Transcript
1. Activesync troubleshooting architecture connectivity troubleshooting performance 2. Activesync - architectureSecurity• SSL for encryption and server ID validation• AD credentials or client certificates for authentication• Activesync Mailbox policies• Remote Wipe architecture connectivity troubleshooting performance 3. Activesync - architectureSecurity• SSL for encryption and server ID validation• AD credentials or client certificates for authentication• Activesync Mailbox policies• Remote Wipe architecture connectivity• Allow/Block/Quarantine• Throttling troubleshooting performance 4. Activesync – architecture -ABQ a c t pLogic Flow• Is the mobile device authenticated? If not, challenge the mobile device for the correct credentials. Otherwise, go on to the next step.• Is Exchange ActiveSync enabled for the current user? If not, return an "access restricted" error to the device. Otherwise, go on to the next step.• Are the mobile policy enforcement criteria met by the current mobile device? If not, block access. Otherwise, go on to the next step.• Is this mobile device blocked by a personal exemption for the user? If so, block access. Otherwise, go on to the next step.• Is this mobile device allowed by a personal exemption for the user? If so, grant full access. Otherwise, go on to the next step.• Is this mobile device blocked by a device access rule? If so, block access. Otherwise, go on to the next step.• Is this mobile device quarantined by a device access rule? If so, quarantine the device. Otherwise, go on to the next step.• Is this mobile device allowed by a device access rule? If so, grant full access. Otherwise, go on to the next step.• Apply the default access state per the Exchange ActiveSync organizational settings. This grants access, blocks access, or quarantines the current device, depending on the organizational settings. 5. Activesync – architecture -ABQ a c t pABQ - Block 6. Activesync – architecture -ABQ a c t pABQ - Block 7. Activesync – architecture -ABQ a c t pABQ - Block 8. Activesync – architecture -ABQ a c t pABQ - Block 9. Activesync – architecture -ABQ a c t pABQ - Block 10. Activesync – architecture -ABQ a c t pABQ - Block 11. Activesync – architecture -ABQ a c t pABQ - Block 12. Activesync – architecture -ABQ a c t pABQ - Block 13. Activesync – architecture -ABQ a c t pABQ - Block 14. Activesync – architecture -ABQ a c t pABQ – BlockIIS logs - Provisioning V0 200 15. Activesync – architecture -ABQ a c t pABQ – BlockIIS logs - Attempted Foldersync Error:DeviceIsBlockedForThisUser_As:BlockedG 200 16. Activesync – architecture -ABQ a c t pABQ – Block 17. Activesync – architecture -ABQ a c t pABQ – Block - Cons• Telling the Admins• No auto email• Can only allow the device by using PowershellGet-ActiveSyncDevice -mailbox ceo | where{$_.devicemodel -eq "iPhone"} | Set-CASMailbox -id CEO -ActiveSyncAllowedDeviceIDs ($_.DeviceId) 18. Activesync – architecture -ABQ a c t pABQ – Quarantine 19. Activesync – architecture -ABQ a c t pABQ – Quarantine• Account seems to sync fine• At first nothing is synchronized• GAL search fails• No calendar or contact information synced to device from mailbox• After the discovery process complete, the quarantine message is delivered to the device 20. Activesync – architecture -ABQ a c t pABQ – QuarantineIIS logs - Discovery As:DeviceDiscoveryG 200 21. Activesync – architecture -ABQ a c t pABQ – Quarantine 22. Activesync – architecture -ABQ a c t pABQ – Quarantine 23. Activesync – architecture -ABQ a c t pABQ – Quarantine 24. Activesync – architecture -ABQ a c t pABQ – Quarantine 25. Activesync – architecture -ABQ a c t pABQ – Quarantine 26. Activesync – architecture -ABQ a c t pABQ – Quarantine 27. Activesync – architecture -ABQ a c t pABQ – Quarantine 28. Activesync – architecture -ABQ a c t pABQ – Quarantine 29. Activesync – architecture -ABQ a c t pABQ – Quarantine 30. Activesync – architecture -ABQ a c t pABQ – Quarantine 31. Activesync – architecture -ABQ a c t pABQ – Quarantine 32. Activesync – architecture -ABQ a c t pABQ – Limitations• User Agent• Zero day exploits• Firmware level agnostic• ISA / TMG / other firewall solutions• manual powershell after the fact 33. Activesync - architecture a c t pAirsync ProtocolActivesync features available in Exchange 2007 sp3http://msdn.microsoft.com/en-us/library/aa996303(v=EXCHG.80).aspxActivesync feature available in Exchange 2010 sp2http://technet.microsoft.com/en-us/library/bb123484List of Activesync build / features and what mobile devices implementhttp://en.wikipedia.org/wiki/Comparison_of_Exchange_ActiveSync_Clients 34. Activesync - architecture a c t pISAPI 35. Activesync - architectureInternet facing CAS- [internal site CAS]- XSO RPC MBX architecture connectivity troubleshooting performance 36. Activesync - architectureInternet facing CAS- [internal site CAS]- XSO RPC MBX architecture connectivity troubleshooting performance 37. Activesync - architecturePartnership architecture connectivity troubleshooting performance 38. Activesync - architecturePartnership architecture connectivity troubleshooting performance 39. Activesync - connectivityAutodiscover architecture connectivity troubleshooting performance 40. Activesync - connectivityDirect Push architecture connectivity troubleshooting performance 41. Activesync - connectivity a c t p 42. Activesync - connectivity a c t p 43. Activesync - connectivity a c t p 44. Activesync - connectivity a c t p 45. Activesync - connectivity a c t p 46. Activesync - connectivity a c t p 47. Activesync - connectivity a c t p 48. Activesync - connectivity a c t p 49. Activesync - connectivity a c t pAffinity 50. Exchange ActiveSync Common Status Codes Ping Command Status Value Meaning 1 The heartbeat interval expired before any changes occurred in the folders being monitored. The client should reissue the Ping command request. 2 Changes occurred in at least one of the folders that were being monitored. The response includes the folders in which these changes have occurred. 3 The client Ping command request did not specify all of the necessary parameters. The client is expected to issue a Ping request that includes both the heartbeat interval and the folder list. 4 There has been a general error in the Ping request issued by the client, which can be caused by poorly formatted WBXML. 5 The heartbeat interval specified by the client is outside the range set by the server administrator. If the specified interval was too great, the returned interval will be the maximum allowable value. If the specified interval was too low, the returned interval will be the minimum allowable value. 6 The Ping command request specified more folders to monitor for changes than is allowed by the limit configured by the server administrator. The response specifies the limit in the MaxFolders element. 7 The client specified a folder that has been moved or deleted or the server that the client has been accessing has been upgraded from Exchange Server 2003 SP1 to SP2. The client should issue a FolderSync request. 51. Exchange ActiveSync Common Status Codes Sync Command Status Value Meaning 1 Success. 2 Protocol version mismatch. 3 Invalid sync key. 4 Protocol error. 5 Server error. 6 Error in client/server conversion. 7 Conflict matching the client and server object. 8 Object not found. 