Issue:
-
Not able to track the emails by using Exchange
Management Console or Exchange Management Shell.
Error
Message: -
Message tracking fails with 'The server software
doesn't support the type of search requested' for only a SINGLE user in org
What
is the use of Message Tracking Logs: -
If you want to track messages using the shell, the
magic cmdlet to remember is Get-MessageTrackingLog. It’s capable of doing
wonderful things very quickly.
Message
Tracking log fields: -
First, let’s take a look at a typical record in
the tracking log. A single message generates multiple records in the log, one
for each message tracking event. Familiarity with the fields and the kind of
information they contain will help you filter and find what you’re looking for.
If you frequently use message tracking for troubleshooting or otherwise, this
familiarity can be rewarding.
Timestamp : 8/19/2013 12:03:46 PM
ClientIp : 10.250.10.14
ClientHostname : EXCHMBX01.learnexchange.com
ServerIp : 10.250.10.10
ServerHostname : mail.learnexchange.com
SourceContext : 08CAEC7BADA2C89C
ConnectorId : Default
Source : SMTP
EventId : SEND
InternalMessageId : 566
MessageId :
<8ae81f81e2d0bc45b53db7d1661e75b801a4e86bc6d2@exchmbx01.learnexchange.com>
Recipients : {Gengaiyan@learnexchange.com}
RecipientStatus : {250 2.1.5 harish@learnexchange.com
}
TotalBytes : 21097
RecipientCount : 1
RelatedRecipientAddress :
Reference :
MessageSubject : Welcome Message.
Sender : Gengaiyan@learnexchange.com
ReturnPath : Gengaiyan@learnexchange.com
MessageInfo : 08/19/2013 12:03:38 PM
Filtering
Message Tracking Logs: -
You can filter Message Tracking logs by the
following properties:
Start:
End
By default, Message Tracking logs are kept for a maximum of 30 days. If you’re
trying to find a message that may have been sent or received in the last day or
two, or a specific period, it’s inefficient to search 30 days’ worth of logs.
It’s a good idea to narrow down the search by specifying a start time, and
preferably the end time as well.
Event
ID:
This is by far one of the more important parameters of Message Tracking logs
that we need to understand. Whereas Exchange Server 2003/2000′s Message
Tracking log was an easy-to-use application that shielded the user from this
complexity, it also provided much less flexibility. Message Tracking logs have
a lot of details about a message as it originates from an internal user or
external sender, and makes its way through the different stages of message
routing and transfer, and finally gets delivered (or not). You can now track
messages based on these events.
Sender:
Sender’s SMTP address
Recipients:
SMTP address(es) of one or more recipients
MessageSubject:
The subject field in the message header
MessageID:
This is the MessageID in the header. It is constant for the lifetime of a
message, and can be used to track messages across different mail systems.
InternalMessageID:
An integer field assigned by the Exchange 2007 server that is currently
processing the message. The same message will have a different
InternalMessageID on different Exchange servers.
Message Tracking Events: -
DEFER:
Message delivery delayed
DELIVER:
Message
delivered to a mailbox
DSN:
A
delivery status notification was generated.
Messages quarantined by the Content Filter are
also delivered as DSNs. The recipient’s field has the SMTP address of the
quarantine mailbox.
EXPAND:
Distribution
Group expanded. The RelatedRecipientAddress field has the SMTP address of the
Distribution Group.
FAIL:
Delivery
failed. The RecipientStatus field has more information about the failure,
including the SMTP response code. You should also look at the Source and
Recipients fields when inspecting messages with this event.
POISONMESSAGE:
Message added to or
removed from the poison queue
RECEIVE:
Message
received. The Source field is STOREDRIVER for messages submitted by Store
Driver (from
a Mailbox
server), or SMTP for messages
a) received from another Hub/Edge
b) received from an external (non-Exchange) host
using SMTP
c) submitted by SMTP clients such as POP/IMAP
users.
REDIRECT: Message redirected to
alternate recipient
RESOLVE:
Generally
seen when a message is received on a proxy address and resolved to the default
email address. The RelatedRecipientAddress field has the proxy address the
message was sent to. The recipient’s field has the default address it was
resolved (and delivered) to.
SEND:
Message
sent by SMTP. The ServerIP and ServerHostName parameters have the IP address
and hostname of the SMTP server.
SUBMIT: The Microsoft
Exchange Mail Submission service on a Mailbox server successfully notified a
Hub Transport server that a message is awaiting submission (to the Hub). These
are the events you’ll see on a Mailbox server.
The SourceContext property provides the MDB Guid,
Mailbox Guid, Event sequence number, Message class, Creation timestamp, and
Client type. Client type can be User (Outlook MAPI), RPCHTTP (Outlook Anwhere),
OWA, EWS, EAS, Assistants, Transport.
TRANSFER:
Message
forked because of content conversion, recipient limits, or transport agents
Finding
messages
Here are some examples that show how to use
different parameters such as sender, recipients, start and end times to find
messages. These examples demonstrate the power of the Exchange shell and how it
can help you be very productive when managing Exchange 2010/2007 using this
great new too.
1.
Find messages by sender:
Get-MessageTrackingLog -sender “Gengaiyan@learnexchange.com”
2.
Find messages by recipient:
Get-MessageTrackingLog -recipients “Gengaiyan@hotmail.com”
3.
Messages received or messages delivered to the mailbox: You can further
separate or constrain these by message received:
Get-MessageTrackingLog -sender “Gengaiyan@learnexchange.com”
-eventID RECEIVE
and messages delivered to the mailbox
Get-MessageTrackingLog -sender “Gengaiyan@learnexchange.com”
-eventID DELIVER
4.
Start and End date/time: To further constrain these by Start and End times:
Get-MessageTrackingLog -sender Gengaiyan@learnexchange.com
-eventID DELIVER -Start “08/19/2013 9:00AM” -End “08/19/2013 5:00PM”
Formatting
output
To show only selected fields, you can pipe the
output to the Select-Object command, and specify the fields required. Here we
want the timestamp, recipients, and subject fields:
Get-MessageTrackingLog -sender “Gengaiyan@learnexchange.com”
-eventID DELIVER -Start “08/19/2013 9:00AM” -End “08/19/2013 5:00PM” | Select
timestamp,recipients,messagesubject
To get all fields from a message in a list format,
you can pipe the output into a fl (format list).
By default, the Get-MessageTrackingLog command
returns up to 1000 results. This can be hard to work with in a command screen
that keeps scrolling endlessly. In addition to the above parameters used to
filter the logs, you can also restrict the number of results returned using the
ResultSize parameter.
Get-MessageTrackingLog -sender “Gengaiyan@learnexchange.com”
-eventID DELIVER -Start “08/19/2013 9:00AM” -End “08/19/2013 5:00PM”
-ResultSize 100
Resolution:
-
1. By
default Microsoft supports up to 49 proxy address can associate with single
mailbox. If you have more than 49 + proxy address remove unnecessary proxy
addresses and force the AD replication or wait for 15 minutes to get replicate
across AD servers.
2. Verify
whether any external domain proxy addresses associated with problematic account
properties, if you found something remove it and wait for AD Replication.
3. MSExchangeTransportLogSearch.exe
service have 32KB limit and Microsoft confirmed that this is product issue and
Programmers are working on this issue.
Thanks
Keep Visiting