Easy way to find a Mobile Device Active Sync Lockout in AD via Exchange Log

Use PowerShell to Find an Active Sync Device AD Lockout 


One liner - Change the server name and username

Script opens the current ActiveSync log file, finds the target username, filters only the IIS failures and pops the result into a grid to view

You should be able to identify the following 
  • the user device model causing the problem 
  • the current IP Address
  • and the mail client
Copy and paste the one-line script into PowerShell ISE, change the name of the CAS server and change the username to match your problem user account.

dir \\NAME_OF_CAS_SERVER\c$\inetpub\logs\LogFiles\W3SVC1\u_ex$((get-date).tostring('yyMMdd')).LOG | sls "fred.username" | sls " 401 " | Out-GridView

Let me know how you get on...


Keywords: AD, Active Directory, Exchange, ActiveSync, Lockout

Comments

Post a Comment

Popular posts from this blog

Server Manager Refresh completed with one or more warning

The system cannot access one or more event logs because of insufficient rights The Problem: Configuration refresh message. The system cannot access one or more event logs because of insufficient rights, file corruption, or other reasons. For more information, see the Operation channel in the ServerManager-ManagementProvider error log on the target server. Problem occurred on Server 2012 servers that have been upgraded to Server 2012R2 servers. Servers are also clustered. The Solution: Following the event logs leads to a few registry keys. You can eliminate the messages by: 1. Export the following registry keys (for safety) 2. Delete the following keys: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-DxpTaskRingtone/Analytic HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-IME-Roaming/Analytic HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-IME-SCDICCOMPILER/Analytic HKLM\SOFTWARE\Mic...
Read more

Hyper-V could not replicate changes for virtual machine as replication is suspended on the Replica server

Image
EVENT ID 32088 for all VMs After running out of disk space on the Replica host server, all VMs stopped replicating.  Replication cannot simply be started by right clicking on the source VM and selecting Resume Replication. No console error message just the event log event 32088.  I considered removing replication and re-replicating but this seemed an awful lot of work for simple problem. Tried stopping the Hyper-V service on the replica host and restarting, but this also did not work. THE FIX 1. Go to the destination replica server, right click each VM and select Resume Replication.  2. Now you can go to the source server, right click each VM and select Resume Replication. For some strange reason this works. Just trying one end or the other will fail without a console error message (but shows in the event log).
Read more

Shrewsoft VPN client - can't open Access Manager

Shrewsoft VPN client - can't open Access Manager Problem Access Manager is not visible Occurred after adjusting using dual monitors. Reinstall does not fix the issue. The Fix Use regedit to rename or delete the following key: HKEY_CURRENT_USER\Software\ShrewSoft\vpn\user Had a look around the Shrewsoft support site - nothing useful in there to fix this problem.
Read more