Wednesday, November 10th, 2010 by Andrew Kuhlmann (See all posts by Andrew Kuhlmann)
Monitoring an Exchange Server environment is key to providing consistently reliable service for your users. In a typical Exchange environment it is advisable to monitor the following services from an offsite independant monitoring system:
Exchange Client Access Servers
- HTTP & HTTPS
- SNMP (HDD, CPU, Memory Usage)
Exchange Hub Transport Servers
- SMTP (Port 25)
- SNMP (HDD, CPU, Memory Usage)
Simply setting up these few monitors will allow you to quickly respond to most outages. In addition to these monitors, utilities which monitor Event Logs such as Microsoft System Center Operations Manager can be utilized within an Exchange environment to provide in-depth monitoring of all Exchange services.
Troubleshooting mailflow in and out of an Exchange environment can be very simple if some simple preparations are made prior to any potential issues. Some configurations must be made to enable Verbose Protocol Logging on your send and recieve connectors. This can be done via the following powershell cmdlets.
Set-SendConnector -identity “(Your Send Connector)” -ProtocolLoggingLevel Verbose
This command must be run individually for each active send connector. The command to get a list of the active send connectors in your exchange environment is “Get-SendConnector” with no arguments.
Setting the protocol logging level for recieve connectors is a very similar command.
Set-RecieveConnector -identity “Server01\(Your Recieve Connector)” -ProtocolLoggingLevel Verbose
Again, this needs to be done individually for each Recieve connector. Use “Get-RecieveConnector” with no arguments to get a list of all active recieve connectors in your environment.
*If you are utilzing an Edge Transport server then all of these commands must be run on the edge server in addition to internal servers.
Once these parameters are set, Exchange will keep logs of all SMTP communications on the Hub Transport servers which the Send and Recieve connectors are configured to use, the default path for these log files is:
%systemdrive%\Program Files\Microsoft\Exchange Server\V14\TransportRoles\Logs\ProtocolLog
By examining these logs you will then be able to diagnose a variety of issues which may impact mailflow. These include but are not limited to:
- Content filtering rejecting incoming mail, indicated by the following message in the SmtpReceive log:
550 5.7.1 Message rejected as spam by Content Filtering.
- Remote mailservers rejecting mail from your organization with various rejection messages logged in the SmtpSend log.
Other logging is also available, which is enabled by default, and are available in the following default path:
%systemdrive%\Program Files\Microsoft\Exchange Server\V14\TransportRoles\Logs
The Connectivity logs will keep records of connectivity between your organization’s exchange servers. This is helpful in situations where exchange servers are not able to communicate with each other properly such as in situations where DNS is not resolving correctly or authentication fails between Exchange servers.
The Message Tracking log is another useful tool for mailflow issues as it keeps a comma delimeted list of the status of all messages handled by your Exchange servers. There are multiple ways to parse this log, either via the Exchange Control Panel in Exchange 2010 or by the Exchange Management Console message tracking tool in Exchange 2007.
The final step in troubleshooting any Exchange issue is usually to test that the system is working correctly by actually sending and recieving mail. In addition to this you may utilize the Exchange Remote Connectivity Analyzer to confirm that services such as ActiveSync, Web Services, Outlook Anywhere, Autodiscover, and SMTP mail are configured correctly and operational.