Powershell for MEM

Linked Articles

EMail Architectures

Common Powershell Commands

Initializing a Session

This command is used for AirWatch to initialize a session. The two parameters required as the $creds and the PowerShell endpoint.

> $cred = Get-Credential

> $session = New-PSSession ConfigurationName Microsoft.Exchange -ConnectionUri https://<mailserver>/powershell Credential  
$cred Authentication Basic AllowRedirection

> Import-PSSession $session

Look at a user’s basic mailbox information

This command pulls basic information about a mailbox using an email address as the identity.

> Get-CASMailbox identity userguy | fl

Viewing a user’s list of devices

This command will list each device partnered with the CasMailbox.

> Get-ActiveSyncDevice mailbox userguy | fl (2010)  
> Get-MobileDevice mailbox userguy | fl (2013+)  

Additional device information

WS1 UEM does not pull from this listing, however, you can find some additional details (ex: when the device last synced) from this table.

> Get-ActiveSyncDeviceStatistics mailbox userguy | fl

Setting ActiveSync Devices to Allowed/Blocked

This is the form of a cmdlet used to issue an Allow/Block command to Exchange. This will insert “DeviceIDX” into the appropriate list.

> Set-CasMailbox identity userguy ActiveSyncAllowedDeviceIDs @{Add = DeviceId1} 
> Set-CasMailbox identity userguy ActiveSyncBlockedDeviceIDs @{Add = DeviceId2}

Selecting specific information or exporting data

This command is helpful when comparing AirWatch data to Exchange data.

> Get-ActiveSyncDevice ResultSize Unlimited | Select-Object  
DeviceID, DistinguishedName, DeviceType | Export-CSV  
ASD_selection.csv

WS1 UEM with Office 365

Disable the native access in O365 -> redirect to WS1 UEM First-time access will be denied, PowerShell command will be sent to O365 to whitelist the device, 2-3min later the email will flow

Set WS1 UEM as IDP to control other ways of accessing (Exchange Web Access, OWA etc)

This lacks some features (encrypt attachments, strip attachments etc), but can be mitigated using Boxer Needs ESC between Cloud AW and On-Prem Exchange

AW-PS Service Account
Remote Shell access to the Exchange Server associated mailbox on the server to issue remote commands

Required PowerShell roles: Mail Recipients Organization Client Access Recipient Policies Settings –> Email –> Email Settings Configure - Direct

Features:

  • Configure email over-the-air
  • Block unmanaged devices
  • Discover existing unmanaged devices
  • Require device encryption
  • Prevent compromised devices
  • Block mail client, user, device model or OS
  • Integrate or revoke certificates

Subsections of Powershell for MEM

Allowlist and Blacklist

ADMIN ACTIONS (BLOCKLIST)

Actions from Email dashboard:

  1. User selects device and clicks allowlist/ blocklist action
  2. Meg Queue Service sendsends allowlist/ blocklist powershell command to Exchange server appropriately 3. Meg Queue Service updates database to show your device status on email dashboard

Webconsole Log

Blocklist event:

After admin click Blocklist action for device, webconsole receives blocklist event for processing. Log prints device properties as described below:

MEMConfig - Email Settings used Device Count - Total number of devices blocklisted

Debug WanderingWiFi.AirWatch.BusinessImpl.MobileEmail.MobileEmailBusiness.PeristDeviceAccessStateChanged Received device access state change. MEMConfig: 48 Device Count: 1 935c3f93-3f33-49fb-b6c9-a07d0bcc8619

Event written to Microsoft Messaging Queue:

Webconsole writes blocklist event to Microsoft Messaging Queue. MEG Queue will read the queue and will process event.

Debug WanderingWiFi.AirWatch.BusinessImpl.MobileEmail.Util.DeviceStateChangeTypeMessageQueue.PersistGenericPayload Writing change device access state payload for LG '646' to queue: 'Name: AWSegCompliance, Protocol: Tcp, Address: .\Private$\, Encoding: Binary, QueueLocation: Local, BulkReadLimit: 1, ConnectionRetryCount: 3, ReadTimeout: -1, RetryInterval: 30, AutoCreate: False, ' 935c3f93-3f33-49fb-b6c9-a07d0bcc8619

MEG Que Log

Blocklist event received:

MEG Queue receives blocklist event for processing from webconsole. Device properties are printed in log identifying your device as shown below.