9 User account may be out of disk space. 10 An error occurred while setting the notification GUID. 11 Device has not been provisioned for notifications yet. 52. Exchange ActiveSync Common Status Codes Search Command Status Value Meaning 1 Success. 2 Protocol Error. 3 An error on the Exchange server occurred. 4 Bad Link. 5 Access Denied. 6 Not Found. 7 Connection Failed. 8 Too Complex. 9 Index not loaded. 10 TimeOut. 11 NeedToFolderSync. 12 EndOfRetrieveableRangeWarning. 53. Exchange ActiveSync Common Status Codes FolderSync Command Status Value Meaning 1 Success. 2 A folder with that name already exists. 3 Folder is a special folder. 4 Folder not found. 5 The specified parent folder was not found. 6 An error on the Exchange server occurred. 7 Access denied. 8 The request timed out. 9 Sync key mismatch or invalid sync key. 10 Misformatted request. 11 An unknown error occurred. 54. Example of PING Server Response 55. Activesync - troubleshootingScoping questions:• Is the device reaching the Internet facing CAS?• Are all mobile devices affected?• Which CAS do we need to troubleshoot?• Is this an issue that’s well known? architecture connectivity troubleshooting performance 56. Activesync - troubleshootingTroubleshooting service• the browser testhttps://CAS.contoso.com/microsoft-server-activesync/default.eashttps://mail.contoso.com/microsoft-server- architecture connectivityactivesync/default.eas [501 method not implemented is the expectedresponse] troubleshooting performance 57. Activesync - troubleshootinghttps://www.testexchangeconnectivity.comTest-ActiveSyncConnectivityEvent logs (Source: MSExchange ActiveSync) architecture connectivityIIS logs (requests to /microsoft-server-activesync)EAS Mailbox device loggingWindows Mobile emulator troubleshooting performanceFailed request tracingPerfmon 58. https://www.testexchangeconnectivity.com 59. Test-ActiveSyncConnectivity cmdlet 60. Event Log Example 61. W3SVC Log Example _Fid:10_Ty:Em_Filt3_S t:S_Sk:2063964464_SsCmt1_Srv:6a0c0d0s0e0r0A0sd_BR1_BPR0_ _LdapC23_RpcC116_RpcL203_Pk1087184048_S1_As:AllowedG_Mbx:E2K10M.x.ExchLab.loc al_Throttle0_Budget:( 62. W3SVC Log Breakdown - Elements Letter Element identifier name Definition Possible values V Protocol The protocol version the device is Value Meaning version using to synchronize with the 120 Version 12 Exchange server. 25 Version 2.5 21 Version 2.1 20 Version 2.0 10 Version 1.0 Ty Type The type of folder thats being Value Meaning synchronized. Em E-mail Co Contacts Ca Calendar Ta Tasks Fid Folder ID The ID of the folder thats being Positive Integer synchronized. Fc Folder count The number of folders that are Positive Integer being synchronized. Filt Filter type The data that the user requested. Value Meaning E-mail? Calendar? Tasks? 0 No filter Yes Yes Yes 1 1 day back Yes No No 2 3 days back Yes No No 3 1 week back Yes No No 4 2 weeks back Yes Yes No 5 1 month back Yes Yes No 6 3 months back No Yes No 7 6 months back No Yes No 8 Incomplete No No Yes 63. W3SVC Log Breakdown - Elements St Sync type The type of synchronization thats being performed. Value Meaning F First sync S Subsequent R Recovery sync I Invalid sync Sk Sync key The actual sync key thats used between the mobile phone and Positive integer the Exchange server. Cli: Client Stores the count of each type of activity from the Client. Output Identifier value statistics is in the form Cli: 0A0C3D1F0E. Meaning A Adds C Changes D Deletes F Fetches E Errors Svr: Server Stores the count of each type of activity from the server. Output Identifier Meaning statistics is in the form Svr:2A0C2D1F1E. A Adds C Changes D Deletes F Fetches E Errors E Number of The number of