I recently determined that activesync clients do not leave any traces in the Event logs when they get their email form Exchange 2007. Problem is I was banking on this as I was building our network.
Do Activesync clients with Exchange 2010 leave events that can be used by the user-IP mapping process?
What are others doing with non AD bound clients as for UserID? Captive portal? I would like to avoid captive portal if possible because of the relatively short timeout.
Hi Bob, the front end exchange server should log the event in the security log. Starting in version 4.1 the user ID agent has an option to point to an exchange server for this purpose.
Thank you for your reply. I do see an initial event log she the activesync account is setup on my iPads, but once the account is active, I see no additional events. Can you verify that you see additional events after the initial setup?
i did inherit the exchange server in question and it is a mess., so it may be something i inherited.
thanks for your time,
The ActiveSync logon event is recorded in the security log on the domain controller that the Exchange server was connected to at the time of the connection, the problem is that it records the IP address of the Exchange server rather than the IP of the connecting device. When you set up which DCs to query (under Discovery) in the user ID agent you have the option to select the server type, in this case choose Exchange as the type and the host name or IP address of your Exchange server running the client access server role. This will tell the agent to query the exchange specific logs for the logon event. I believe it queries the IIS logs for this info. Let me know if this helps.
Thanks for your help. Just an FYI that I also have a case open on this problem. Also not that I am currently on Exchange 2007, it might be that newer versions of exchange act differently.
As best I can tell, the only time activesync shows an event in any event log is during the setup process. Which is fine, but the ip-user info never gets updated and the timer keeps ticking. However, the activesync keep alive process leaves a constant flow of information in the IIS Logs and it appears that the User-ID agent does not query those logs.
I would like to suggest that someone at PA might want to take a look at this, what with the influx of non-domain devices flooding IT depts!
My guess is someone at PA could hammer out a script for scraping the IIS logs and passing the info via the API in about 2 minutes!
Any help would be appreciated,
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!