We are running a POC for logbinder for exchange in our environment, however it is not possible to configure an Input - No option available/disabled.  Do I require a temporary license for this?

When you download and install LOGbinder the first time, it comes with a 30-day temporary license. This license provides full functionality for the 30-day time period.

In LOGbinder for Exchange, you can only set one input at a time. That input is already there, you just have to change its properties. Please click on the line under Input that says Exchange Server Audit as the Input Type, and open its properties to configure it.

Thanks Tamas,

After completing hte configurations - specifying the powershell URL; Exchange URL; Recipient plus ensuring that the service account has the relevant permissions on Exchange, i am still not able to view audit events on Logbinder for exchange.

where would one get logs to help troubleshoot what the issue might be? NB: none of the errors documented in Appendix 5 have been experienced.

First,check under the input properties if there are any entries under Transactions. If there are entries, it means that LOGbinder is sending out audit log requests to the Exchange server. Once the File Name and Completed fields are filled out, it means that LOGbinder has received and processed the results.

It might take a considerable time between LOGbinder requesting the audit logs and receiving them back from Exchange. For Exchange 2010, it might be 30 minutes on average, while with Exchange 2013, it can take an entire day. You can speed this up by changing the Exchange audit search poll interval to a smaller value, such as 10 or 15 minutes.

Hi,

Upon enabling auditing, below is the error currently experienced (attached too).  How can i enable insecure  (i.e. -allowUntrested) option?:


2017-08-23 12:53:54.05 Logging (2 Error) <007> Exchange Shell Service: Cannot open Powershell using connnection string https://xxxxxxxx.yyyyyyy.net/Powershell. Error: System.Management.Automation.Remoting.PSRemotingTransportException: Connecting to remote server failed with the following error message : The server certificate on the destination computer (https://xxxxxxxx.yyyyyyy.net:443) has the following errors: 
The SSL certificate contains a common name (CN) that does not match the hostname. For more information, see the about_Remote_Troubleshooting Help topic.;  at System.Management.Automation.Runspaces.Internal.RunspacePoolInternal.EndOpen(IAsyncResult asyncResult)
 at System.Management.Automation.Runspaces.RunspacePool.Open()
 at System.Management.Automation.RemoteRunspace.Open()
 at Mtg.Logbinder.Exchange.ExchangeShellService.GetVersion() in C:\agent\_work\3\s\LogbinderEX\Mtg.Logbinder.Exchange\ExchangeShellService.cs:line 472
2017-08-23 12:53:54.10 Logging (1 Critical) <007> Error: LOGbinder for Exchange needs valid Powershell URL to continue. Current value https://xxxxxxxx.yyyyyyy.net/Powershell is invalid. Error: Connecting to remote server failed with the following error message : The server certificate on the destination computer (https://xxxxxxxx.yyyyyyy.net:443) has the following errors: 
The SSL certificate contains a common name (CN) that does not match the hostname. For more information, see the about_Remote_Troubleshooting Help topic.
2017-08-23 12:53:54.13 Logging (8) <007> Exchange Shell Service: Completed get Exchange server version with fatal error
2017-08-23 12:53:54.13 Logging (8) <007> Exchange Exporter: Creating mailbox service
2017-08-23 12:53:54.13 Logging (8) <007> Exchange Mailbox Service: Starting initalize mailbox service
2017-08-23 12:53:54.13 Logging (8) <007> Exchange Mailbox Service: Completed initalize mailbox service
2017-08-23 12:53:54.13 Logging (8) <007> Exchange Shell Service: Starting running retrieval
2017-08-23 12:53:54.13 Logging (8) <007> Exchange Shell Service: Starting creating powershell instance
2017-08-23 12:53:54.13 Logging (8) <007> Exchange Shell Service: Completed creating powershell instance
2017-08-23 12:53:54.13 Logging (8) <007> Exchange Shell Service: Starting powershell
2017-08-23 12:53:54.13 Logging (16) <007> Exchange Shell Service: Setting runspace
2017-08-23 12:53:54.13 Logging (16) <007> Exchange Shell Service: Opening runspace
2017-08-23 12:53:54.16 Logging (2 Error) <007> Exchange Mailbox Service: Could not open runspace. Will retry in 10 seconds. Details: System.Management.Automation.Remoting.PSRemotingTransportException: Connecting to remote server failed with the following error message : The server certificate on the destination computer (https://xxxxxxxx.yyyyyyy.net:443) has the following errors: 
The SSL certificate contains a common name (CN) that does not match the hostname. For more information, see the about_Remote_Troubleshooting Help topic.

