Message Tracking in Exchange Server 2013
The message tracking is a useful way to track all the messages in an Exchange server. This functionality is very much useful in troubleshooting mail delay issues, unable to receive mail etc.
Message tracking logs is a detailed record of all message activity in exchange server.
Before we go on to see how to track messages, let’s have a quick look at how the mail Flow works in Exchange.
Transport service (on the Mailbox Servers) => Active Directory => Mailboxes on the Mailbox Servers / Edge Transport Server.
Let’s see where & how we can enable Message Tracking in Exchange 2013 Server.
Message tracking in Exchange 2013 should be enabled by default. If it’s not, you can use either the Exchange Admin Centre (EAC) or the Exchange Management Shell (EMS) to enable/configure it:
Using Exchange Admin Center:
In the EAC, navigate to Servers => Mailbox Server (Select the Mailbox Server you want to configure in case of multiple mailbox servers). => Click Edit => on server properties click Transport Logs=> Select Enable Message tracking log check box => Click Save.
Using Exchange Management Shell:
Using Set-TransportService or Set-MailboxServer cmd we can configure all message tracking features.
- Enable/Disable Message tracking
- Setting up message tracking log path
Open Exchange Management Shell & run the following command:
Set-TransportService SERVERNAME -MessageTrackingLogPath "C:Program FilesMicrosoftExchange ServerV15TransportRolesLogsMessageTracking" -MessageTrackingLogMaxFileSize 10MB -MessageTrackingLogMaxDirectorySize 1.5GB -MessageTrackingLogMaxAge 30.00:00:00
Permission Prerequisites: What permissions do I need to enable message tracking?
Minimum permission required to perform this task if a different account is used specially for Message Tracking. (By default Administrator account will have the required permissions):
- Organization Management
- Records Management
- Recipient Management
Where are the message tracking files generated?
By default in Exchange Server 2013 message tracking files are found in C:Program FilesMicrosoftExchange ServerV15TransportRolesLogsMessageTracking path.However one can change the log file path according to their requirement.
On the other version of Exchange:
- Exchange 2010: C:Program FilesMicrosoftExchange ServerV14TransportRolesLogsMessageTracking,
- Exchange 2007: C:Program FilesMicrosoftExchange ServerTransportRolesLogsMessageTracking.
Using Shell to view Message Tracking Reports:
We can view the message tracking report using Exchange Management Shell:
Get-MessageTrackingLog
Tracking Message using the Exchange Admin Console (Delivery Reports):
Delivery reports for administrators using the Exchange admin center (EAC) to search message tracking logs of a specific mailbox. We can search for messages sent by or to the mailbox, search a message using subject etc. These delivery reports only has the subject line of the message & we cannot see the body of the message.
We can do the following to track the delivery report:
- Go to EAC –> Mail Flow ->Click on Delivery Reports => Mailbox.
Select -> messages sent to – To search for messages sent to specific users.
Messages received from – To search for messages received from a specific user.
Search message using subject line => Click Search.
View Delivery Report by User using OWA:
Users can use the Delivery reports tab in Outlook Web App to search the message tracking logs for information about messages sent to or from their own mailbox.
User can select the mail for which we need to see the delivery report do a right click =. Select Open Delivery Report.
So what do we see in the message tracking file?
Message tracking generates four different types of files, Out of which the first three files are the ones which is required in troubleshooting mail flow issues.
MSGTRKMS – For sent messages (messages sent from mailboxes by the Mailbox Transport Submission service).
MSGTRKMD – For received messages. (Messages delivered to mailboxes by the Mailbox Transport Delivery service).
MSGTRK – For mail flow (Transport service events).
MSGTRKMA – Approvals and rejections used by moderated transport.
These files are in CSV format.We can use the file option in the Excel for easy access. You can filer message with subject line, Client/Server IP address etc.
