Exchange 2007 ActiveSync reporting

Increase in the number of mobile users using Exchange ActiveSync has grown rapidly over the years. iPhone and Windows mobile capturing market nowadays, its extremely important for exchange admins to monitor and report their usage real-time.
There have been instances where Exchange design solutions where implemented not knowing the exact impact of OWA and ActiveSync users and the load balancing CAS servers went unresponsive.

This article stresses on the importance and processes for a term well used in Exchange 2007 – Exchange ActiveSync reporting.

The best part is, we don’t have to install any tools or additional software’s for this, the Exchange 2007 power shell does the trick.

I am going to explain two cmd-lets in this article, one for all IIS logs in the W3SVC folder and one for a Single IIS log file. The process of extracting Exchange ActiveSync users with mobile devices is known as PARSING and this process was rather a hectic one in Exchange 2003.

Create a folder: C:\ActiveSync_reporting. Keep in mind that the IIS logs in a windows 2008 machine is stored in “C:\inetpub\logs\LogFiles”.

This is for all files in the logs folder:

Get-Childitem “C:\inetpub\logs\LogFiles\W3SVC1″ where-object {$_.lastwritetime -gt $DateToCompare} ForEach { Export-ActiveSyncLog -FileName $_.FullName -OutputPath “C:\ActiveSync_reporting” -OutputPrefix $_.Name.Replace(“.log”,”_”) -UseGMT:$true}

Output will be 6 files as shown:

Length Name
—————————
u_ex100411_Users.csv
u_ex100411_Servers.csv
u_ex100411 _Hourly.csv
u_ex100411_StatusCodes.csv
u_ex100411_PolicyCompliance.csv
u_ex100411_UserAgents.csv

u_ex100412_Users.csv
u_ex100412_Servers.csv
u_ex100412_Hourly.csv
u_ex100412_StatusCodes.csv
u_ex100412_PolicyCompliance.csv
u_ex100412_UserAgents.csv

If we need output for just a single IIS log:

Export-ActiveSyncLog -FileName “C:\inetpub\logs\LogFiles\W3SVC1\u_ex100410.log” -UseGMT:$true -OutputPath “C:\ActiveSync_reporting

Length Name
———————–
u_ex100410_Users.csv
u_ex100410_Servers.csv
u_ex100410_Hourly.csv
u_ex100410_StatusCodes.csv
u_ex100410_PolicyCompliance.csv
u_ex100410_UserAgents.csv

The most important file in the output is Users.csv which shows:

1. Username
2. Device ID
3. Device type
4. Hits on the CAS server

With the StatusCodes.csv, we can create a report based on http code status and find device-server communication health:

200 – Authentication pass
400 – Bad/invalid request
401 and 403 – Unauthorized/server refusing request
404 – File not found
449 – Retry
500 – Server error
503 – Service unavailable