Managing Mobile devices connecting your Exchange Server 2007

Recently, I came across many people asking a question in forums about a way to restrict windows mobile or ActiveSync supported mobile devices from being used with EAS in an Exchange Server 2007 environment. Several others have already posted many ways to restrict these types of mobile devices. One of the bests I came across is by Microsoft Exchange Team at http://msexchangeteam.com/archive/2008/09/05/449757.aspx this talk about many other ways to do it more efficiently. However, they do require some additional tools.Exchange Server 2007 does have a built in command which can used to restrict those devices you never wanted.  

Restrict:

Set-CASMailbox -Identity <Mailbox Alias> -ActiveSyncAllowedDeviceIDs: <DeviceID> 

You can have multiple devices enabled for the same mailbox by simply specifying each device id in quotes (“IVR100W”) and each separated by a comma. Keep in mind that these IDs are stored in the mailbox of the associated mailbox alias. 

Manage and Audit:

Get-CASMailbox -Identity <Mailbox alias> |FL 

Your manager may come to you some day and ask you about the list of approved devices on your Exchange Server mailboxes. Do not stumble at all, above command will give you the information about device IDs associated with the mailbox name you specify in place of <Mailbox Alias>. A drawback of running this command is that it shows everything related to the CAS role and which is stamped on the mailbox. According the an article http://www.exchangeninjas.com/AllowByDeviceID which was shared to me by one my co workers this audit can be simply carried out by using the cmdlet Get-ActiveSyncDeviceStatistics –Mailbox:<Mailbox Alias> |FL DeviceID but it failed to show me the details I wanted. A little bit of work with Microsoft Excel and a correct filter like –OrganizationUnit should be good to get the desired reports.  

Remove:

Remove-ActiveSyncDevice -Identity <MobileDeviceIDParameter> 

Well, nothing much to explain about this. The command is pretty simple and straight forward. IDs collected using the Get-CASMailbox –Identity command can be used as an input to this command if at all you find some of those IDs aren’t in use.

Exchange Server 2007 and Windows Registry

Probably this would be the last post highlighting Exchange Server 2007 registry integration on a windows server 2003 system. When we browse through the windows server 2003 based computer registry where an Exchange Server instance is installed, most of the time we notice that the service control manager database showing up many registry entries for Exchange Server 2007 under it however there are several other keys which can also be seen under the registry entries of Exchange Server services. I will try to explain what all those sub keys mean.

Expanding any of the Exchange Server 2007 related registry keys in registry editor we get a view of at least one sub key under it. If noticed correctly most of these children entries are named as “Diagnostics”, “Performance”, and “Linkage”

 

We would take a glance at all these three and their contents.

Diagnostics: 

This is basically for providing the event logging level. In some scenarios we need to bounce the diagnostics logging on some of the components of Exchange Server to understand or locate an exact problem place. Diagnostics key node will help bouncing the event logging level as per your desire and your expectations helping to locate a problem with some particular component.

As an example if you explore down till the location; HKLMSYSTEMCurrentControlSetServicesMsExchange ADAccess. Diagnostics tree node under it will list all the available sub components for MsExchange ADAccess. Values of each registry entry under the diagnostics node varies between 0-7. So, what does it return when values are set to 0 and what when it’s set to 7? Keeping in mind 0 is the lowest level of logging and 7 is the highest below table will tell what you get upon bouncing these values. If you have been already been administering an Exchange Server 2000 or 2003 box you will easily understand what changes happen in registry when you bounce up the diagnostic logging using the server properties page in ESM. The below table has been written assuming that it would be easier to co relate the levels.

 

Value

Level

0

NONE

1

MINIMUM

3

MEDIUM

5

MAXIMUM

7

Field Engineering

Diagnostics logging level 7 is considered as the expert level logging which if enabled will log events including Information, Warnings, and Errors. These errors may range between 100-1000 events a minute depending upon how the service is being used; number of calls handled by the service as well the number of errors it encounters. So, before you think of bouncing up the diagnostics logging to 7 you also need to think of the application log file settings on your server.

To set these levels manually you can browse to the location …<Service Name>Diagnostics in your registry editor and set them manually. However it is strongly recommended to do it manually. For Exchange Server 2007 a simple command using EMS would serve the purpose. To bounce diagnostics logging on any component you can use Set-EventLogLevel “MSExchangeSANSPI Proxy” -Level 5. You will notice that if there is a space in the service name of a component name the EMC will show you a red line to death.

 Performance: 

This is something which holds the performance related data of each of the services installed on the server. You can see this entry below the registry node for most of the well known services of Exchange Server 2007 and holds information about the performance libraries (DLLs), performance counters (that you see in performance monitor of windows server 2003), a little information of performance objects in WMI and a little more about the actions to be taken when a particular incident is manually triggered by the server administrator.

Below table contains a list of common registry keys that you can see under the tree node named “Performance”.

Key

Use

Open

Opens a call to performance Library DLL

Close

Closes a call to Performance Library DLL

Collect

A threaded collection process that collections the actual metrics

Library

This is a name of the performance library DLL

PerfIniFile

File containing list of all counters for a particular service or a component.

Thanks to James for helping to form above table. He made my understanding clearer about these. I have rest of them too and will post them later.

Linkage: 

The optional Linkage sub key specifies the binding options for the driver by using the Bind and Export values.