We migrated from Exchange 2010 to Exchange 2013, system and arbiration mailbox'es have also been migrated. When I run the Search-AdminAuditLog cmdlet, it just comes back empy. All the setting on -AdminAuditLogConfig are default settings, nothing has been changed. So what could I be missing ?

Hi

First Please run Get-AdminAuditLogConfig and see the the audit log commandlets, parameters , excluded commandlets and display name 

Sorry, I did not understand what you meant. This the output when I run Get-AdminAuditLogConfig 

RunspaceId                   : fdf74365-0517-4e3d-a93a-b0bb9e19cca0
AdminAuditLogEnabled         : True
LogLevel                     : None
TestCmdletLoggingEnabled     : False
AdminAuditLogCmdlets         : {*}
AdminAuditLogParameters      : {*}
AdminAuditLogExcludedCmdlets : {}
AdminAuditLogAgeLimit        : 90.00:00:00
AdminDisplayName             :
ExchangeVersion              : 0.10 (14.0.100.0)
Name                         : Admin Audit Log Settings
DistinguishedName            : CN=Admin Audit Log Settings,CN=Global Settings,CN=COMPANY,CN=Microsoft
                               Exchange,CN=Services,CN=Configuration,DC=company,DC=local
Identity                     : Admin Audit Log Settings
Guid                         : 963e2ac9-7790-42e0-a5d2-33d750694122
ObjectCategory               : company.local/Configuration/Schema/ms-Exch-Admin-Audit-Log-Config
ObjectClass                  : {top, msExchAdminAuditLogConfig}
WhenChanged                  : 5/18/2011 5:29:11 PM
WhenCreated                  : 5/18/2011 3:55:15 PM
WhenChangedUTC               : 5/18/2011 2:29:11 PM
WhenCreatedUTC               : 5/18/2011 12:55:15 PM
OrganizationId               :
Id                           : Admin Audit Log Settings
OriginatingServer            : DC1.company.local
IsValid                      : True
ObjectState                  : Unchanged

I can see there is a bug on the same for Exchange 2013

https://support.microsoft.com/en-us/kb/3054391  

To work around this issue, set regional settings for the system and network service accounts to English (United States)

Also run this command to enable the audit

Set-AdminAuditLogConfig -AdminAuditLogEnabled $true

You can also try with enabling logging for few commandlets and see the results

Set-AdminAuditLogConfig -AdminAuditLogEnabled $true -AdminAuditLogCmdlets *Mailbox, *Management*, *TransportRule* -AdminAuditLogParameters *

Thanks, I had already seen that KB and it did not help. The issue is similar to the link belows but I did not undertand what the person meant by creating a new exchange admin. I have not tested it yet

http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/Q_28617339.html

Is Exchange Search looking healthy for the DB where SystemMailbox{e0dc1c29-89c3-4034-b678-e6c29d823ed9} is located?

cd $exscripts

.\Troubleshoot-CI.ps1 -MonitoringContext -Database DBNameWhereSysMailboxLocated

Thanks, I had already seen that KB and it did not help. The issue is similar to the link belows but I did not undertand what the person meant by creating a new exchange admin. I have not tested it yet

http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/Q_28617339.html

Hi,

Based on the solution in this thread.

Create a new user mailbox in exhchange 2013, then add this user to Records Management Role and Organization Management Role, run the Search-AdminAuditLog command with this user accounts for a test. If it worked, then it should be the account issue.

Best Regards.

Just of nowhere I can see that it is working now, I did not make any changes apart from decomissioning exchange 2010 servers.