Easy way to find a Mobile Device Active Sync Lockout in AD via Exchange Log

Use PowerShell to Find an Active Sync Device AD Lockout 


One liner - Change the server name and username

Script opens the current ActiveSync log file, finds the target username, filters only the IIS failures and pops the result into a grid to view

You should be able to identify the following 
  • the user device model causing the problem 
  • the current IP Address
  • and the mail client
Copy and paste the one-line script into PowerShell ISE, change the name of the CAS server and change the username to match your problem user account.

dir \\NAME_OF_CAS_SERVER\c$\inetpub\logs\LogFiles\W3SVC1\u_ex$((get-date).tostring('yyMMdd')).LOG | sls "fred.username" | sls " 401 " | Out-GridView

Let me know how you get on...


Keywords: AD, Active Directory, Exchange, ActiveSync, Lockout

Comments

Post a Comment

Popular posts from this blog

Server Manager Refresh completed with one or more warning

The system cannot access one or more event logs because of insufficient rights The Problem: Configuration refresh message. The system cannot access one or more event logs because of insufficient rights, file corruption, or other reasons. For more information, see the Operation channel in the ServerManager-ManagementProvider error log on the target server. Problem occurred on Server 2012 servers that have been upgraded to Server 2012R2 servers. Servers are also clustered. The Solution: Following the event logs leads to a few registry keys. You can eliminate the messages by: 1. Export the following registry keys (for safety) 2. Delete the following keys: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-DxpTaskRingtone/Analytic HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-IME-Roaming/Analytic HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-IME-SCDICCOMPILER/Analytic HKLM\SOFTWARE\Mic...
Read more

Event ID 122 Access to Drivers on Windows Update Blocked by Policy - Fix Here

Image
Access to drivers on Windows Update was blocked by policy EventID:122 errors appearing on Windows Server 2012 Hyper-V host.  “Device Setup Manager” service. There is a scheduled task that runs each night in “Microsoft | Windows | Device Setup” called “Metadata Refresh”.  When that task runs it causes the “Device Setup Manager” service to start, and that’s what is causing the messages.  If you look in the Event Viewer under “Application and Services Logs | Microsoft | Windows | DeviceSetupManager | Admin” and filter on Event ID 122 then you can see the entries. The “policy” that is causing the block is actually the Device Installation Settings.  SOLUTION Use the search in the Control Panel window and look for “device installation” When that window opens, you will see the settings that define the “policy” If you change the setting to “Always install the best driver software from Windows Update.” then the Even...
Read more

Hyper-V could not replicate changes for virtual machine as replication is suspended on the Replica server

Image
EVENT ID 32088 for all VMs After running out of disk space on the Replica host server, all VMs stopped replicating.  Replication cannot simply be started by right clicking on the source VM and selecting Resume Replication. No console error message just the event log event 32088.  I considered removing replication and re-replicating but this seemed an awful lot of work for simple problem. Tried stopping the Hyper-V service on the replica host and restarting, but this also did not work. THE FIX 1. Go to the destination replica server, right click each VM and select Resume Replication.  2. Now you can go to the source server, right click each VM and select Resume Replication. For some strange reason this works. Just trying one end or the other will fail without a console error message (but shows in the event log).
Read more