MemConfig Id - Email Settings used MEMDevice Id - Email Device Record Id number of devices - Total number of devices blocklisted EasDeviceIdentifier - Exchange Device ID User - Email user AccessLevel - Email access status Reasons - Reason for allow\block device Lg - Location Group ID Device Id - AirWatch device id

Debug AW.Meg.Queue.Service.Util.EndpointQueueManager._SplitByType Received 'DeviceAccessChangedPayload' message. MemConfig Id: '48', MEMDevice Id: '5744' 

Debug AW.Meg.Queue.Service.Util.EndpointQueueManager._ReceiveDeviceAccessChangedPayload Received 'DeviceAccessChangedPayload' message. MemConfigId: '48', number of devices: '1'.

Debug AW.Meg.Queue.Service.Processors.Office365DeviceAccessChangedProcessor.ProcessPayload Device access state changed. Device Id: '29'. Process ActiveSync command. Lg: '646', EasDeviceIdentifier: 'R4SQG79G556LPB3LFEVP66VO98', User: 'airwatchqa@airwatchpm.onmicrosoft.com', AccessLevel: 'Blocked', Reasons: Device is blacklisted: 29  

Debug WanderingWiFi.AirWatch.BusinessImpl.EnterpriseIntegrationHelper.SetBulkEasDeviceAccess BulkDeviceRequest - MemConfigId: 48, IsRunCompliance: False.

Powershell Admin details:

MEG Queue loads Powershell admin account details.

Debug WanderingWiFi.AirWatch.BusinessImpl.EnterpriseIntegrationHelper.DoSetBulkEasDeviceAccess Loading Exchange settings for MEMConfig: 48  

Debug WanderingWiFi.AirWatch.BusinessImpl.EnterpriseConfigurationProvider.LoadExchangeServiceConfiguration Loading exchange settings. MEMConfig: 48

Powershell Session creation:

MEG Queue creates powershell session to execute powershell command.

Debug AirWatch.CloudConnector.Common.PowerShell.SessionHelper.InitializeSession Initializing PowerShell session for Microsoft.Exchange @ PowerShell endpoint https://ps.outlook.com/powershell using Authentication type: Basic,  
User: airwatchadmin@airwatchpm.onmicrosoft.com, using service credentials: False, ViewEntireForest enabled: False  

Debug AirWatch.CloudConnector.Common.PowerShell.SessionHelper.InitializeSession Creating session for Microsoft.Exchange @ PowerShell endpoint https://ps.outlook.com/powershell using Authentication type: Basic, User: airwatchadmin@airwatchpm.onmicrosoft.com, using service credentials: False, ViewEntireForest enabled: False

Blocklisting device: MEQ Queue sends powershell block command to exchange so that email requests will be blocked.

Debug AirWatch.CloudConnector.Common.PowerShell.CommandHelper.SetActiveSyncDeviceIds Invoking command Set-CASMailbox -Identity 'airwatchqa@airwatchpm.onmicrosoft.com' -ActiveSyncBlockedDeviceIDs @{Add='R4SQG79G556LPB3LFEVP66VO98'} against the  
endpoint: SingleDeviceActionWithNormalPriority_airwatchadmin@airwatchpm.onmicrosoft.com@Microsoft.Exchange@https://ps.outlook.com/powershell

Powershell Session removal:

MEG Queue removes powershell session from memory.

Debug AirWatch.CloudConnector.Common.PowerShell.SessionHelper.InitializeSession PowerShell session successfully initialized for Microsoft.Exchange @ PowerShell endpoint https://ps.outlook.com/powershell using Authentication type: Basic,  
User: airwatchadmin@airwatchpm.onmicrosoft.com, using service credentials: False, ViewEntireForest enabled: False  

Debug AirWatch.CloudConnector.Common.PowerShell.SessionHelper.RemoveSession Removing session for Microsoft.Exchange @ PowerShell endpoint https://ps.outlook.com/powershell using Authentication type: Basic, User: airwatchadmin@airwatchpm.onmicrosoft.com, using service credentials: False, ViewEntireForest enabled: False

Database Update:

MEM Device Activity is saved to database so that Email List view reflects change.

Debug WanderingWiFi.AirWatch.ProviderImpl.MobileEmail.MobileEmailDataHandler.SaveMemDeviceActivitiesForPSRunCompliance() MEM Device Activity Saved Successfully... 1

Log files

aw.meg.queue.serviceblacklist.log weblogfile-blacklist.txt

Mailbox sync

Sync Mailboxes flow:

  1. Sync Mailboxes action is processed by webcosole and sent to MEG Queue for processing.
  2. MEG Queue Service invokes powershell fucntion to retrive all mailboxes.
  3. It then invokes powershell fucntion to retrive all EAS devices.
  4. Mailboxes and devices and reconciled and MEG Queue saves EAS device data to AirWatch database.

WEB CONSOLE LOG

Sync Mailboxes Event processing:

After admin clicks Sync Mailboxes action, webconsole receives event for processing.
Webconsole writes Sync Mailboxes event to Microsoft Messaging Queue. MEG Queue will read the queue and will process event.

