How to trace messages in Office 365 (Exchange Online) and Exchange On-premises

book

Article ID: 100042958

calendar_today

Updated On:

Description

Description

Message trace is used to troubleshoot email delivery issues when using Office 365 or Exchange On-premises. It can help determine why items are not being archived & help verify delivery of emails on Arctera journal address. 

The following steps illustrate how to perform an extended message trace.

1- For Office 365

2- For Exchange On-premises.

 

 

1- For Office 365

Open the modern EAC at https://admin.exchange.microsoft.com, expand Mail flow, and then select Message trace.

OR  To go directly to message trace, open https://admin.exchange.microsoft.com/#/messagetrace

-Click on Start a trace, to search required message.

-The default values are All for Senders and All for Recipients, however the filters can be used to search required email.

Example: Search all received emails of admin user for last 2 days and hit search.

image.png

 

It will return all messages in “Message trace search results”.

 

image.png

 

Click on any message and see "Message events" to confirm that it was sent to Arctera.

If needed, click "Copy report text", paste into a text editor and send to Arctera Support.

image.png

 

Please note: For 10 days or less, the results are available instantly in Summary report as above. The results will be delayed if the time period exceeds 10 days, as they are only available as a CSV file (Enhanced summary or Extended report).

For message traces longer than 10 days, choose Extended Report since it contains journal events.

An Admin user will be notified once the report is generated, and it will appear in the "Downloadable reports" section.

image.png

 

For more information refer to Microsoft article.

https://learn.microsoft.com/en-us/exchange/monitoring/trace-an-email-message/message-trace-modern-eac

 

 

2- For Exchange On-premises (Exchange 2016/2019).

Identify any sample message which is not archived and login to Exchange Management Shell to get Message tracking logs of the sample message.

Example: An email which is sent on 10 March 2023 with subject as “Test Message” by sender User1@abc.com.

Use command as below.

Get-MessageTrackingLog -Start "03/10/2023 08:00AM" -End "03/10/2023 11:00PM" -Sender "User1@abc.com" -MessageSubject “Test Message” | FL >> "C:\MessageTrace.txt"

It will generate a file as MessageTrace.txt in specified drive. Review the file and validate if a message was sent to Arctera at the specified journal address. If needed, send the report to Arctera Support.

Here is the sample output from above command.

MessageSubject           : Test Message
Sender                          : User1@abc.com

.
EventData                    : {[TRA, ETRI|MsgType=Undefined|Ex=|IsKnown=], [TRA, ETRI|MsgType=Undefined|Ex=|IsKnown=], 
[JA,ORIG|type=tenant|ruleid=8739e99f-47d9-4e2e-ba36-d9606e9f9d50|mid=<bfe738d7-2ff0-45a6-a63e-a8a9224e9e68@journal.report.generator>
|dest=EXCH-2016-LABTEST@journal.lax.archivecloud.net|dest=Journal@abc.com|dest=JournalEV@abc.com
|dest=JournalSMTP@abc.com],[CompCost, |ETR=0], [DeliveryPriority, Normal], [AccountForest, abc.com]}</bfe738d7-2ff0-45a6-a63e-a8a9224e9e68@journal.report.generator>

 

For more information refer to Microsoft article.

https://learn.microsoft.com/en-us/exchange/mail-flow/transport-logs/search-message-tracking-logs?view=exchserver-2019

Issue/Introduction

How to trace messages in Office 365 (Exchange Online) and Exchange On-premises

Powered by Wolken Software