Further to my previous post more log info:
Test 1:

[PS] C:\>Test-PowerShellConnectivity -ConnectionUri https://xxxxxxx.yyyyyy.net/Powershell -TestCredential $yyyyyy.net\zzzzzzzz -Authentication Basic
Cannot validate argument on parameter 'TestCredential'. The argument is null. Supply a non-null argument and try the co
mmand again.
  + CategoryInfo    : InvalidData: ( [Test-PowerShellConnectivity], ParameterBindingValidationException
  + FullyQualifiedErrorId : ParameterArgumentValidationError,Test-PowerShellConnectivity

[PS] C:\>Test-PowerShellConnectivity -ConnectionUri https://xxxxxxx.yyyyyy.net/Powershell

Windows PowerShell Credential Request : cmdlet Test-PowerShellConnectivity at command pipeline position 1
Warning: This credential is being requested by a script or application on the xxxxxxx.yyyyyy.net remote
computer. Enter your credentials only if you trust the remote computer and the application or script requesting it.

Supply values for the following parameters:
TestCredential
Logon to the virtual directory 'xxxxxxx.yyyyyy.net/Powershell' failed with the following error: 'Connect
ing to remote server failed with the following error message : The server certificate on the destination computer (xxxxxxx.yyyyyy.net:443) has the following errors:
The SSL certificate could not be checked for revocation. The server used to check for revocation might be unreachable.

The SSL certificate contains a common name (CN) that does not match the hostname. For more information, see the about_Remote_Troubleshooting Help topic.'. For more information, see the application event log.
  + CategoryInfo    : NotSpecified: ( [Test-PowerShellConnectivity], LocalizedException
  + FullyQualifiedErrorId : F5C85988,Microsoft.Exchange.Monitoring.TestRemotePowerShellConnectivity

Test 2: (Trust any ssl certificate)

[PS] C:\>Test-PowerShellConnectivity -ConnectionUri xxxxxxx.yyyyyy.net/Powershell -TrustAnySSLCertificate


Windows PowerShell Credential Request : cmdlet Test-PowerShellConnectivity at command pipeline position 1
Warning: This credential is being requested by a script or application on the Sxxxxxxx.yyyyyy.net remote
computer. Enter your credentials only if you trust the remote computer and the application or script requesting it.

Supply values for the following parameters:
TestCredential
Logon to the virtual directory 'xxxxxxx.yyyyyy.net/Powershell' failed with the following error: 'Connect
ing to remote server failed with the following error message : The WinRM client cannot process the request. The WinRM c
lient tried to use Negotiate authentication mechanism, but the destination computer (xxxxxxx.yyyyyy.net:443) ret
urned an 'access denied' error. Change the configuration to allow Negotiate authentication mechanism to be used or spec
ify one of the authentication mechanisms supported by the server. To use Kerberos, specify the local computer name as t
he remote destination. Also verify that the client computer and the destination computer are joined to a domain. To use
Basic, specify the local computer name as the remote destination, specify Basic authentication and provide user name a
nd password. Possible authentication mechanisms reported by server: For more information, see the about_Remote_Troubles
hooting Help topic.'. For more information, see the application event log.
  + CategoryInfo    : NotSpecified: ( [Test-PowerShellConnectivity], LocalizedException
  + FullyQualifiedErrorId : BC25E3C,Microsoft.Exchange.Monitoring.TestRemotePowerShellConnectivity


CasServer LocalSite  Scenario   Result Latency(MS) Error
--------- ---------  --------   ------ ----------- -----
    Default-Fi... Logon User  Failure     Connecting to remote ...
    Default-Fi... Logon User  Failure     Connecting to remote ...