2017/03/10 14:42:29.637 MEMCON 3c749df0-c28d-409e-84ac-0a2d29cc5566 [0000068-0000000] (28) Debug WanderingWiFi.AirWatch.BusinessImpl.MobileEmail.Util.DeviceStateChangeTypeMessageQueue.PersistGenericPayload Writing sync eas mailbox payload for LG '627' to queue: 'Name: AWSegCompliance, Protocol: Tcp, Address: .\Private$\, Encoding: Binary, QueueLocation: Local, BulkReadLimit: 1, ConnectionRetryCount: 3, ReadTimeout: -1, RetryInterval: 30, AutoCreate: False, ' 9525ac55-84d8-4ae2-b8e1- b7b183f84afd

MEG QUE LOG

Sync Mailboxes event received:

MEG Queue receives Sync Mailboxes event for processing from webconsole.
Sync Mailboxes operation is initiated.

Debug AW.Meg.Queue.Service.Util.EndpointQueueManager._SplitByType Received 'SyncEasDevicesPayload' message. MemConfig Id: '30' Info AW.Meg.Queue.Service.Util.SyncAllMailboxesTask.PerformTask Sync Mailboxes task will initiate for MEMConfig '30'.

Retrieving Mailboxes:

MEG Queue prepares to retrieve Mailboxes. It prints filter if applicable.

Debug WanderingWiFi.AirWatch.BusinessImpl.MobileEmail.MobileEmailBusiness.SyncEasDevices Retrieving CAS mailboxes. MEMConfig: 30  

Debug WanderingWiFi.AirWatch.BusinessImpl.MobileEmail.MobileEmailBusiness.SyncEasDevices Sync Result Type : None; No Filter Provided.

Powershell Admin details:

MEG Queue loads Powershell admin account details. It also loads ACC details if any.

Debug WanderingWiFi.AirWatch.BusinessImpl.EnterpriseConfigurationProvider.LoadExchangeServiceConfiguration Loading exchange settings. MEMConfig: 30  

Debug WanderingWiFi.AirWatch.BusinessImpl.EnterpriseConfigurationProvider.LoadExchangeServiceConfiguration Getting service relay configuration. ACC location group overridden by MEM configuration: False. Location group:'627'

Powershell Session creation:

MEG Queue creates powershell session to execute powershell command.

Debug AirWatch.CloudConnector.Common.PowerShell.SessionHelper.InitializeSession Initializing PowerShell session for Microsoft.Exchange @ PowerShell endpoint https://mail-mem13.ssdevrd.com/powershell using Authentication type: Basic, User: mem13\svcPSTest, using service credentials: False, ViewEntireForest enabled: False  

Debug AirWatch.CloudConnector.Common.PowerShell.SessionHelper.InitializeSession Creating session for Microsoft.Exchange @ PowerShell endpoint https://mail-mem13.ssdevrd.com/powershell using Authentication type: Basic, User: mem13\svcPSTest, using service credentials: False, ViewEntireForest enabled: False

Debug AirWatch.CloudConnector.Common.PowerShell.SessionHelper.InitializeSession PowerShell session successfully initialized for Microsoft.Exchange @ PowerShell endpoint https://mail-mem13.ssdevrd.com/powershellusing Authentication type: Basic, User: mem13\svcPSTest, using service credentials: False, ViewEntireForest enabled: False

Sending powershell command to Retrieve Mailboxes:

MEQ Queue calls powershell function to Retrieve Mailboxes from exchange. Number of mailboxes retrieved are listed in log as shown.

Debug WanderingWiFi.AirWatch.BusinessImpl.EnterpriseIntegrationHelper.ListCasMailboxes Retrieving CAS mailbox list records 1 to 25000 at ExchangeService https://mail-mem13.ssdevrd.com/powershell.  

Debug AirWatch.CloudConnector.ExchangeServices.MailboxManagementService.ListCasMailboxes Retrieving CAS mailbox list records 1 to 25000.  
Debug AirWatch.CloudConnector.Common.PowerShell.CommandHelper.ListCasMailboxes Invoking command 'AW-Get-CASMailboxList'. Endpoint: 'BulkDeviceAction_mem13\svcPSTest@Microsoft.Exchange@https://mail-mem13.ssdevrd.com/powershell'  

Debug AirWatch.CloudConnector.ExchangeServices.MailboxManagementService.ListCasMailboxes Retrieved CAS mailbox list records 1 to 23 of 23.  

Debug WanderingWiFi.AirWatch.BusinessImpl.EnterpriseIntegrationHelper.ListCasMailboxes Retrieved CAS mailbox list records 1 to 23 of 23 at ExchangeService https://mail-mem13.ssdevrd.com/powershell.