Some of the Message Tracking cmdlets I use often:
To find Send Emails:
Get-MessageTrackingLog -resultsize unlimited -Start "06/01/2014 4:30:00 PM" -End "06/04/2014 5:17:00 PM" |where-object {$_.Recipients -like "*@contoso.com" -AND $_.EventId -eq "Send"} | where {$_.recipients -like "*@ contoso.com"} | Select @{Name='Recipients';Expression={[string]::join(";", ($_.Recipients))}}, Sender, EventId, Timestamp, Source, MessageSubject | Export-CSV "C:EmailAddress_Statistics_Send.csv"
Get-MessageTrackingLog -resultsize unlimited -Start "12/02/2014 4:20:00 PM" -End "12/02/2014 07:30:00 PM" |where-object {$_.EventId -eq "Send"} | Select @{Name='Recipients';Expression={[string]::join(";", ($_.Recipients))}}, Sender, EventId, Timestamp, Source, MessageSubject | Export-CSV "C: Dec2_Email_Statistics_Send.csv"
Get-Messagetrackinglog -Resultsize Unlimited | Where {$_.Sender -match "@contoso.com"} -EventID "Send" -Start "12/02/2014 4:20:00 PM" -End "12/02/2014 07:30:00 PM" | Select @{Name='Recipients';Expression={[string]::join(";", ($_.Recipients))}}, Sender, EventId, Timestamp, Source, MessageSubject | Export-CSV "C: Dec2_Email_Statistics.csv"
To find Received Emails:
Get-MessageTrackingLog -resultsize unlimited -Start "12/02/2014 4:20:00 PM" -End "12/02/2014 07:30:00 PM" |where-object {$_.Recipients -like "*@ contoso.com" -AND $_.EventId -eq "RECEIVE"} | where {$_.recipients -like "*@contoso.com"} | Select @{Name='Recipients';Expression={[string]::join(";", ($_.Recipients))}}, Sender, EventId, Timestamp, Source, MessageSubject | Export-CSV "C:EmailAddress_Statistics_Receive.csv"
Get-MessageTrackingLog -resultsize unlimited -Start "12/02/2014 4:20:00 PM" -End "12/02/2014 07:30:00 PM" |where-object {$_.EventId -eq "RECEIVE"} | Select @{Name='Recipients';Expression={[string]::join(";", ($_.Recipients))}}, Sender, EventId, Timestamp, Source, MessageSubject | Export-CSV "C: Dec2_Email_Statistics_Receive.csv"
Get-MessageTrackingLog -resultsize unlimited |where {$_.MessageSubject -like "Win a Lottery"} >> "C:UsersusernameDesktopoutput.txt"
Get-MessageTrackingLog -resultsize unlimited -Start "6/3/2013 12:29:00 PM" -End "6/6/2013 12:39:00 PM" |where {$_.MessageSubject -like "Update your Social Security Number"} >> "C:UsersusernameDesktopoutput.txt"
Get-MessageTrackingLog -Server HUBServerName -resultsize unlimited |where-object {$_.Recipients -like "*@contoso.com" -AND $_.EventId -eq "Send"} | where {$_.recipients -like "*@contoso.com"} | ft EventId,Timestamp,Sender,recipients,MessageSubject,@{label="size";Expression={$_.Totalbytes/1mb}} >>c: @contoso_emails.csv
Get-Messagetrackinglog -Server HubServerName -resultsize unlimited -Sender "User@contoso.com" -EventID "SEND" -Start "5/10/2012 12:29:00 PM" -End "6/4/2012 12:39:00 PM" |ft Timestamp, Source, EventID, Recipients, MessageSubject, RecipientStatus, @{label="size";Expression={$_.Totalbytes/1mb}}
Get-Messagetrackinglog -Server HubServerName -resultsize unlimited -Start "12/01/2012 12:29:00 PM" -End "12/06/2012 12:39:00 PM" |where {$_.MessageSubject -like "Click Here to be SOX Compliant"} |ft Timestamp, Source, EventID, Recipients, MessageSubject, RecipientStatus, @{label="size";Expression={$_.Totalbytes/1mb}}
Domain based search: To find all emails from a specific domain in Exchange server
Get-MessageTrackingLog -Server hub1 -resultsize unlimited -Start "2/24/2013 12:29:00 AM" -End "2/26/2013 12:29:00 PM" |where-object {$_.Sender -match "contoso.com" -AND $_.EventId -eq "Receive"} | ft EventId,Timestamp,Sender,recipients,MessageSubject,@{label="size";Expression={$_.Totalbytes/1mb}}
