Troubleshooting Exchange with LogParser:IIS logs #2

In my previous post I described how to extract data from the IIS logs for one or multiple user/users or device/devices. This post is more about analytic or statistic tasks you can perform with this script.

There are the following reports available:

  • EASReport
  • EASErrorReport
  • ClientReport
  • ClientBandwidth
  • HTTPReport


This report is based on the script “A script to troubleshoot issues with Exchange ActiveSync”. There are minor changes as I added support for sync types (First, Subsequent, Recovery and Invalid) and removed some fields for commands and IIS errors. Nevertheless a really good report to get an overview. This report can be combined with a user. The report is sorted by the number of hits. In the following example I used LoadGen to generate requests:

.\Get-IISStats.ps1 -Outpath C:\Temp\Output -StartDate 141020 -EndDate 141020 -EASReport


Within this AD-site (HQ-Site) the script found 2 Exchange server. One Exchange 2010 (EX01) and one Exchange 2013 (EX02). The output is in the folder C:\Temp\Output. The format is yyMMDD_EASReport_<AD-Site>HH-mm-ss.csv and yyMMDD_EASReport<UserID>_<AD-Site>_HH-mm-ss.csv when you combined it with a user.


And that’s how it looks like:



The EASErrorReport will extract all the errors any ActiveSync device genereated. You will have a list of errors per server, user, deviceid, the error itself and the count. This could be helpfull to pinpoint a specific server or to get a general overview what’s going on.

.\Get-IISStats.ps1 -Outpath C:\Temp\Output -StartDate 141020 -EndDate 141020 -EASErrorReport


Same server were found and the output could be found in the OutPath. The format is yyMMDD_EASErrorReport_<AD-Site>HH-mm-ss.csv and yyMMDD_EASErrorReport<UserID>_<AD-Site>_HH-mm-ss.csv when you combined it with a user.




This report will list all the clients (cs(User-Agent)), total number of hits and the requested URI.

Note: The number is the number of hits and not the number of unique clients!

PS C:\Scripts> .\Get-IISStats.ps1 -Outpath C:\Temp\Output -StartDate 141020 -EndDate 141020 -ClientReport


The format is yyMMDD_ClientReport_<AD-Site>_HH-mm-ss.csv


And looks like this


I added the request URI just to distinct what service was used by what client.


This is really an important report when it comes to unique clients and network usage. In order to get all the details about the usage you need to have configured extended logging for the fields cs-bytes and cs-bytes.

The output will be 4 files:

  • Data (Hour,Vdir,User,EASDeviceId,KB received,KB sent,KB Total) yyMMDD_Clientbandwidth_<AD-Site>_HH-mm-ss_data.csv
  • EASDevices contains the number of unique ActiveSync devices per hour (Hour,UniqueEASDeviceS) yyMMDD_Clientbandwidth_<AD-Site>_HH-mm-ss_easdevices.csv
  • Rate contains the calculate bandwidth usage per hour (Hour,kB/s KiloBytes/s,MB/s MegaBytes/s,kbps,Mbps) yyMMDD_Clientbandwidth_<AD-Site>_HH-mm-ss_rate.csv
  • Users conatins all unique users per hour (Hour,UniqueUsers) yyMMDD_Clientbandwidth_<AD-Site>_HH-mm-ss_users.csv

Whereas the files EASDevices, Rate and Users will show you the numbers per hour, the Data file is the one you should be interested in. Once you have it import it in Excel and create a PivotChart as follows:

  • Insert PivotChart
  • For Table/Range click on cell A1
  • Press Strg+Shift+End to select all data


  • Now add “Hour” to “Axis Fields and “Vdir” to “Legend Fields”


  • Depending on what you want you now can add other fields to “Values”

In this example I picked KB total for OAB,EWS and ActiveSync


This is an example for unique users OAB,EWS, Autodiscover and ActiveSync


This report is really helpfull in questions related to bandwidth. It could be helpfull when you’re planning for O365. Neil did a great job with the “Exchange Client Network Bandwidth Calculator”. With this script you can partly verify your calculation.

Why partly?

When you are on Exchange 2010 you still have the RPC traffic. Sadly this traffic is not logged in a way that you can get the transfered bytes. If you have a dedicated load balancer you want to have a look into its reporting capabilities to get exact numbers. At least you will get a detailed overview who is using your Exchange servers and how much traffic is generated.


This is the last report and very helpful to check your servers health from HTTP.sys perspective.

PS C:\Scripts> .\Get-IISStats.ps1 -Outpath C:\Temp\Output -StartDate 141020 -EndDate 141020 -HTTPBeport


The output could be found in the format yyMMDD_HTTPErrorReport_<AD-Site>_HH-mm-ss.csv


And you will get a list of errors per server sort by number of hits


More info about the errors could be found here and here.

Generic stats

As last you will get by default, when you don’t use any parameter, 4 files as follows:

  • Collect all IIS errors (Request,HttpStatus,Win32Status,SourceIP,Hits) yyMMDD_IIS_errors.csv
  • All hits for this day per user (SourceIP,OverallHits,User,Client,Bytes received,Bytes sent,EASRequest) yyMMDD_hits_by_ip.csv
  • All hits by hour (Hour,Hits,EASHits) yyMMDD_hits_by_hour.csv
  • All EAS devices (EASDeviceId,UserAgents) yyMMDD_eas_devices.csv
PS C:\Scripts> .\Get-IISStats.ps1 -Outpath C:\Temp\Output -StartDate 141020 -EndDate 141020


Here the 4 files in the OutPath


And here how it looks when you do some analytics with Excel




I hope you will find this useful and it helps you to determine and solve any issues!

1 thought on “Troubleshooting Exchange with LogParser:IIS logs #2

  1. Pingback: Get-IISStats: Updated version available | The clueless guy

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s