Powershell Session removal:

MEG Queue removes powershell session from memory.

Debug AirWatch.CloudConnector.Common.PowerShell.SessionHelper.RemoveSession Removing session for Microsoft.Exchange @ PowerShell endpoint https://mail-mem13.ssdevrd.com/powershell using Authentication type: Basic, User: mem13\svcPSTest, using service credentials: False, ViewEntireForest enabled: False  

Debug AirWatch.CloudConnector.Common.PowerShell.SessionHelper.RemoveSession Session removed for Microsoft.Exchange @ PowerShell endpoint https://mail-mem13.ssdevrd.com/powershell using Authentication type: Basic, User: mem13\svcPSTest, using service credentials: False, ViewEntireForest enabled: False

Retrieving ActiveSync devices:

MEQ Queue calls powershell function to Retrieve Mailboxes from exchange. Number of devices retrieved are listed in log as shown.

Debug WanderingWiFi.AirWatch.BusinessImpl.MobileEmail.MobileEmailBusiness.SyncEasDevices Retrieving ActiveSync devices. MEMConfig: 30  

Debug WanderingWiFi.AirWatch.BusinessImpl.MobileEmail.MobileEmailBusiness.SyncEasDevices Sync Result Type : None; No Filter Provided.

Debug AirWatch.CloudConnector.Common.PowerShell.CommandHelper.ListActiveSyncDevices Invoking command 'AW-Get- ActiveSyncDeviceList'. Endpoint: 'BulkDeviceAction_mem13\svcPSTest@Microsoft.Exchange@https://mail-mem13.ssdevrd.com/powershell', PowerShellDeploymentType: '5'.

Debug AirWatch.CloudConnector.ExchangeServices.MailboxManagementService.ListActiveSyncDevices Retrieved ActiveSync device list records 1 to 217 of 217.  
Debug WanderingWiFi.AirWatch.BusinessImpl.EnterpriseIntegrationHelper.ListActiveSyncDevices Retrieved ActiveSync device list records 1 to 217 of 217 at ExchangeService https://mail-mem13.ssdevrd.com/powershell.

Reconciling Devices:

MEG Queue compare AirWatch MEM Devices with EAS devices retreived from exchange.
If EAS device retrived from exchange matches with one of AirWatch device, MEG Queue will update AirWatch MEM Device with latest status. Otherwise new unmanged device record is created.

Debug WanderingWiFi.AirWatch.BusinessImpl.MobileEmail.MobileEmailBusiness.SyncEasDevices Reconciling EAS devices with known devices in AirWatch. MEMConfig: 30

Updating Managed Device:

Below statement shows that there is 1 matched device after reconcilation process.

Debug WanderingWiFi.AirWatch.BusinessImpl.MobileEmail.MobileEmailBusiness.ReconcileEasDevices Updating '1' known managed EAS devices. MEMConfig: '30'

Debug WanderingWiFi.AirWatch.BusinessImpl.MobileEmail.MobileEmailBusiness.UpdateManagedDevices Finding managed devices from payloads.  
Debug WanderingWiFi.AirWatch.BusinessImpl.MobileEmail.MobileEmailBusiness.UpdateManagedDevices Finding unmanaged devices from payloads.

Debug WanderingWiFi.AirWatch.ProviderImpl.MobileEmail.MobileEmailDataHandler.SaveMemDevices() Save MEM Device  

Debug WanderingWiFi.AirWatch.ProviderImpl.MobileEmail.MobileEmailDataHandler.SaveMemDevices() Save MemDevice for ActiveSyncPayload Instance: MEMDeviceId: 5614, LocationGroupID: 627, MEMConfigId: 30, IsManaged: True, EasDeviceIdentifier: 0EANTNG9L56LL8FLD1SFVFNK64, DeviceId: 19, SyncAllowed: True  
, EasDeviceType: iPod, EasDeviceUserAgent: Apple-iPod5C1/1307.36, EasmailboxIdentity: MEM13.ORG/Users/MEM2, EasMailboxDisplayName: MEM2, EmailAddress: MEM2@mem13.ssdevrd.com  
, UserName: MEM2, Command: Reconciled Access State, GatewayHostName:  
, CreateNewUnmanaged: False, UpdateManaged: True, EmailClient: , TimeOfRequest: Friday, March 10, 2017  
, Allowed Reason: AllowedByDefault

Debug WanderingWiFi.AirWatch.ProviderImpl.MobileEmail.MobileEmailDataHandler.SaveMemDevices() MEM Devices Saved Successfully Debug WanderingWiFi.AirWatch.BusinessImpl.MobileEmail.MobileEmailBusiness.UpdateManagedDevices Updated managed devices. '1' Updated successfully.

