Beruflich Dokumente
Kultur Dokumente
Preventive Maintenance
Contents
Overview 1
Lesson: Performing Daily Exchange
Maintenance 2
Lesson: Performing Scheduled Exchange
Maintenance 24
Lesson: Performing On-Demand Exchange
Maintenance 44
Discussion: Performing Preventive
Maintenance 60
Information in this document, including URL and other Internet Web site references, is subject to
change without notice. Unless otherwise noted, the example companies, organizations, products,
domain names, e-mail addresses, logos, people, places, and events depicted herein are fictitious,
and no association with any real company, organization, product, domain name, e-mail address,
logo, person, place or event is intended or should be inferred. Complying with all applicable
copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part
of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted
in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or
for any purpose, without the express written permission of Microsoft Corporation.
Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual
property rights covering subject matter in this document. Except as expressly provided in any
written license agreement from Microsoft, the furnishing of this document does not give you any
license to these patents, trademarks, copyrights, or other intellectual property.
Microsoft, MS-DOS, Windows, Windows NT, Windows Server, ActiveSync, ActiveX, Active
Directory, Hotmail, MSDN, MSN, Outlook, PowerPoint, Visual Basic, and Windows Media are
either registered trademarks or trademarks of Microsoft Corporation in the United States and/or
other countries.
The names of actual companies and products mentioned herein may be the trademarks of their
respective owners.
Module 13: Performing Preventive Maintenance iii
Instructor Notes
Presentation: This module provides students with the knowledge and skills that are needed to
40 minutes perform preventive maintenance (which includes managing daily, scheduled,
and on-demand maintenance tasks) for Microsoft® Exchange Server 2003.
Practices:
75 minutes After completing this module, students will be able to:
! Perform daily Exchange maintenance.
! Perform scheduled Exchange maintenance.
! Perform on-demand Exchange maintenance.
Required materials To teach this module, you need the following materials:
! Microsoft PowerPoint® file 2400B_13.ppt
! Video file 2400B_13_v05.wmv
Classroom setup The classroom should be set up to use Connectix Virtual PC software, as
discussed in the Manual Classroom Setup Guide. No additional classroom setup
is needed.
iv Module 13: Performing Preventive Maintenance
Tip When this icon appears on the lower-right corner of a slide, it indicates
that students must complete an inline practice before you move on to the next
slide:
Practices Some practices in this module require initial startup time. Consider having
students perform the initial step in these practices before you begin the lecture
on the related content. If a practice begins with a procedure titled “To prepare
for this practice,” then it requires initial startup time.
Guidelines for Ask students what types of services and cluster resources they usually check in
Monitoring Services and their environments, and then discuss the guidelines that they should apply to
Resources check services and cluster resources.
Explain to students that whether they use the Microsoft Windows Server™ 2003
Network Monitor utility or the Network Monitor component in Microsoft
Systems Management Server (SMS) will depend on whether they want to see
all traffic delivered to the remote computer, or only the traffic that comes from
their Exchange server. Also emphasize that they should not install the SMS
Network Monitor component on their Exchange server.
Guidelines for Ask students what types of Exchange store statistics they usually examine in
Examining the Exchange their environments, and then discuss what methods they can use to verify
Store Statistics available disk space.
What to View in Event Use this slide to discuss normal events, problematic events, and additional
Viewer event sources.
How to Monitor Event Use this slide to discuss the high-level steps for viewing Exchange-related
Viewer for Potential event sources and for configuring diagnostic logging. Then have students
Issues complete the inline practice on checking Event Viewer to determine whether
any Exchange errors exist, and answer any questions that they have.
How to Check Use this slide to discuss the high-level steps for verifying server and connector
Monitoring and Status status, and discuss what each type of status indicates. Then have students
for Potential Issues complete the inline practice on verifying that no performance issues currently
exist on a specific server, and answer any questions that they have.
What Is Queue Viewer? Use this slide to explain some of the options in Queue Viewer. You can also
open the Queue Viewer utility to explain each option.
How to Monitor Queues Use this slide to discuss the high-level steps for determining a problem with a
for Potential Issues queue and for finding messages. Then have students complete the inline
practice on verifying queues that have no long-term undelivered messages, and
answer any questions that they have.
How to Manage Mailbox Use this slide to discuss the high-level steps for adding the Storage Limits
Limits column to the mailbox view, and discuss the types of mailbox limits to watch
for and why. Also discuss why students must consider enabling diagnostic
logging, and the high-level steps for responding to oversized mailboxes. Then
have students complete the inline practices on identifying mailboxes that
exceed the storage limit and using Mailbox Manager to delete items from an
over-limit mailbox, and answer any questions that students have.
How to Manage the Use this slide to discuss the steps for managing the Badmail folder. Then have
Badmail Folder students complete the inline practice on managing the Badmail folder, and
answer any questions that they have.
