Article ID: 949722 - Last Review: January 5, 2009 - Revision: 2.0 Event ID 800 does not include the user name of users who ran the Get-MessageTrackingLog command in an Exchange 2007 environmentSYMPTOMSIn an Exchange 2007 environment, you may want to know who
has accessed the message tracking logs. To do this, you can enable
LogPipeLineExecutionDetails registry entry. Then, when a user runs the Get-MessageTrackingLog command in Exchange Management Shell (EMS), an Event ID 800 is
logged in the Powershell log. However, the user name is not included the event.
Instead, the following Event is logged in the PowerShell log: Event Type: Information Event Source: PowerShell Event Category: (8) Event ID: 800 Date: <Date> Time: <Time> User: N/A Computer: <server name> Description: The description for Event ID ( 800 ) in Source ( PowerShell ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: get-messagetrackinglog -server 152433m2, DetailSequence=1 DetailTotal=1 SequenceNumber=75 HostName=ConsoleHost HostVersion=1.0.0.0 HostId=467ed744-9a87-407f-972b-25eca13dec7d EngineVersion=1.0.0.0 RunspaceId=0086a970-acd4-4f80-9167-843f996fd6ec PipelineId=8 ScriptName= CommandLine=get-messagetrackinglog <parameter> <value>, ParameterBinding(Get-MessageTrackingLog): name="<parameter>"; value="<value>" Therefore, you cannot obtain any information about the authenticated user who ran the command. RESOLUTIONTo resolve this problem, install Update Rollup 5 for
Exchange 2007 Service Pack 1. For more information about Update Rollup 5 for Exchange 2007 Service Pack 1, click the following article number to view the article in the Microsoft Knowledge Base: 953467
(http://support.microsoft.com/kb/953467/
)
Description of Update Rollup 5 for Exchange
Server 2007 Service Pack 1
To enable this hotfix, you must create the
following registry entry on the Exchange Hub Transport server:2 Client
Monitoring To do this, follow these steps:
STATUSMicrosoft
has confirmed that this is a problem in the Microsoft products that are listed
in the "Applies to" section. MORE INFORMATIONUser information is not logged in Event ID 800 in the
PowerShell log even though the hotfix is installed on the server. In other
words, the Event ID 800 user information is the same as before the hotfix is installed. Instead, a
message that resembles the following Event ID 7020 message is logged in the
Application log after you install the hotfix, and you create the 2 Client Monitoring registry
entry. Event Type: Information Event Source: MSExchangeTransportLogSearch Event Category: Client Monitoring Event ID: 7020 Date: <date> Time: <time> User: N/A Computer: <ComputerName> Description: Client <domain\user> issued the following transport log search request: <?xml version="1.0" encoding="utf-8"?> <LogQuery xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"> <Beginning>0001-01-01T00:00:00Z</Beginning> <End>9999-12-31T22:59:59.9999999Z</End> <Filter xsi:type="And"> <Conditions /> </Filter> </LogQuery> For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. WORKAROUNDTo enable Exchange-related command logging, run the
following command: Set-ItemProperty HKLM:\SOFTWARE\Microsoft\PowerShell\1\PowerShellSnapIns\Microsoft.Exchange.Management.PowerShell.Admin -Name LogpipelineExecutionDetails -value 1 After you run the command, you can use Windows
Explorer to access the log files that contain the information about who has
accessed the message tracking logs. | Article Translations
|
| United States | Change | | | All Microsoft Sites |
Help and Support
Back to the top
|