Updating MemDeviceActivity:

MEG Queue updates MemDeviceActivity record with appropriate status.

Debug WanderingWiFi.AirWatch.BusinessImpl.MobileEmail.MobileEmailBusiness.UpdateMEMDeviceActivity ++UpdateMEMDeviceActivity Debug WanderingWiFi.AirWatch.BusinessImpl.MobileEmail.MobileEmailBusiness.UpdateMEMDeviceActivity  
ActiveSyncPayload Instance: MEMDeviceId: 5614, LocationGroupID: 627, MEMConfigId: 30, IsManaged: True, EasDeviceIdentifier: 0EANTNG9L56LL8FLD1SFVFNK64, DeviceId: 19, SyncAllowed: True, EasDeviceType: iPod, EasDeviceUserAgent: Apple-iPod5C1/1307.36, EasmailboxIdentity: MEM13.ORG/Users/MEM2, EasMailboxDisplayName: MEM2, EmailAddress: MEM2@mem13.ssdevrd.com

UserName: MEM2, Command: Reconciled Access State, GatewayHostName:  
CreateNewUnmanaged: False, UpdateManaged: True, EmailClient: , TimeOfRequest: Friday, March 10, 2017
Allowed Reason: AllowedByDefault

Debug WanderingWiFi.AirWatch.ProviderImpl.MobileEmail.MobileEmailDataHandler.SaveMEMDeviceActivities() Saving MEM Device Activity  

Debug WanderingWiFi.AirWatch.ProviderImpl.MobileEmail.MobileEmailDataHandler.SaveMEMDeviceActivities() MEM Device Activity Saved Successfully... 1

Updating MemDeviceConfig:

MEG Queue updates MemDeviceConfig record with appropriate status.

Debug WanderingWiFi.AirWatch.BusinessImpl.MobileEmail.MobileEmailBusiness.UpdateMEMDeviceConfig MemDeviceConfig for Managed Device: MemDeviceId: 5614, MemConfigId: 30  

Debug WanderingWiFi.AirWatch.BusinessImpl.MobileEmail.MobileEmailBusiness.UpdateMEMDeviceConfig Total Mem Device Config Records Count: 1

Debug WanderingWiFi.AirWatch.ProviderImpl.MobileEmail.MobileEmailDataHandler.SaveMemDeviceConfig ++SaveMemDeviceConfig

Creating unmanaged devices:

If EAS device retrived from exchange do not match with one of AirWatch device, MEG Queue will create unmanaged AirWatch MEM Device.

Debug WanderingWiFi.AirWatch.BusinessImpl.MobileEmail.MobileEmailBusiness.ReconcileEasDevices Updating '216' discovered unmanaged EAS devices. MEMConfig: '30'  

Debug WanderingWiFi.AirWatch.BusinessImpl.MobileEmail.MobileEmailBusiness.UpdateDeviceStatus Updating access state for '216' devices in database.

Creating unmanaged MemDevice:

MEG Queue creates unmanaged MEMDevice records as shown below.

Debug WanderingWiFi.AirWatch.BusinessImpl.MobileEmail.MobileEmailBusiness.CreateUnmanagedMEMDevices ++CreateUnmanagedMEMDevices

Debug WanderingWiFi.AirWatch.ProviderImpl.MobileEmail.MobileEmailDataHandler.SaveMemDevices() Save MemDevice for ActiveSyncPayload Instance: MEMDeviceId: 0, LocationGroupID: 627, MEMConfigId: 30, IsManaged: False, EasDeviceIdentifier: boxer1485882972781, DeviceId: 0, SyncAllowed: True  
, EasDeviceType: Android, EasDeviceUserAgent: AirWatch Boxer (Nexus 6P; Android 6.0.1) Version 4.1.0.12/352, EasmailboxIdentity: MEM13.ORG/Users/TBurgess, EasMailboxDisplayName: TBurgess, EmailAddress: TBurgess@mem13.ssdevrd.com

, UserName: TBurgess, Command: Discovered EAS Device, GatewayHostName:  
, CreateNewUnmanaged: True, UpdateManaged: False, EmailClient: , TimeOfRequest: Friday, March 10, 2017 , Allowed Reason: AllowedByDefault

Creating unmanaged MEMDeviceActivity:

MEG Queue creates unmanaged MEMDeviceActivity records as shown below.

