActiveSync logging:

Set-CasMailbox -ActiveSyncDebugLogging $true -Identity frank@frankysweb.de

Switch off ActiveSync logging:

Set-CasMailbox -ActiveSyncDebugLogging $false -Identity frank@frankysweb.de

Send log to e-mail address for evaluation:

Get-ActiveSyncDeviceStatistics -mailbox frank@frankysweb.de -GetMailboxLog:$true -NotificationEmailAddress <a href="mailto:administrator@frankysweb.de">administrator@frankysweb.de
</a>

Here is an example of an entry in the log:

-----------------
Log Entry: 0
-----------------
RequestTime :
07/22/2014 19:45:57
ServerName :
FWEX1
AssemblyVersion :
14.03.0178.000
Identifier :
6DFCA76A
RequestHeader :
POST /Microsoft-Server-ActiveSync/default.eas?User=frank&DeviceId=ApplDxxxxxxxxxxxx&DeviceType=iPad&Cmd=Sync HTTP/1.1
Connection: keep-alive
Content-Length: 55
Content-Type: application/vnd.ms-sync.wbxml
Accept: */*
Accept-Encoding: gzip, deflate
Accept-Language: de-de
Authorization: ********
Host: 10.5.64.48
User-Agent: Apple-iPad3C6/XXXX.XXX
X-MS-PolicyKey: 403651353
MS-ASProtocolVersion: 14.1
RequestBody :
AccessState :
Allowed
AccessStateReason :
DeviceRule
DeviceAccessControlRule :
iPad3C6 (DeviceModel)
ResponseHeader :
HTTP/1.1 200 OK
MS-Server-ActiveSync: 14.3
ResponseBody :
[No XmlResponse]
ResponseTime :
07/22/2014 19:45:57

And here is an excerpt when an e-mail was sent:

-----------------
Log Entry: 41
-----------------
RequestTime :
07/22/2014 23:22:51
ServerName :
FWEX1
AssemblyVersion :
14.03.0178.000
Identifier :
7497A626
RequestHeader :
POST /Microsoft-Server-ActiveSync/default.eas?User=frank&DeviceId=ApplDxxxxxxxxxxxx&DeviceType=iPad&Cmd=SendMail HTTP/1.1
Connection: keep-alive
Content-Length: 362
Content-Type: application/vnd.ms-sync.wbxml
Accept: */*
Accept-Encoding: gzip, deflate
Accept-Language: de-de
Authorization: ********
Host: 192.168.200.1
User-Agent: Apple-iPad3C6/XXXX.XXX
X-MS-PolicyKey: 403651353
MS-ASProtocolVersion: 14.1
RequestBody :
5F1ADC97-B1C5-4682-8636-85A49F7E94D5
Content-Type: text/plain;
charset=us-ascii
Content-Transfer-Encoding: 7bit
Subject: Test 22.7.14
From: frank@frankysweb.de
Message-Id: 
Date: Tue, 22 Jul 2014 23:22:49 +0200
To: "Frank"
Mime version: 1.0 (1.0)
AccessState :
Allowed
AccessStateReason :
DeviceRule
DeviceAccessControlRule :
iPad3C6 (DeviceModel)
ResponseHeader :
HTTP/1.1 200 OK
MS-Server-ActiveSync: 14.3
ResponseBody :
[No XmlResponse]
ResponseTime :
07/22/2014 23:22:51

If nothing conspicuous can be found in the ActiveSync log, upstream devices such as load balancers and/or firewalls should also be checked. ActiveSync only requires port 443 (HTTPS).

