Exchange Security Insights On-Premise Collector receives no logs

[thom2804]

I have an environment where there is an on premise Exchange server active, I have made sure to follow all the steps listed on the data connector page, the ESI collector script has been installed on the Exchange Server in the environment of the customer and is scheduled to run every day at 22:00, yesterday evening was the first run however the data connector did not receive any logs. (similar as #9894)
I attempted to run the ExchangeEnvironmentList and ExchangeConfiguration parsers, I am encountering errors:

For the ExchangeEnvironmentList parser I am getting errors after attempting to run the query with the parameters simulation lines uncommented:
union: must have at least one operand that can be evaluated successfully when running with 'Fuzzy' mode.

For the ExchangeConfiguration parser I am also getting errors when attempting to run the query with the parameters simulation lines uncommented:
'extend' operator: Failed to resolve scalar expression named 'ESIEnvironment_s'

I have also already verified the table in my workspace which is setup as a Custom table (classic):

Anyone knows what steps I need to take to resolve the issue.

[v-sudkharat]

Hi @thom2804, Thanks for flagging this issue, we will investigate this issue and get back to you with some updates. Thanks!

[thom2804]

Any status updates available?

[v-sudkharat]

@thom2804, what was the time format you have entered for below filed ?

Is only 22:00 or 22:00 AM/PM?

And is this created table containing any data? - ESIExchangeConfig_CL

[v-sudkharat]

HI @thom2804, Could you please check on below configurations, which shared by concern our team :

1. Is created scheduled task. Does it run? if its success
2. Please check the logs located into the path C:\CollectExchSecIns\Logs
   These logs contain the logs for the collect
   and finally: all the config are located in the file: C:\CollectExchSecIns\Config\CollectExchSecConfiguration.json
3. Please check if the table ESIExchangeConfig_CL contains information by running the below query :

ESIExchangeConfig_CL 
| limit  10

Please check on above and let us know. Thanks!

[v-sudkharat]

Hi @thom2804, Waiting for your response on above comment. Thanks!

[v-sudkharat]

Hi @thom2804, Gentle Reminder: We are waiting for your response on this issue. If you still need to keep this issue active, please respond to it in the next 2 days. If we don't receive a response by 18-11-2024 date, we will be closing this issue.
Thanks!

[v-sudkharat]

Hi @thom2804, since we have not received a response in the last 5 days, we are closing your issue as per our standard operating procedures. If you still need support for this issue, feel free to re-open at any time. Thank you for your co-operation.