In Exchange 2007, Outlook Web Access (OWA) offers a portal for users to manage their Exchange Active Sync (EAS) devices.
How to access that information?
- Log on to OWA
- Click "Options"
- Click "Mobile Device"
Here is what the page looks like:
Note:
If ActiveSync is not enabled for the Exchange user, "Mobile Device" tab
won’t be shown. You can run the PowerShell command to check the status.
Here is the result from a test server for example:
[PS] D:Documents and Settings Administrator >Get-CASMailbox -Identity:test |fl ActiveSyncEnabled
ActiveSyncEnabled : True
What can the page do for you?
Note: The following includes the Exchange 2007 and Service Pack 1 (SP1) features:
1) Device status
As
shown in the snapshot, the page will list all the Active Sync devices
that the Exchange user has ever synced. Each device will be identified
with its Type, Last-Sync-Time, and Status, which contains detailed
device information, such as First-Sync-Time, User-Agent, etc.
Note:
Exchange has provided the protocol support to let the device send up
the device-related data (e.g. Friendly Name, OS, Phone number, etc) to
the server. But not all devices implement that part of protocol.
Therefore, it’s possible that you won’t see all the data shown in the
screenshot.
On the server side, the Exchange administrator can use the following PowerShell command to get the same data.
[PS] D:Documents and SettingsAdministrator>Get-ActiveSyncDeviceStatistics -mailbox:test
FirstSyncTime : 5/11/2007 10:07:47 PM
LastPolicyUpdateTime :
LastSyncAttemptTime : 5/11/2007 10:07:56 PM
LastSuccessSync : 5/11/2007 10:07:56 PM
DeviceType : PocketPC
DeviceID : v120Device
DeviceUserAgent : NSync
DeviceWipeSentTime :
DeviceWipeRequestTime :
DeviceWipeAckTime :
LastPingHeartbeat :
RecoveryPassword : ********
DeviceModel :
DeviceIMEI :
DeviceFriendlyName :
DeviceOS :
DeviceOSLanguage :
DevicePhoneNumber :
Identity : [email protected]
2) Remote Wipe
This
is a very handy feature that was only available to Exchange
administrators in Exchange 2003. Now an EAS user can wipe his/her
device, primarily in case of device loss. Once the link is clicked and
confirmed, the wipe command will be issued to the server and the link
will change to "Cancel Wipe Request". (SP1 feature)
As
you can infer, there is still a chance for the EAS user to cancel a
wipe request if he/she initiated it by accident or subsequently found
the device. But the courtesy time is short – once the device initiates
a sync to the server and picks up the wipe command, it will be too late
to undo the request.
Right before the device clears its data,
it will send a last notice to the server. Accordingly, the server will
be very friendly to send the device owner a "Remote Device Wipe
Confirmation" email, telling you the device is cleared. (SP1 feature)
Note:
After the remote wipe, if you luckily find your lost device and want to
re-sync it, you must remove it from the OWA device list (refer to
"Remove mobile device" section for more info). Otherwise, it will keep
on re-wiping itself. This is a security feature by-design.
The following shows how to wipe and cancel wipe with corresponding PowerShell command:
[PS] D:Documents and SettingsAdministrator>Clear-ActiveSyncDevice -Identity:[email protected]
Confirm
Are you sure you want to perform this action?
Clearing Mobile Device
"[email protected]". All the data on the device will be permanently deleted.
[Y] Yes [A] Yes to All [N] No [L] No to All [S] Suspend [?] Help
(default is "Y"):y
[PS]
D:Documents and SettingsAdministrator>Clear-ActiveSyncDevice
-Identity:test@blah- dom.blah.comAirSync-PocketPC-v120Device
-Cancel:$true
3) Remove mobile device partnership
This
is the first link above the device table. Basically what it does is to
clean up the sync state data of the selected device on the server. It’s
useful in several situations:
a. Clean up data: if
you switch to a new device, the legacy data of the old device will
still hang around occupying your mailbox space. You can find the device
and clean it out.b. Terminate remote wipe: as being said, if
you want to re-sync your device after a remote-wipe, you have to come
to here to remove it first.c. Start from scratch: well,
theoretically this wouldn’t happen, but it might in the real life – if
you feel your device is not working properly and want to start a fresh
sync from the scratch, you can remove the device partnership from the
server (i.e. here) and the device, then get fresh restart.
The corresponding PowerShell command for the admin is as following:
[PS] D:Documents and SettingsAdministrator>Remove-ActiveSyncDevice -Identity:t[email protected]
Confirm
Are you sure you want to perform this action?
Removing mobile device
"[email protected]". All dataabout the device will be removed. The device must be re-synchronized.
[Y] Yes [A] Yes to All [N] No [L] No to All [S] Suspend [?] Help
(default is "Y"):y
4) Pin Recovery
This
is a nice feature to give the EAS user a chance to unlock the device if
he/she forgets the device PIN. Clicking the "Display Recovery Password"
will show a pop-up dialog bearing the Recovery Password. Here,
I’d like to call out that the recovery password is NEITHER the same as
the device PIN and, for example on Windows Mobile (WM) devices, NOR
used in the same way. Actually its usage is sort of tricky: Menu, then
Reset Password, <type in new password> then <type in Recovery Password>.
There is no related PowerShell command for an Exchange administrator to get this info due to security reasons.
5) Retrieve Log
Starting
with Exchange 2007, we provide a light-weight server logging to track
details of the last 15 (configurable) requests/responses and possible
errors for problem diagnosis. By default, the logging is off. It can be
turned on and tweaked easily from web.config:
<add key="MailboxLoggingEnabled" value="true"></add>
<add key="NumOfQueuedMailboxLogEntries" value="15"></add>
<add key="MaxSizeOfMailboxLog" value="8000"></add>
After
the Exchange administrator turns on the logging and device starts
syncing, a "Retrieve Log…" link will show on the OWA device page to
let the device owner grab the log, which will be dropped into the Inbox
as an attachment of an Action email, titled as "Log retrieved for
device: XXXXXX". The log can be very useful to Microsoft support
personnel in diagnosing EAS issues.
The
log can also be retrieved using the PowerShell
Get-ActiveSyncDeviceStatistics command by passing GetMailbxoLog/LogPath
parameters: (SP1 feature)
[PS] D:Documents and
SettingsAdministrator>Get-ActiveSyncDeviceStatistics
-Identity:[email protected] -GetMailboxLog:$true -OutputPath:"C:"FirstSyncTime : 5/11/2007 10:30:16 PM
LastPolicyUpdateTime :
LastSyncAttemptTime : 5/11/2007 10:30:24 PM
LastSuccessSync : 5/11/2007 10:30:25 PM
DeviceType : PocketPC
DeviceID : v120Device
DeviceUserAgent : NSync
DeviceWipeSentTime :
DeviceWipeRequestTime :
DeviceWipeAckTime :
LastPingHeartbeat :
RecoveryPassword : ********
DeviceModel :
DeviceIMEI :
DeviceFriendlyName :
DeviceOS :
DeviceOSLanguage :
DevicePhoneNumber :
Identity : [email protected]Exchange ActiveSync Mailbox Log will be stored at: C:Exchange ActiveSync Mailbox Log successfully retrieved.