?
Solved

get-logonstatistics on Exchange 2010 not showing IP Address.

Posted on 2015-02-08
8
Medium Priority
?
1,486 Views
Last Modified: 2015-02-09
Exchange Server 2010 SP3 RU8 Enterprise 64 bit
Windows 2008 R2 Server 64 bit

run this (this is what I ran on Exchange 2007)

get-logonstatistics myuser | sort-object clientipaddress | format-table username,clientipaddress,logontime,clientversion >c:\util\logon.txt

No client ip address appears

UserName                      ClientIPAddress               LogonTime                     ClientVersion
--------                                    ---------------                        ---------                             -------------
myuser                                                               2/3/2015 3:03:51 PM           3587.0.32992.2
myuser                                                               2/4/2015 3:09:13 PM           3587.0.32992.2
myuser                                                               2/3/2015 3:03:51 PM           3587.0.32992.2
myuser                                                               2/3/2015 3:03:51 PM           3587.0.32992.2
myuser                                                               2/3/2015 3:04:35 PM           3587.0.32992.2


I have this in my registry

3.Locate and then click the following registry subkey:
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\CancelRPC
Note If the CancelRPC key does not exist, create this key. To do this, follow these steps: •Click to select the Outlook subkey.
•On the Edit menu, point to New, and then click Key.
•Type CancelRPC, and then press ENTER.
•Select the CancelRPC subkey, and then go to step 4.

4.On the Edit menu, point to New, and then click DWORD Value.
5.Type EnablePerfTracking, and then press ENTER.
6.On the Edit menu, click Modify.
7.Type 28, and then click OK.

But then I found this

Exchange 2010


The above steps do not work for Exchange 2010. However, you can obtain client IP information from the log files in the following folder on your Client Access Server (CAS).


\Program Files\Microsoft\Exchange Server\v14\Logging\RPC Client Access

The log files are named RCA_date-#.log (where date is the date the log was collected and # is an index number starting at 1). This logging is enabled by default, so you should not have to make any configuration changes to collect this information.


I reviewed some of those log files and did not see the ip address yes possible I was not looking at the correct lines.


Does anyone have a example of how to report this information now?  Powershell script  example would be great.

I do have Logparser 2,2 installed any example of that ?

Thanks in advance
0
Comment
Question by:Thomas Grassi
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 4
8 Comments
 
LVL 4

Accepted Solution

by:
Praveen Kumar Bonala earned 2000 total points
ID: 40597081
Please check following link and let me know the status:

http://msexchangeguru.com/2012/12/06/find-device-ip/
0
 
LVL 23

Author Comment

by:Thomas Grassi
ID: 40597183
Praveen

I saw that link before thanks

Just installed Advance Logging on IIS 7

How long before the logs start building in the advance Log folder?

Still looking for a report I can run to show the ip address of my clients.
0
 
LVL 4

Expert Comment

by:Praveen Kumar Bonala
ID: 40597191
You can check immediately..
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
LVL 23

Author Comment

by:Thomas Grassi
ID: 40597220
Sorry no logs collected as of yet been almost 1 hour now.


Do I need to restart IIS?

The instructions you posted did not say you needed to restart IIS

Also I tried logging on as a client from closing outlook and starting again

Also tried using web mail

My iphone also

No logs entries yet
0
 
LVL 4

Expert Comment

by:Praveen Kumar Bonala
ID: 40597403
Restart not required,
It should create logs with out restarting IIS, please cross check once that you have enabled advanced logging option.
if same problem persist try with restarting the IIS.
0
 
LVL 23

Author Closing Comment

by:Thomas Grassi
ID: 40597436
Praveen

I had to restart IIS

After restarting IIS the advancedlog file appeared with the starting records.

Will start to see client records soon I hope.

Thanks for this..

Still need a report any Logparser examples for this log file?
0
 
LVL 4

Expert Comment

by:Praveen Kumar Bonala
ID: 40597574
0
 
LVL 23

Author Comment

by:Thomas Grassi
ID: 40599599
Praveen

My logs are creating files but I see no data in the logs


#Software: IIS Advanced Logging Module
#Version: 1.0
#Start-Date: 2015-02-09 03:43:42.579
#Fields:  date time cs-uri-stem cs-uri-query s-contentpath sc-status s-computername cs(Referer) sc-win32-status sc-bytes cs-bytes X-Forwarded-For cs-username c-ip





Any thoughts?
0

Featured Post

Bringing Advanced Authentication to the SMB Market

WatchGuard announces the acquisition of advanced authentication provider, Datablink, with one mission – to bring secure authentication to SMB, mid-market, and distributed enterprises with a cloud-based solution, ideal for resale via their established channel & MSSP community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article will help to fix the below error for MS Exchange server 2010 I. Out Of office not working II. Certificate error "name on the security certificate is invalid or does not match the name of the site" III. Make Internal URLs and External…
In the absence of a fully-fledged GPO Management product like AGPM, the script in this article will provide you with a simple way to watch the domain (or a select OU) for GPOs changes and automatically take backups when policies are added, removed o…
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to: http://www.codetwo.com/excha…
Suggested Courses

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question