Activesync and User-id

Announcements

ATTENTION Customers, All Partners and Employees: The Customer Support Portal (CSP) will be undergoing maintenance and unavailable on Saturday, November 7, 2020, from 11 am to 11 pm PST. Please read our blog for more information.

Reply
Highlighted
L4 Transporter

Activesync and User-id

I recently determined that activesync clients do not leave any traces in the Event logs when they get their email form Exchange 2007.  Problem is I was banking on this as I was building our network.

Do Activesync clients with Exchange 2010 leave events that can be used by the user-IP mapping process?

What are others doing with non AD bound clients as for UserID?  Captive portal?  I would like to avoid captive portal if possible because of the relatively short timeout.

Thanks

Bob

Highlighted
L3 Networker

Hi Bob, the front end exchange server should log the event in the security log. Starting in version 4.1 the user ID agent has an option to point to an exchange server for this purpose.

Highlighted
L4 Transporter

Thank you for your reply.  I do see an initial event log she the activesync account is setup on my iPads, but once the account is active, I see no additional events.  Can you verify that you see additional events  after the initial setup?

i did inherit the exchange server in question and it is a mess., so it may be something i inherited.

thanks for your time,

bob

Highlighted
L3 Networker

The ActiveSync logon event is recorded in the security log on the domain controller that the Exchange server was connected to at the time of the connection, the problem is that it records the IP address of the Exchange server rather than the IP of the connecting device. When you set up which DCs to query  (under Discovery) in the user ID agent you have the option to select the server type, in this case choose Exchange as the type and the host name or IP address of your Exchange server running the client access server role. This will tell the agent to query the exchange specific logs for the logon event. I believe it queries the IIS logs for this info. Let me know if this helps.

Thanks

John

Highlighted
L4 Transporter

John,

Thanks for your help.  Just an FYI that I also have a case open on this problem.  Also not that I am currently on Exchange 2007, it might be that newer versions of exchange act differently.

As best I can tell, the only time activesync shows an event in any event log is during the setup process.  Which is fine, but the ip-user info never gets updated and the timer keeps ticking.  However, the activesync keep alive process leaves a constant flow of information in the IIS Logs and it appears that the User-ID agent does not query those logs.

I would like to suggest that someone at PA might want to take a look at this, what with the influx of non-domain devices flooding IT depts!

My guess is someone at PA could hammer out a script for scraping the IIS logs and passing the info via the API in about 2 minutes!

Any help would be appreciated,

Bob

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!