Solved

searching exchange logs

Posted on 2014-11-05
9
273 Views
Last Modified: 2014-11-30
I am using exchange 2013, and I've ran the following PS command, but it's not very good,as it doesn't tell me much.

get-messagetrackinglog -resultsize unlimited -sender "sender@domain.com" -start "date" -end "date" | out-gridview

So you can see from the attache screen that it actually doesn't show date/time in the output, which is not very helpful.

Also, my problem is that I have a user that said he sent an email at 7:33 am, but no one every received it, as it went to a DL.  So how can I research this to see why exchange never sent the email.  The strange thing is that when a different user sent out an email to the same DL, it worked fine.

Any ideas?  How can I search in exchange, in the ECP, as that will be easier to search?

error
0
Comment
Question by:afacts
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
9 Comments
 
LVL 43

Assisted Solution

by:Amit
Amit earned 100 total points
ID: 40425504
First check if user is allowed to send email to that DL
0
 

Author Comment

by:afacts
ID: 40425509
Yes he is, but how do I check that, because I thought anyone can send email to a DL?
0
 
LVL 5

Assisted Solution

by:Dave Gould
Dave Gould earned 400 total points
ID: 40425812
By default, using out-gridview only shows a limited number of columns but you can change what is displayed by using select. ie :
get-messagetrackinglog -resultsize unlimited -sender sender@domain.com | select EventId, Source, timestamp, recipients, messagesubject |out-gridview

Also, if you have more thzan one mail hub, you shoul prefix the command with get-TransportServer

ie
get-TransportServer | get-messagetrackinglog -resultsize unlimited .....etc
0
Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

 

Author Comment

by:afacts
ID: 40426663
I don't think I do.

Also, how can I follow every transaction and the sequence and why it failed?

Is there any way to search for what I'm looking for in the ECP?
0
 
LVL 5

Expert Comment

by:Dave Gould
ID: 40427961
First check the eventid. Did you see the mail in question in the transport logs?
If so what eventID's does it show?
Does your exchange send directly to the Internet or does it go via a relay?
You might want to check the transport logs on the server. (should be something like "exchange\TransportRoles\Logs\ProtocolLog\SmtpSend\SENDyyyymmdd-1.log"
0
 

Author Comment

by:afacts
ID: 40435871
well, my logs are here:
transportroles\logs\hub\protocol\smtpsend
There's no files in that folder

Then for the smtpreceive:
transportroles\logs\hub\protocol\smtpreceive
There's only 1 file from over 1 month ago, with a 0 kb

Apparently either logging is turned off, or they are somewhere else?

Not sure what to do?
0
 

Author Comment

by:afacts
ID: 40436320
I did a search in powershell, and here's what came up, now what do I do this this, how can I research this further to see why the routing failed.  Why didn't the email from home get sent correctly?

error
0
 
LVL 5

Accepted Solution

by:
Dave Gould earned 400 total points
ID: 40439331
First of all, it does appear that your protocol logging is turned off so you might want to turn it on for future issues. This is done on the "log settings" tab on the hub server settings via the EMC console.

On the tracking log, you have an HAREDIRECTFAIL. This is for the shadow redundancy in a multi server environment. you can turn it off if you are not using the HA features. Here is a useful link giving more info:
http://technet.microsoft.com/en-us/library/jj657506(v=exchg.150).aspx

On the other hand, it is difficult to see where the routing fail comes from
0
 

Author Comment

by:afacts
ID: 40440451
Hello Dave,

Are you referring to servers -> servers -> and then "transport logs" section?
Both Message tracking log and connectivity log settings are enabled.
If you're referring about another place, then I'm not sure what you're referring to?

I'll review the website you mentioned.

I only have 1 exchange server, so I do not have any HA enabled.

I can't believe that it's this hard to try to fire out why an email that a user sent internally did not get delivered to other users internally.  Every user is an internal user, so that just frustrates me as why Microsoft makes it so hard.

So are there any commands I need to know to be able to run that will give me more information about why it failed?
0

Featured Post

Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

As cyber crime continues to grow in both numbers and sophistication, a troubling trend of optimization has emerged over the last year.
This article will help to fix the below errors for MS Exchange Server 2013 I. Certificate error "name on the security certificate is invalid or does not match the name of the site" II. Out of Office not working III. Make Internal URLs and Externa…
This video discusses moving either the default database or any database to a new volume.
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question