Tracking messages in the two-CAS environment

Hello!

There are two CAS servers - Exch1 and Exch2, the user connection point - mail.testcompany.com - uses dns round-robin to point either to Exch1 or Exch2. Outbound internet connector resides on Exch1.

User3 connects to https://mail.testcompany.com (this time that was Exch1) and sends two test messages (one of them to the outside receipient). I want to make sure I can find these messages in the logs.

Exch1:

- that's what I'm expecting to  see.

Exch2:


Q1: Why do both exchange servers show these two messages - as far as I get it a single message can't be sent through two servers simulteniously?

Q2: Why does Exchange GUI shows both messages while PS only one?

Thank you in advance,

Michael



  • Edited by MF47 Friday, August 28, 2015 10:23 AM
August 28th, 2015 10:20am

"My guess would be the message that shows the count of 2 is the one with multiple recpeients on it (Subject: TEst1) and the message that says count 1 is the single recpient (Test2)." - yes, theoreticaly this could be, ... but sounds rather strange to me.

But in any case, both Exchange GUI and PS must display the same nubmer of messages - how their figures may differ(Q2)???


  • Edited by MF47 Sunday, August 30, 2015 9:01 AM
Free Windows Admin Tool Kit Click here and download it now
August 29th, 2015 2:59pm

"There is no way to retrieve message tracking log using GUI in Exchange 2013. The one you see is message not message tracking log." - Why do you think so???

http://msexchangeguru.com/2015/03/10/message-tracking/

"Using Shell to view Message Tracking Reports:

We can view the message tracking report using Exchange Management Shell:

Get-MessageTrackingLog

Tracking Message using the Exchange Admin Console (Delivery Reports):

Delivery reports for administrators using the Exchange admin center (EAC) to search message tracking logs of a specific mailbox. We can search for messages sent by or to the mailbox, search a message using subject etc. These delivery reports only has the subject line of the message & we cannot see the body of the message.

We can do the following to track the delivery report:

Go to EAC > Mail Flow ->Click on Delivery Reports => Mailbox."

Regards,

Michael




  • Edited by MF47 Monday, August 31, 2015 8:33 AM
August 31st, 2015 8:31am

As you can see in the post, from EAC, what you get is Delivery Report. It's different from message tracking log.

  • Delivery report, tells you which email is delivered and which is not.
  • Message tracking log, tells you every action Exchange server takes against an email message.

You may also notice that delivery report has only 4 columns while message tracking log has 10 times more than that.

Delivery report comes from message tracking log but it's only a subset of it. As I said, if you need to retrieve message tracking log, you have to use EMS.


  • Edited by Li Zhen Monday, August 31, 2015 9:55 AM
Free Windows Admin Tool Kit Click here and download it now
August 31st, 2015 9:54am

Sorry, I should have posted it earlier: I'm using this code for parsing tracking log:

$Messages = get-messagetrackinglog -server Exch2 -EventID "SEND" -Start (get-date).AddDays(-6) -ResultSize unlimited
$messages | where{$_.sender -like "user3@TestCompany.com"} | select sender | group sender | sort count -Descending | ft count,name

Would you please tell me if there's any error that prevents displaying all messages sent (for example, during a day) by User3?

Thank you in advance,

Michael

September 1st, 2015 6:55am

I would suggest you stay with delivery report because there is no simple command can achieve what you want.

  • The outbound (sent) message is logged as event RECEIVE in message tracking log. It may sounds strange to you but this is how it works.
  • With the RECEIVE event, you still can not determine whether it is really delivered to recipient. You have to look for other event, such as FAIL, which may reside in a different mailbox server. You may even need to search for NDR in certain scenario.

  • Edited by Li Zhen 17 hours 14 minutes ago
Free Windows Admin Tool Kit Click here and download it now
September 1st, 2015 10:14am

"The outbound (sent) message is logged as event RECEIVE in message tracking log. It may sounds strange to you but this is how it works." - this is because the definition  of SEND field-
"SEND A message was sent by SMTP between transport services."

-is correct only for messages sent between services and does NOT include the messages submitted from a mailbox?

September 1st, 2015 10:42am

As I mentioned, message submitted (sent) from a mailbox is logged as RECEIVE event.

Free Windows Admin Tool Kit Click here and download it now
September 1st, 2015 11:13am

By default, the message tracking log only gets messages sent through the specified server using the -Server parameter or the local server if the parameter is not specified. If you want logs for all Exchange 2013 mailbox servers or Exchange 2007/2010 hub transport servers, you can use the below:

$startdate = [datetime]::Now.AddDays(-1)
$enddate = [datetime]::Now

$HTServers = "server1","server2"    
$messageSubject = "subject"
    foreach($HTServer in $HTServers)
        {
            $emails += Get-MessageTrackingLog -Start $Start -End $End -ResultSize Unlimited -Server $HTServer -MessageSubject $messageSubject -Sender sender@company.com
        }

Let me know if that's what you're after.

Thanks.

September 1st, 2015 2:08pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics