There are several things that can occur when you have a faulty device connected via ActiveSync to your Exchange 2010 environment. There could be increased exchange logging, high CPU usage etc… This is a quick and easy way to get a look at the devices that are connecting to you Client Access Server, the type of request being made, and any possibly excessive activity.
Using the “Export-ActiveSyncLog” cmdlet to parse IIS logs for statistics
1. Logon to the CAS server accepting the ActiveSync connections.
2. Create a folder for the Output. In this example I will use “d:\Output”.
3. Navigate to the directory where the IIS logs logging the ActiveSync and OWA activity are stored. In this example it is “c:\inetpublogs\LogFiles\W3SVC1” and find the log for the day you would like to parse. In this example I will use the log from 8/20/2012 which is “u_ex120820.log”
4. Open the Exchange Management Shell as administrator and enter the following command changing the “-filename” parameter to use the path to the IIS logs on your CAS server and the output directory to a directory you have created:
Export-ActiveSyncLog -filename C:\inetpublogsLogFiles\W3SVC1\u_ex120820.log -outputpath d:\output
Five files will be written to the directory that was specified in the command (in this case “d:\output”)
Output for this command if executed correctly will look as follows:
Copy the files that were created to a machine that has Microsoft Excel for viewing.
The most useful file for troubleshooting out of the 5 written is “Users.csv”. When you open the users.csv file can check the various columns such as “hits” to see if any particular user has an excessive number in comparison to all other users. Depending on the issue, you may notice that a user may be the only user that has a value greater than zero for the particular column. In the example file below we only have 5 users and there isn’t currently and issue occurring.
Verifying the problem ActiveSync User
If the problem is occurring at the present time, once you believe you have identified the user causing the issue you can disable their ActiveSync access in their mailbox properties under the “Mailbox” features tab as shown below and see if the issue subsides. (Depending on your environment may take about 15 minutes or more until you see the issue diminish after disabling this). Another method of verifying that a particular user’s device is causing the issue is to contact the suspected problem ActiveSync User and ask them to shut down the device altogether to see if these issue stops.
I hope this helps with your ActiveSync troubleshooting. As always, if you have any questions or feedback, please leave a comment.