Debug WanderingWiFi.AirWatch.BusinessImpl.MobileEmail.MobileEmailBusiness.UpdateMEMDeviceActivity ++UpdateMEMDeviceActivity Debug WanderingWiFi.AirWatch.BusinessImpl.MobileEmail.MobileEmailBusiness.UpdateMEMDeviceActivity  
ActiveSyncPayload Instance: MEMDeviceId: 5748, LocationGroupID: 627, MEMConfigId: 30, IsManaged: False, EasDeviceIdentifier: boxer1485882972781, DeviceId: 0, SyncAllowed: True

, EasDeviceType: Android, EasDeviceUserAgent: AirWatch Boxer (Nexus 6P; Android 6.0.1) Version 4.1.0.12/352, EasmailboxIdentity: MEM13.ORG/Users/TBurgess, EasMailboxDisplayName: TBurgess, EmailAddress: TBurgess@mem13.ssdevrd.com  
, UserName: TBurgess, Command: Discovered EAS Device, GatewayHostName:  
, CreateNewUnmanaged: True, UpdateManaged: False, EmailClient: , TimeOfRequest: Friday, March 10, 2017

, Allowed Reason: AllowedByDefault

Debug WanderingWiFi.AirWatch.ProviderImpl.MobileEmail.MobileEmailDataHandler.SaveMEMDeviceActivities() Saving MEM Device Activity  

Debug WanderingWiFi.AirWatch.ProviderImpl.MobileEmail.MobileEmailDataHandler.SaveMEMDeviceActivities() MEM Device Activity Saved Successfully... 100

Debug WanderingWiFi.AirWatch.ProviderImpl.MobileEmail.MobileEmailDataHandler.SaveMEMDeviceActivities() MEM Device Activity Saved Successfully... 200  

Debug WanderingWiFi.AirWatch.ProviderImpl.MobileEmail.MobileEmailDataHandler.SaveMEMDeviceActivities() MEM Device Activity Saved Successfully... 216

Debug WanderingWiFi.AirWatch.BusinessImpl.MobileEmail.MobileEmailBusiness.UpdateMEMDeviceActivity Saved device activities. '216' Saved successfully.

Creating unmanaged MEMDeviceConfig:

MEG Queue creates MEMDeviceConfig records for unmanaged devices as shown below.

Debug WanderingWiFi.AirWatch.BusinessImpl.MobileEmail.MobileEmailBusiness.UpdateMEMDeviceConfig Collecting Managed MEM Device Config Records.  

Debug WanderingWiFi.AirWatch.BusinessImpl.MobileEmail.MobileEmailBusiness.UpdateMEMDeviceConfig Collecting Unmanaged MEM Device Config Records.  

Debug WanderingWiFi.AirWatch.BusinessImpl.MobileEmail.MobileEmailBusiness.UpdateMEMDeviceConfig MemDeviceConfig for Unmanaged Device: MemDeviceId: 5748, MemConfigId: 30

Debug WanderingWiFi.AirWatch.BusinessImpl.MobileEmail.MobileEmailBusiness.UpdateMEMDeviceConfig MemDeviceConfig for Unmanaged Device: MemDeviceId: 5762, MemConfigId: 30

Debug WanderingWiFi.AirWatch.BusinessImpl.MobileEmail.MobileEmailBusiness.UpdateMEMDeviceConfig Total Mem Device Config Records Count: 216

Discovered Mail Clients:

MEQ Queue collects all mail client names and saves in AirWatch database. These mailclients are presented to user for selection in Mail Client policy for configuring policy rules.

Debug WanderingWiFi.AirWatch.BusinessImpl.MobileEmailGateway.ActiveSyncBusiness Finding new mail clients.  

Debug WanderingWiFi.AirWatch.ProviderImpl.MobileEmailGateway.MailClientDataHandler Look for mail client list in cache.  

Debug WanderingWiFi.AirWatch.ProviderImpl.MobileEmailGateway.MailClientDataHandler Mail client list not found in cache. Loading from database.  
Debug WanderingWiFi.AirWatch.BusinessImpl.MobileEmailGateway.ActiveSyncBusiness Found '17' new mail clients.  

Debug WanderingWiFi.AirWatch.BusinessImpl.MobileEmailGateway.ActiveSyncBusiness Saving new mail clients.  

Debug WanderingWiFi.AirWatch.BusinessImpl.MobileEmailGateway.ActiveSyncBusiness Save mail client successful for LG : '627'  

Debug WanderingWiFi.AirWatch.BusinessImpl.MobileEmailGateway.ActiveSyncBusiness Saved new mail clients. '1' Saved successfully. '0' had errors.

Discovered User Accounts:

MEQ Queue collects all User Accounts and saves in AirWatch database.
These User Accounts are presented to user for selection in User policy for configuring policy rules.

Debug WanderingWiFi.AirWatch.BusinessImpl.MobileEmailGateway.ActiveSyncBusiness Finding new email account users.  