errors encountered in a request. Positive integer errors Io Items opened The number of items that were opened. This feature hasnt yet Positive integer been implemented. Hb Heartbeat The Heartbeat interval thats used for the PING command. Positive integer interval 64. W3SVC Log Breakdown - Elements Ssp SharePoint The number of files that were accessed from Windows Positive integer documents SharePoint Services. Sspb SharePoint bytes The number of bytes that were accessed from Windows Positive integer SharePoint Services. Unc UNC files The number of files that were accessed through Windows Positive integer file shares. Uncb UNC bytes The number of bytes that were accessed through Windows Positive integer file shares. Att Attachments The number of attachments that were retrieved. Positive integer Attb Attachment bytes The number of bytes that were retrieved for attachments. Positive integer Pk Policy key The element thats used by the client and server to Not applicable received correlate acknowledgements to a particular policy setting. Pa Policy The element that indicates success if all the policy settings Value Meaning acknowledge were applied correctly. 1Policy was status successfully applied 2Policy was partially applied 3Policy was not applied 65. W3SVC Log Breakdown - Elements Oof OOf action The action that is performed on the Out of Value Meaning Office status stored on the Exchange GetRetrieves the OOF status and server. message SetSets the OOF status and message UserInfo User The parameter that specifies retrieval of Get information the user information data. action DevModel Device model The device information that is supplied by Possible values include the device manufacturer. manufacturer name, model name, and model number. DevIMEI IMEI The International Mobile Equipment String Identity (IMEI). It is a 15-digit code thats assigned to each device. DevName Device friendly This element stores the users description String name of their device. DevOS Device OS The operating system that is running on String the device. DevLang Device OS The localized language of the device String language operating system. Error Error The error section of the request. String S Status This element returns the status of the String device. R Not Relevant This element returns a count of items that Positive integer have changed but arent relevant to the mobile phone or device. 66. W3SVC Log Breakdown - Elements Pfs PerFolderStatus BR BodyRequested BPR BodyPartRequested LdapC LdapCount LdapL LdapLatency RpcC RpcCount RpcL RpcLatency E NumErrors Io NumItemsOpened 67. W3SVC Log Breakdown - Elements DevAgent DeviceInfoUserAgent Rto RequestTimedOut Erq EmptyRequest Ers EmptyResponse Cpo CompletionOffset Fet FinalElapsedTime DevEnaSMS DeviceInfoEnableOutboundSMS DevMoOp DeviceInfoMobileOperator 68. W3SVC Log Breakdown - Elements RR NumberOfRecipientsToResolve Fb "Fb"=AvailabilityRequested Ct CertificatesRequested Pic PictureRequested As AccessStateAndReason Ssu Ssu Mbx MailboxServer Dc DomainController Throttle ThrottledTime 69. W3SVC Log Example _Fid:10_Ty:Em_Filt3_S t:S_Sk:2063964464_SsCmt1_Srv:6a0c0d0s0e0r0A0sd_BR1_BPR0 _LdapC23_RpcC116_RpcL203_Pk1087184048_S1_As:AllowedG_Mbx:E2K10M.x.ExchLab.loc al_Throttle0_Budget:( 70. W3SVC Log Example Breakdown Server Stats Adds 6Protocol Version 14.1 Changes 0Type E-mail Deletes 0Folder ID 10 Soft-Deletes 0Folder Count 5 Errors 0Filter Type 3 days back LDAPCount 23Sync Type Subsequent sync RPCCount 116Sync Key 2063964464 RPCLatency 203Status Success PolicyKey 1087184048BodyRequested 1 Status 1 AccessStateandReason AllowedBodyPartRequested 0 Mailbox E2k10 Throttle 0 71. W3SVC Log Sample – Break