Splunk® App for Microsoft Exchange (EOL)

Deploy and Use the Splunk App for Microsoft Exchange

Acrobat logo Download manual as PDF


On October 22 2021, the Splunk App for Microsoft Exchange will reach its end of life. After this date, Splunk will no longer maintain or develop this product. The functionality in this app is migrating to a content pack in Data Integrations. Learn about the Content Pack for Microsoft Exchange.
This documentation does not apply to the most recent version of Splunk® App for Microsoft Exchange (EOL). For documentation on the most recent version, go to the latest release.
Acrobat logo Download topic as PDF

Issues with Splunk App for Microsoft Exchange and MS Exchange 2010 SP2

Overview

The Splunk App for Microsoft Exchange is incompatible with Microsoft Exchange 2010 Service Pack 2 (SP2), owing to the fact that Microsoft removed Registry entries for PowerShell support in the SP2 update.

Important: This problem is not caused by the Splunk App for Microsoft Exchange in any way. It occurs because the SP2 update removes critical Registry entries and extensions for PowerShell during the update process. As such, the workaround described below is not supported by Splunk. Questions and concerns about the problem should be directed to Microsoft's support team.

You might experience the following symptoms with the Splunk App for Microsoft Exchange if you run MS Exchange 2010 SP2:

  • Some Exchange servers might not be listed in the System overview.
  • Exchange servers with the Mailbox Server role do not provide information about a user (for example, folder and/or mailbox information is missing).
  • You might see the following in splunkd.log on the server that is collecting the logs:
WARNING: The following errors occurred when loading console 
C:\Program Files\Microsoft\Exchange Server\V14\bin\exshell.psc1: Cannot load 
Windows Powershell snap-in Microsoft.Exchange.Management.Powershell.E2010
because of the following error:
The Windows Powershell snap-in 'Microsoft.Exchange.Management.Powershell.E2010' is
not installed on this machine

Workaround

If you run Exchange Server 2010 Service Pack 1 or earlier in your environment and need full functionality for the Splunk App for Microsoft Exchange, then do not upgrade to SP2.

If you have already upgraded to SP2, then review the following article to work around the problem.

http://joetrombley.wordpress.com/2011/03/12/the-windows-powershell-snap-n-microsoft-exchange-management-powershell-e2010-is-not-installed-on-this-machine/

Once you have completed the workaround, confirm that the PowerShell script runs properly by running the following commands in a command prompt (not a PowerShell window):

cd "C:\Program Files\SplunkUniversalForwarder\etc\apps\TA-Exchange-2010-MailboxStore
"C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" cmd exchangepowershell.cmd get-hoststats.ps1

Note: When you run the command, replace "TA-Exchange-2010-MailboxStore" with the TA that is installed on the Exchange host. If it is working then the script will emit an event and display it in white text. If it is not working then the script will display the error shown above in red and yellow text.

Last modified on 12 October, 2012
 

This documentation applies to the following versions of Splunk® App for Microsoft Exchange (EOL): 1.1, 1.1.1, 1.1.4, 1.1.5, 1.1.6, 2.0


Was this documentation topic helpful?


You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters