none
How to get the most information out of message tracking RRS feed

  • Question

  • Back in the days of Exchange Server 2003, message tracking seemed to give a lot more information than what I've been able to find in later versions. For example, tracking was a simple process, and would yield results that showed without a doubt where a message went. For example:

    12/2/2019 10:33 AM SMTP: Message Routed and Queued for Remote Delivery
    12/2/2019 10:33 AM SMTP: Started Outbound Transfer of Message
    12/2/2019 10:33 AM Message transferred to mx.google.com through SMTP

    This would show me the date and time a message left the organization, and what host it was transferred to.

    I'd like to get this same information in Exchange Server 2016 but don't know where to look. Using Get-MessageTrackingLog doesn't appear to yield the information. At best I'm guessing the SENDEXTERNAL event for SMTP is the server handing off the message, but I don't see how to determine what host it's handing it off to.

    What would be the best way to get this information? Ultimately I'd like to be able to look at results and say definitively, "At this time on this date our server transferred the message to host __________."

    Monday, December 2, 2019 3:37 PM

All replies

  • The message tracking logs in 2016 are a per-server thing, so you will only see tracking logs for a user when connecting to the same server that mailbox is on. You can view all logs for a specific email or user with

    get-exchangeserver |foreach(get-messagetrackinglog -server $_.name <insert search options here>)

    There's also a lot more information on each action than is shown in the default view. Running

    get-messagetrackinglog <options> | fl

    will give you all of the data you can get on each message, but will be hard to read because of the amount of data. You can limit the view with

    get-messagetrackinglog <options> | select <comma separated list of attributes you want>


    Adam Brown

    MCSE, CISSP

    Blog: AC Brown's IT World

    Monday, December 2, 2019 6:03 PM
  • Back in the days of Exchange Server 2003, message tracking seemed to give a lot more information than what I've been able to find in later versions. For example, tracking was a simple process, and would yield results that showed without a doubt where a message went. For example:

    12/2/2019 10:33 AM SMTP: Message Routed and Queued for Remote Delivery
    12/2/2019 10:33 AM SMTP: Started Outbound Transfer of Message
    12/2/2019 10:33 AM Message transferred to mx.google.com through SMTP

    This would show me the date and time a message left the organization, and what host it was transferred to.

    I'd like to get this same information in Exchange Server 2016 but don't know where to look. Using Get-MessageTrackingLog doesn't appear to yield the information. At best I'm guessing the SENDEXTERNAL event for SMTP is the server handing off the message, but I don't see how to determine what host it's handing it off to.

    What would be the best way to get this information? Ultimately I'd like to be able to look at results and say definitively, "At this time on this date our server transferred the message to host __________."

    One easy way. (If you run this directly on the server versus a PS session from your workstation you can pipe directly)

    Example by MessageID of the message

    Get-TransportService | Get-MessageTrackingLog -MessageId xxxxxxx@contoso.com

    This will gather all the server records for that messageID

    you can filter for those send events and the server it sent to:

    Get-TransportService | Get-MessageTrackingLog -MessageId xxxxxxx@contoso.com -EventId Send |FL Serverhostname, recipientstatus

    Or another combination that gets you the info you want.

    Just one example. Play around a bit with the other available fields.

    https://docs.microsoft.com/en-us/exchange/mail-flow/transport-logs/search-message-tracking-logs?view=exchserver-2019

    Monday, December 2, 2019 6:17 PM
    Moderator
  • Hi JGrover,

    When you use the command below, you can find all available parameters for Message Tracking Log:

    Get-MessageTrackingLog -Sender "john@contoso.com" -MessageSubject "**" | fl

    Then you can to check the parameters you want:

    Get-MessageTrackingLog -Sender "john@contoso.com" -MessageSubject "**" | Sort-Object Timestamp | FT Timestamp,EventId,Source,Sender,Recipients

    Here is an example for you(This log is ordered by time):

    For the meaning of each parameter, I would suggest have a read about this article: Fields in the message tracking log files 

    Regards,

    Kyle Xu


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    Tuesday, December 3, 2019 6:10 AM
    Moderator
  • Hi JGrover,

    I am writing here to confirm with you how thing going now?

    If the above suggestion helps, please be free to mark it as an answer for helping more people.

    Regards,

    Kyle Xu


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    Friday, December 6, 2019 9:27 AM
    Moderator