Get-MessageTrackingLog -resultsize unlimited -Start "9/10/2014 12:29:00 PM" -End "9/12/2014 12:39:00 PM" |where {$_.MessageSubject -like "Pay off your Mortgage"} |fl Recipients, MessageSubject, Sender, ReturnPath, EventID
Get-Messagetrackinglog -Recipients:user@contoso.com -EventID "RECEIVE" -Start "05/25/2014 4:30:00 PM" -End "05/30/2014 5:17:00 PM"
Get-Messagetrackinglog -Recipients:user@contoso.com -EventID "RECEIVE" -Start "05/25/2014 4:30:00 PM" -End "05/30/2014 5:17:00 PM" | Select @{Name='Recipients';Expression={[string]::join(";", ($_.Recipients))}}, Sender, EventId, Timestamp, Source, MessageSubject | Export-CSV "C:EmailAddress_Statistics_forUser.csv"
Ratish Nair
Microsoft MVP | Exchange Server
Team @MSExchangeGuru
March 10th, 2015 at 5:02 pm
Great work Ratish, thanks for sharing.
i have missed the message tracking GUI of Exchange Server 2010, but i have found a PowerShell Script:
http://www.frankysweb.de/exchange-2013-gui-fr-die-nachrichtenverfolgung/
The script brings back Exchange 2010 feeling and is much faster than typing complex commands to the Shell 🙂
Greetz, Tim
March 24th, 2015 at 9:24 am
Hi,
Good info. it is the same for 2010 or it is diff one ?
Regards
Muthu
March 29th, 2015 at 8:58 pm
[…] Message Tracking in Exchange Server 2013 – 10-Mar-2015 […]
March 30th, 2015 at 12:05 am
Tim,
Good one. It gets going with few changes as per timezone and date format. But there are still few more things which does not give the same feel of Exchange 2010 GUI. So keep up the good work. We would recommend you to release version 2 with same user experience like select one of the message and search on message id from there. Well it will add few more lines of coding. 🙂
June 30th, 2015 at 3:28 am
Hi,
We have a requirement where more than one mailboxes want to receive the delivery receipt notification for MailX sent by SenderX.
Is it possible to do this in outlook 2010 ?
Environment : Outlook 2010
June 30th, 2015 at 6:26 pm
Sender can be only one so delivery receipt goes to one sender. You may put a rule in place to send it to a DL.
May 6th, 2016 at 6:54 am
Thank You Ratish.
Excellent examples.
November 16th, 2016 at 10:04 am
hi,thank’s for your info . I ‘ve a case: I can receive Delivery reports from emails sends to internal Domain users but can’t receive Delivery Reports for emails send outside the Company. We are using Exchange 2013 . Also using Command : Get-TransportService we have TRue value. Any suggestion , please?
November 16th, 2016 at 2:20 pm
Recipient domain should allow it. It is not in your control. So contact the receiving domain admins.
February 7th, 2017 at 9:29 pm
Very usefull article, thx a lot
March 2nd, 2017 at 11:39 am
you are again super
March 9th, 2017 at 5:52 am
Hi, if the messaging tracking is enabled, how old mails we can able to track ?
regards,
Sunil
March 9th, 2017 at 5:52 am
Hi, if the messaging tracking is enabled, how old mails we can able to track in Exchange 2013?
regards,
Sunil
March 11th, 2017 at 10:44 pm
It depends on the number of days you have configured.
March 11th, 2017 at 10:46 pm
It depends on the number of days you have configured.
March 29th, 2017 at 12:26 am
Hi PN,
Refer this above:
Tracking Message using the Exchange Admin Console (Delivery Reports):
What if I want to track messages coming from external addresses and not internal? This options for TO & FROM are only to select users from internal.
Please let me know.
Thank you.