Debug WanderingWiFi.AirWatch.ProviderImpl.MobileEmailGateway.ActiveSyncDataHandler.LoadAccountUserNames Look for account user list in cache.  

Debug WanderingWiFi.AirWatch.ProviderImpl.MobileEmailGateway.ActiveSyncDataHandler.LoadAccountUserNames Account user list not found in cache. Loading from database.  

Debug WanderingWiFi.AirWatch.BusinessImpl.MobileEmailGateway.ActiveSyncBusiness Found '2' new email account users.  

Debug WanderingWiFi.AirWatch.BusinessImpl.MobileEmailGateway.ActiveSyncBusiness Saving new email account users.  

Debug WanderingWiFi.AirWatch.ProviderImpl.MobileEmailGateway.ActiveSyncDataHandler.BulkSaveAccountUserName Saving Account User(s)...  

Debug WanderingWiFi.AirWatch.ProviderImpl.MobileEmailGateway.ActiveSyncDataHandler.BulkSaveAccountUserName Saved Account User(s), index: 2  

Debug WanderingWiFi.AirWatch.BusinessImpl.MobileEmailGateway.ActiveSyncBusiness Saved new email account user for location group: '627'  

Debug WanderingWiFi.AirWatch.BusinessImpl.MobileEmailGateway.ActiveSyncBusiness Saved new email account users. '1' Saved successfully. '0' had errors.

Finished:

Info AW.Meg.Queue.Service.Util.SyncAllMailboxesTask.PerformTask Sync Mailboxes task finished for MEMConfig '30'.

Log Files

aw.meg.queue.service-syncmailboxes.log

Run Compliance

WEBCONSOLE LOG

Run Compliance Event processing:

After admin clicks Run Compliance action, webconsole receives event for processing.
Webconsole writes Sync Mailboxes event to Microsoft Messaging Queue. MEG Queue will read the queue and will process event.

Debug WanderingWiFi.AirWatch.BusinessImpl.MobileEmail.MobileEmailBusiness.PersistDeviceStateChangeByLg Received state change event. LG: 627 Type: PolicyPublish 6e76d060-02d6-4515-ab6d-1f90ff41ec1b  

Debug WanderingWiFi.AirWatch.BusinessImpl.MobileEmail.Util.DeviceStateChangeTypeMessageQueue.PersistGenericPayload Writing device state change payload for LG '627' to queue: 'Name: AWSegCompliance, Protocol: Tcp, Address: .\Private$\, Encoding: Binary, QueueLocation: Local, BulkReadLimit: 1, ConnectionRetryCount: 3, ReadTimeout: -1, RetryInterval: 30, AutoCreate: False, ' 6e76d060-02d6-4515-ab6d-1f90ff41ec1b

MEG QUE LOG

Run Compliance event received:

MEG Queue receives Run Compliance event for processing from webconsole. Run Compliance operation is initiated.

Debug AW.Meg.Queue.Service.Util.EndpointQueueManager.Process A message is added to the queue for endpoint 'https://mail- mem13.ssdevrd.com/powershell-.-mem13\svcPSTest', for MemConfig Id: '30'.  

Debug AW.Meg.Queue.Service.Util.EndpointQueueManager._SplitByType Received 'DeviceStateChangePayload' message. MemConfig Id: '30', Device Id: '', StateChangeType: 'PolicyPublish'  

Debug AW.Meg.Queue.Service.Processors.Office365DeviceStateChangedProcessor.DoProcess Processing 'PolicyPublish' event for LG '627', Device Id: '', MEM Config Id: '30'

Powershell Admin details:

MEG Queue loads Powershell admin account details. It also loads ACC details if any.

Debug WanderingWiFi.AirWatch.BusinessImpl.EnterpriseConfigurationProvider.LoadExchangeServiceConfiguration Getting service relay configuration. ACC location group overridden by MEM configuration: False. Location group:'627'  

Debug WanderingWiFi.AirWatch.BusinessImpl.EnterpriseConfigurationProvider.LoadExchangeServiceConfiguration Loaded exchange settings. MEMConfig: 30

Debug WanderingWiFi.AirWatch.BusinessImpl.EnterpriseIntegrationHelper.TestExchangeConnection Load Exchange service configuration for location group 627

Policy Evaluation:

MEG Que evaluates policy and determine all devices that needs access state change (allow or block). Below log shows example of device evaluated to be blocked by user policy.

Debug AW.Meg.Queue.Service.Util.RunComplianceTask.ProcessUpdateDevicePolicies Total 1 policies retrieved from database for the process.  

