Issue: User is a standard user (not a domain admin) and his RBAC permissions allow him to do message tracking but he is not not an Organization Admin.
- Running with Exchange PowerShell (get-messagetrackinglog): works
- Running with ECP: works
- Running with Tracking Log Explorer : Broken
“Failed to connect to the Microsoft Exchange Transport Log Search service on computer “Exchange_Servername”. Verify that a valid computer name was used and the Microsoft Exchange Transport Log Search service is started on the target computer.” The error message is: Access is denied.”
Reason: EXTra.exe is what is used to run Tracking Log Explorer and it doesn’t use remote PowerShell therefore your permissions are based on your AD login permissions not RBAC.
Solutions:
- Add the users to the “Exchange View-Only Administrators” (2007) or “Public Folder Management” (2010 Green Field) AD Group to be able to use the GUI.
- Use Exchange PowerShell or ECP to pull the tracking logs.
Thanks to Andrew and Ron for Figuring this out!
Note: Walkthrough on setting up ECP\ EMS Message tracking access