it Down! Example Ping command: &Log=V120_Hb780_S1 72. W3SVC Log – Too Easy! Protocol Version 12 Heartbeat Interval 780 sec (13min) Status 1 (Success) 73. Log Parser Query and Results 74. Export-ActiveSyncLog Example 75. Export-ActiveSyncLog Example 76. Get-ActiveSyncDevice cmdlet 77. EAS Mailbox Logging http://msexchangeteam.com/archive/2007/05/30/439568.aspx 78. EAS Mailbox Logging 79. EAS Mailbox Logging 80. EAS Mailbox Logging 81. EAS Mailbox Logging – WP7Log Entry: 70-----------------RequestTime :10/20/2011 11:00:19Identifier :70F0FE13 82. EAS Mailbox Logging – WP7MS-ASProtocolVersion: 14.1 83. EAS Mailbox Logging – WP7<Sync xmlns="AirSync:"> <HeartbeatInterval>1380</HeartbeatInterval></Sync>WasPending :[Response was pending] 84. EAS Mailbox Logging – WP7ResponseHeader :HTTP/1.1 200 OKMS-Server-ActiveSync: 14.1 <SyncKey>268775212</SyncKey> <CollectionId>5</CollectionId> <Status>1</Status> <Commands> <Add> <ServerId>5:11</ServerId> <ApplicationData>ResponseTime :10/20/2011 11:01:46 85. EAS Mailbox Logging – WP7<Sync xmlns="AirSync:"> <HeartbeatInterval>1380</HeartbeatInterval> <Partial/></Sync> 86. EAS Mailbox Logging - iPhoneLog Entry: 61-----------------RequestTime :10/20/2011 12:29:45Identifier :6E3B9610WasPending :[Response was pending] 87. EAS Mailbox Logging - iPhoneResponseHeader :HTTP/1.1 200 OKMS-Server-ActiveSync: 14.1 <Status>2</Status> <Folder>5</Folder>ResponseTime :10/20/2011 12:30:30 88. EAS Mailbox Logging - iPhone Log Entry: 62-----------------RequestTime :10/20/2011 12:31:01 <CollectionId>5</CollectionId> <GetChanges/> 89. EAS Mailbox Logging - iPhoneResponseHeader :HTTP/1.1 200 OKMS-Server-ActiveSync: 14.1 <SyncKey>2657206</SyncKey> <Add> <ServerId>5:10</ServerId> 90. EAS Mailbox Logging - iPhone Log Entry: 63-----------------RequestTime :10/20/2011 12:31:01Identifier :3BB1439B Cmd=Sync <SyncKey>2657206</SyncKey> <CollectionId>5</CollectionId><Fetch> <ServerId>5:10</ServerId></Fetch> 91. EAS Mailbox Logging - iPhoneResponseHeader :HTTP/1.1 200 OKMS-Server-ActiveSync: 14.1ResponseBody :<?xml version="1.0" encoding="utf-8" ?><Sync xmlns="AirSync:"> <Collections> <Collection> <SyncKey>530022051</SyncKey> <CollectionId>5</CollectionId> <Status>1</Status> <Responses> <Fetch> <ServerId>5:10</ServerId> <Status>1</Status> 92. EAS Mailbox Logging – iPhone ??? <SyncKey>644101135</SyncKey> 93. EAS Mailbox Logging – iPhone ???</Sync>SyncCommand_GenerateResponsesXmlNode_AddChange_ConvertServerToClientObject_Exception :Microsoft.Exchange.AirSync.ChangeTrackingItemRejectedException at Microsoft.Exchange.AirSync.ChangeTrackingFilter.Filter(XmlNode xmlItemRoot, Nullable`1[] oldChangeTrackingInformation) at Microsoft.Exchange.AirSync.SyncCollection.ConvertServerToClientObject(ISyncItem syncItem, XmlNode airSyncParentNode,SyncOperation changeObject, GlobalInfo globalInfo) at Microsoft.Exchange.AirSync.SyncCollection.<>c__DisplayClassd.<GenerateCommandsXmlNode>b__4(SyncOperationchangeObject) <SyncKey>644101135</SyncKey> 94. Log Entry: 69-----------------RequestTime :10/20/2011 12:49:23ServerName :E2K10CHAssemblyVersion :14.01.0325.000Identifier :7FF1CC78 & Cmd=PingX-Ms-Policykey: 2891930116<Ping xmlns="Ping:"> <HeartbeatInterval>700</HeartbeatInterval></Ping> 95. EAS Mailbox Logging - iPhone Log Entry: 70-----------------RequestTime :10/20/2011 13:01:53Identifier :24B088EB &Cmd=PingX-Ms-Policykey: 2891930116<Ping xmlns="Ping:"> <HeartbeatInterval>801</HeartbeatInterval></Ping> 96. EAS Mailbox Logging - iPhoneLog Entry: 71-----------------RequestTime :10/20/2011 13:15:21Identifier :47C28128 & Cmd=PingX-Ms-Policykey: 2891930116<Ping xmlns="Ping:"> <HeartbeatInterval>700</HeartbeatInterval></Ping> 97. EXTR
