Description

Message trace is used to troubleshoot email delivery issues when using Office 365 or Exchange On-premises. It can help determine why items are not being archived & help verify delivery of emails on Veritas journal address. 

The following steps illustrate how to perform an extended message trace.

1- For Office 365

2- For Exchange On-premises.

1- For Office 365

Open the modern EAC at https://admin.exchange.microsoft.com, expand Mail flow, and then select Message trace.

OR  To go directly to message trace, open https://admin.exchange.microsoft.com/#/messagetrace

-Click on Start a trace, to search required message.

-The default values are All for Senders and All for Recipients, however the filters can be used to search required email.

Example: Search all received emails of admin user for last 2 days and hit search.

It will return all messages in “Message trace search results”.

Click on any message and see "Message events" to confirm that it was sent to Veritas.

If needed, click "Copy report text", paste into a text editor and send to Veritas Support.

Please note: For 10 days or less, the results are available instantly in Summary report as above. The results will be delayed if the time period exceeds 10 days, as they are only available as a CSV file (Enhanced summary or Extended report).

For message traces longer than 10 days, choose Extended Report since it contains journal events.

An Admin user will be notified once the report is generated, and it will appear in the "Downloadable reports" section.

For more information refer to Microsoft article.

https://learn.microsoft.com/en-us/exchange/monitoring/trace-an-email-message/message-trace-modern-eac

2- For Exchange On-premises (Exchange 2016/2019).

Identify any sample message which is not archived and login to Exchange Management Shell to get Message tracking logs of the sample message.

Example: An email which is sent on 10 March 2023 with subject as “Test Message” by sender User1@abc.com.

Use command as below.

Get-MessageTrackingLog -Start "03/10/2023 08:00AM" -End "03/10/2023 11:00PM" -Sender "User1@abc.com" -MessageSubject “Test Message” | FL >> "C:\MessageTrace.txt"

It will generate a file as MessageTrace.txt in specified drive. Review the file and validate if a message was sent to Veritas at the specified journal address. If needed, send the report to Veritas Support.

Here is the sample output from above command.

MessageSubject           : Test Message
Sender                          : User1@abc.com

.
EventData                    : {[TRA, ETRI|MsgType=Undefined|Ex=|IsKnown=], [TRA, ETRI|MsgType=Undefined|Ex=|IsKnown=], 
[JA,ORIG|type=tenant|ruleid=8739e99f-47d9-4e2e-ba36-d9606e9f9d50|mid=
|dest=EXCH-2016-LABTEST@journal.lax.archivecloud.net|dest=Journal@abc.com|dest=JournalEV@abc.com
|dest=JournalSMTP@abc.com],[CompCost, |ETR=0], [DeliveryPriority, Normal], [AccountForest, abc.com]}

For more information refer to Microsoft article.

https://learn.microsoft.com/en-us/exchange/mail-flow/transport-logs/search-message-tracking-logs?view=exchserver-2019