Debug AW.Meg.Queue.Service.Util.RunComplianceTask.ProcessUpdateDevicePolicies Total 1 mailboxes were found with known devices. Debug AW.Meg.Queue.Service.Util.RunComplianceTask.ProcessUpdateDevicePolicies Known Policy: EasDeviceIdentifier 0EANTNG9L56LL8FLD1SFVFNK64, MemDeviceId: 5614, Allowed: False, MailboxIdentity: , LastCommand: Mail Server Update, DeviceAccessStateReason: , LastMailAccessAllowed: True

Debug AW.Meg.Queue.Service.Util.RunComplianceTask.ProcessUpdateDevicePolicies Evaluated device. DeviceId: '19', EasDeviceIdentifier: '0EANTNG9L56LL8FLD1SFVFNK64', Allowed: 'False', Reason(s): Account user mem2 is blocked

Powershell Session creation:

MEG Queue creates powershell session to execute powershell command.

Debug AirWatch.CloudConnector.Common.PowerShell.SessionHelper.InitializeSession Initializing PowerShell session for Microsoft.Exchange @ PowerShell endpoint https://mail-mem13.ssdevrd.com/powershell using Authentication type: Basic, User: mem13\svcPSTest, using service credentials: False, ViewEntireForest enabled: False  

Debug AirWatch.CloudConnector.Common.PowerShell.SessionHelper.InitializeSession PowerShell session successfully initialized for Microsoft.Exchange @ PowerShell endpoint https://mail-mem13.ssdevrd.com/powershellusing Authentication type: Basic, User: mem13\svcPSTest, using service credentials: False, ViewEntireForest enabled: False

Blacklisting device:

MEQ Queue sends powershell block command to exchange so that email requests will be blocked.

Debug AirWatch.CloudConnector.Common.PowerShell.CommandHelper.SetActiveSyncDeviceIds Invoking command Set-CASMailbox -Identity 'mem2@mem13.ssdevrd.com' -ActiveSyncBlockedDeviceIDs @{Add='0EANTNG9L56LL8FLD1SFVFNK64'} against the endpoint: BulkDeviceAction_mem13\svcPSTest@Microsoft.Exchange@https://mail-mem13.ssdevrd.com/powershell

Powershell Session removal:

MEG Queue removes powershell session from memory.

Debug AirWatch.CloudConnector.Common.PowerShell.SessionHelper.RemoveSession Removing session for Microsoft.Exchange @ PowerShell endpoint https://mail-mem13.ssdevrd.com/powershell using Authentication type: Basic, User: mem13\svcPSTest, using service credentials: False, ViewEntireForest enabled: False  

Debug AirWatch.CloudConnector.Common.PowerShell.SessionHelper.RemoveSession Session removed for Microsoft.Exchange @ PowerShell endpoint https://mail-mem13.ssdevrd.com/powershell using Authentication type: Basic, User: mem13\svcPSTest, using service credentials: False, ViewEntireForest enabled: False

Updating AirWatch Database:

After successfully blocking device, AirWatch database is updated with current status.

Debug WanderingWiFi.AirWatch.BusinessImpl.MobileEmail.MobileEmailBusiness.UpdateMemDeviceActivitiesForPSRunCompliance ++UpdateMemDeviceActivitiesForPSRunCompliance  

Debug WanderingWiFi.AirWatch.BusinessImpl.MobileEmail.MobileEmailBusiness.UpdateMemDeviceActivitiesForPSRunCompliance Total 1 MEMDeviceActivity records will be updated.

Debug WanderingWiFi.AirWatch.ProviderImpl.MobileEmail.MobileEmailDataHandler.SaveMemDeviceActivitiesForPSRunCompliance()

2 of 3 19.07.2022, 13:11

VMWare Workspace ONE MEM Team - PowerShell - Run Compliance https://onevmw.sharepoint.com/teams/VMWareAirWatchMEM/SitePage...

++SaveMemDeviceActivitiesForPSRunCompliance  
Debug WanderingWiFi.AirWatch.ProviderImpl.MobileEmail.MobileEmailDataHandler.SaveMemDeviceActivitiesForPSRunCompliance() MEM Device Activity Saved Successfully... 1  

Debug WanderingWiFi.AirWatch.ProviderImpl.MobileEmail.MobileEmailDataHandler.SaveMemDeviceActivitiesForPSRunCompliance() --SaveMemDeviceActivitiesForPSRunCompliance  

Debug WanderingWiFi.AirWatch.BusinessImpl.MobileEmail.MobileEmailBusiness.UpdateMemDeviceActivitiesForPSRunCompliance --UpdateMemDeviceActivitiesForPSRunCompliance

Finished:

Info AW.Meg.Queue.Service.Util.SyncAllMailboxesTask.PerformTask Run compliance task finished for MEMConfig '30'.

Log files

aw.meg.queue.service-runcompliance.log weblogfile-runcompliance.txt