[PS] C:\>


Question:  How do we go about resolving the two issues above? - certificate trust issue and WinRm issue.

In most environments, the PowerShell connection is set up through http, not https. Please try to set the PowerShell URL to use http.

If you do need https, then you need to resolve issues with the PowerShell connection, such as the certificate issue ("The SSL certificate contains a common name (CN) that does not match the hostname.")

Thank you  there is an improvement after setting up the PowerShell connectin through HTTP.  however, a new error below has now occurred (The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel) - raw error log below:

2017-08-24 09:43:54.64 Logging (8) <007> Exchange Shell Service: Completed powershell
2017-08-24 09:43:54.66 Logging (8) <007> Exchange Shell Service: Completed running retrieval
2017-08-24 09:43:54.68 Logging (8) <007> Exchange Mailbox Service: Beginning discovery
2017-08-24 09:43:54.69 Logging (8) <007> Exchange Mailbox Service: Searching mailbox
2017-08-24 09:43:54.90 Logging (2 Error) <007> Exchange Mailbox Service: Could not find items. Will retry in 10 seconds. Details: Microsoft.Exchange.WebServices.Data.ServiceRequestException: The request failed. The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.; Microsoft.Exchange.WebServices.Data.ServiceRequestException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.; Microsoft.Exchange.WebServices.Data.ServiceRequestException: The remote certificate is invalid according to the validation procedure.

How can I make LogbinderEx bypass .NET checking whether SSL certificates are signed by a certificate from the Trusted Root Certificate Store? NB added the EWS certificate to local root certificate store on the logbinder server.

Thanks.  I changed the Powershell conection to Http and it seems to connect well.  Another error though observed in the service processor logs (Could not establish trust relationship for the SSL/TLS secure channel):   How can we block logbinder for exchange from validating the SSL certificate; so that it will accept all ssl certificates and let me get through the exchange server?   This site https://msdn.microsoft.com/en-us/library/bb408523.aspx recommends the piece of code below:

ServicePointManager.ServerCertificateValidationCallback = (sender, certificate, chain, sslPolicyErrors) => true;
But how/where can i append this withing logbinder?
NB:  All certificates on exchange ews have been imported into logbinders computer "Trusted Root certificate authorities"

 The Raw log details below:

Exchange Mailbox Service: Could not find items. Will retry in 20 seconds. Details: Microsoft.Exchange.WebServices.Data.ServiceRequestException: The request failed. The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.; Microsoft.Exchange.WebServices.Data.ServiceRequestException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.; Microsoft.Exchange.WebServices.Data.ServiceRequestException: The remote certificate is invalid according to the validation procedure.
2017-08-24 09:44:24.91 Logging (8) <007> Exchange Mailbox Service: Searching mailbox
2017-08-24 09:44:25.07 Logging (2 Error) <007> Exchange Mailbox Service: Could not find items. Will retry in 40 seconds. Details: Microsoft.Exchange.WebServices.Data.ServiceRequestException: The request failed. The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.; Microsoft.Exchange.WebServices.Data.ServiceRequestException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.; Microsoft.Exchange.WebServices.Data.ServiceRequestException: The remote certificate is invalid according to the validation procedure.

You are on the right track. The certificate error is most likely because of a self-signed certificate. As you said, you have to add the certificate to the Trusted Root store. Please double-check that the certificate and the Exchange URL are using the exact same domain name address.

To verify, start Internet Explorer and open the Exchange URL of your Input setting, such as https://ex1.acme.com/ews/exchange.asmx (substituting ex1.acme.com with your appropriate setting).  If you have to sign in, please enter the credentials of the LOGbinder service account. You should get the WSDL xml for Exchange, something like this
 

When accessing the above address, it should open without a certificate error. Please resolve any certificate issue, and then try it again in LOGbinder.