Wednesday, May 07, 2014

Reporting on Outlook client versions from Exchange RPC logs


Recently had a customer migrating to Office 365 that had a large and diverse user population that was unfortunately not in a managed desktop scenario.

After reading several other sources on how to collect this data from the RPC/HTTPS logs on the Exchange CAS server, I did some hunting on how to best collect this data. Luckily, I was able to find this here (thanks to Nate-N8!)

http://exchangeserverpro.com/forums/exchange-server-2010/1435-logparser-query.html

"C:\Program Files (x86)\Log Parser 2.2\logparser.exe" "SELECT TO_LOWERCASE(EXTRACT_SUFFIX(client-name,0,'=')) as User,client-software as Software,client-software-version as Version,client-mode as Mode,client-ip as IP,protocol as Protocol INTO c:\ClientInfo.csv from 'd:\temp\RPC logs\exchcas01\RCA_*.log','d:\temp\RPC logs\exchcas01\*.log' GROUP BY User,Software,Version,Mode,IP,Protocol ORDER BY User" -nSkipLines:4 -i:CSV -o:csv

This generated a CSV file, which I was then able to load into Excel and utilize a sorting and grouping to then show Outlook versions and frequency of connections. This was a sample set of 7 days. Best of all, you can expand from here and see the actual users impacted so that you can plan and target your Office/Outlook desktop upgrades!

And for handy reference, here are the listings of Office/Outlook versions:
Outlook 2013: http://support.microsoft.com/kb/2817430 (SP1 is 15.0.4569.1506, RTM is 15.0.4420.xxx)

Generally, for the best Office 365 experience, I recommend being on at LEAST Office 2010 SP2 (14.0.7015.1000) or higher.

Update: 6/17/2015

Once you have the generated CSV, you can follow these instructions to manipulate the data!

Update: 1/19/2018

To do the same thing (only better) with MAPI over HTTPS, check out my article  here:
http://blog.chrislehr.com/2019/01/reporting-on-office-versions-in-use.html.