Since ActiveSync connections are accepted by the IIS server on the CAS servers, a look at the IIS logs can also be helpful, here again a small example from the IIS logs:

2014-07-22 21:10:13 10.5.64.48 POST /Microsoft-Server-ActiveSync/default.eas User=frank&DeviceId=ApplXXXXXXXXXXXXXX&DeviceType=iPhone&Cmd=Ping&Log=V141_LdapC1_Hb1800_S3_Error:PingCollisionDetected_Mbx:fwex1.frankysweb.local_Throttle0_Budget:(D)Conn%3a1%2cHangingConn%3a0%2cAD%3a%24null%2f%24null%2f0%25%2cCAS%3a%24null%2f%24null%2f3%25%2cAB%3a%24null%2f%24null%2f0%25%2cRPC%3a%24null%2f%24null%2f2%25%2cFC%3a1000%2f0%2cPolicy%3aDefaultThrottlingPolicy%5Fde04ebea-11ae-4c00-8dee-42fa87cde440%2cNorm_ 443 frankysweb\frank 172.18.1.10 Apple-iPhone6C2/1104.257 200 0 64 200772
2014-07-22 21:10:14 10.5.64.48 POST /Microsoft-Server-ActiveSync/default.eas User=frank&DeviceId=ApplXXXXXXXXXXXXXX&DeviceType=iPhone&Cmd=Sync&Log=V141_Fc1_Fid:23_Ty:Em_Filt5_St:S_Sk:1573892238_Sst166_SsCmt166_BR1_BPR0_LdapC1_LdapL15_RpcC44_RpcL156_Ers1_Pk1146660600_S1_As:AllowedG_Mbx:fwex1.frankysweb.local_Throttle0_Budget:(A)Conn%3a0%2cHangingConn%3a0%2cAD%3a%24null%2f%24null%2f0%25%2cCAS%3a%24null%2f%24null%2f1%25%2cAB%3a%24null%2f%24null%2f0%25%2cRPC%3a%24null%2f%24null%2f1%25%2cFC%3a1000%2f0%2cPolicy%3aDefaultThrottlingPolicy%5Fde04ebea-11ae-4c00-8dee-42fa87cde440%2cNorm_ 443 frankysweb\frank8 172.18.1.10 Apple-iPhone6C2/XXXX.XXX 200 0 0 312
2014-07-22 21:10:14 10.5.64.48 POST /Microsoft-Server-ActiveSync/default.eas Cmd=FolderSync&User=frankysweb.local%5Cse1281&DeviceId=androidc3972&DeviceType=SonyC5503&Log=V141_St:S_LdapC3_LdapL16_RpcC21_RpcL15_Pk2630211936_As:AllowedG_Mbx:fwex1.frankysweb.local_Dc:sdc01013.frankysweb.local_Throttle0_Budget:(A)Conn%3a0%2cHangingConn%3a0%2cAD%3a%24null%2f%24null%2f1%25%2cCAS%3a%24null%2f%24null%2f0%25%2cAB%3a%24null%2f%24null%2f0%25%2cRPC%3a%24null%2f%24null%2f0%25%2cFC%3a1000%2f0%2cPolicy%3aDefaultThrottlingPolicy%5Fde04ebea-11ae-4c00-8dee-42fa87cde440%2cNorm_ 443 franksyweb\frank 172.18.1.7 SonyC5503/4.4.2-EAS-1.4 200 0 0 312
2014-07-22 21:10:15 10.5.64.48 POST /Microsoft-Server-ActiveSync/default.eas User=frank&DeviceId=ApplXXXXXXXXXXXXXX&DeviceType=iPad&Cmd=Ping&Log=V141_LdapC3_Hb900_S3_Error:PingCollisionDetected_Mbx:fwex1.frankysweb.local_Dc:sdc01013.frankysweb.local_Throttle0_Budget:(D)Conn%3a1%2cHangingConn%3a0%2cAD%3a%24null%2f%24null%2f0%25%2cCAS%3a%24null%2f%24null%2f0%25%2cAB%3a%24null%2f%24null%2f0%25%2cRPC%3a%24null%2f%24null%2f0%25%2cFC%3a1000%2f0%2cPolicy%3aDefaultThrottlingPolicy%5Fde04ebea-11ae-4c00-8dee-42fa87cde440%2cNorm_ 443 frankysweb\frank 172.18.1.10 Apple-iPad3C6/XXXX.XXX 200 0 64 885003

There are therefore many places to look for the cause of a problem, and a look at the "Known problems" list could also be helpful:

http://support.microsoft.com/kb/2563324/en-us