How to Manage the Use this slide to discuss the high-level steps for managing the postmaster
Postmaster Mailbox mailbox, for manually setting an SMTP Postmaster Mailbox, and for changing
the account from which delivery status notifications originate. This how-to
topic includes a section on the reasons for changing the origin of a delivery
status notification. Then have students complete the inline practice on opening
the postmaster mailbox and on responding to any pending items before deleting
all items in the mailbox, and answer any questions that they have.
How to Verify the Use this slide to discuss the high-level steps for verifying Exchange store
Exchange Store Integrity integrity. Then have students complete the inline practice on verifying
Exchange store integrity, and answer any questions that they have.
What to Look for When Emphasize that to be able to identify potential issues, students must develop a
Checking Queues queue baseline so that they can identify the difference between normal behavior
and abnormal behavior.
Guidelines for Ask students to provide some examples of the basic questions that they need to
Configuring a have answered about their environment to monitor the performance of their
Performance Console Exchange servers. Then use this slide to discuss the guidelines for configuring a
performance console.
Assessment
Assessment questions for this module are located on the Student Materials
compact disc. You can use the assessment questions in whatever way you think
is best for your students. For example, you can use them as pre-assessments to
help students identify areas of difficulty, or you can use them as post-
assessments to validate learning. Consider using the questions to reinforce
learning at the end of the day or at the beginning of the next day. If you choose
not to use the assessment questions during class, show students where they are
so that they can use them to assess their own learning outside of class.
Module 13: Performing Preventive Maintenance 1
Overview
! Check logs for errors. Review the logs available through Event Viewer,
Performance console, virtual servers, and your antivirus product. This
review enables you to identify performance problems, viruses, and protocol
errors. It also will allow you to see when abnormal events in your
environment occur.
! Check for available disk space. Use Windows Explorer to check for
available disk space on volumes that store Exchange logs and databases. By
monitoring disk space daily, you can determine when you must add
additional storage to prevent the Microsoft Exchange Information Store
service from being shut down due to insufficient disk space.
! Monitor Exchange and network services. Monitor the Exchange and
Microsoft Windows® required services. Verify that the default Exchange
services, such as the Microsoft Information Store service and Microsoft
Exchange System Attendant service, and Windows services, such as World
Wide Web Publishing and Simple Mail Transfer Protocol (SMTP), are
started. Verify that network services such as Active Directory replication
and overall network is performing properly.
! Monitor server performance. Use the Windows Performance console to
monitor Windows and Exchange performance. This console allows you to
identify performance bottlenecks that can cause Exchange performance
issues. You can use the data collected through the Performance console to
identify trends that will indicate when an upgrade needs to be performed.
! Monitor cluster resources. Use Cluster Administrator to monitor failovers
and monitor hardware resources, such as virtual memory, by using the
Performance console.
! Verify replication. Use Active Directory Sites and Services to verify
replication. Active Directory Sites and Services allows you to identify the
Active Directory replication issues that create performance issues for
Exchange.
! Examine Exchange store statistics. Use Exchange System Manager to
examine Exchange store statistics. This examination enables you to
determine whether the Exchange store is mounted, what users are logged on,
the state of public folder replication, and the state of full-text indexing.
Guidelines for If Windows is not performing properly, Exchange will not perform properly.
monitoring server Verify daily that Windows is working correctly by:
performance
! Reviewing programs and processes running on your computer. Use Task
Manager, a Windows Server 2003 utility that provides information about
programs and processes running on your computer. Task manager also
enables you to monitor key performance indicators of each server. Use Task
Manager, for example, to identify a process that consumes too much CPU or
memory resources and to view pagefile and memory usage. You can use this
information to determine whether an application running on your Exchange
server, such as a monitoring utility, must be moved to another server or
upgraded, or whether you must tune system resources or perform system
upgrades.
! Monitoring performance counters of services running on your Exchange
server. Use Performance console, a Windows Server 2003 utility that allows
you to monitor performance counters. You must monitor hardware counters
in combination with Exchange counters to determine if performance
bottlenecks exist and to identify trends that you can use to plan for
upgrades. For example, you can monitor your Exchange server for
MSExchangeIS\RPC Requests and MSExchangeIS\RPC Operations/sec
to determine whether the slow response time of a client computer is a result
of something preventing the client computer from connecting to the
Exchange server or some process running on the Exchange server. If
operations per second are low and outstanding requests are zero, evaluate
your network resources. Otherwise, you must review Exchange server
resources.
Guidelines for If Windows services are not configured or working properly, Exchange will not
monitoring Windows work properly. If you receive performance indicators through utilities, such as
services Event Viewer, that Windows services are not functioning, you may be required
to verify or modify the configuration of that service. Verify that the following
Windows services are working correctly by:
! Monitoring Active Directory. Monitor indicators of Active Directory
performance daily because Active Directory configuration directly impacts
your Exchange performance. By monitoring Active Directory, you can
identify trends before actual problems occur, such as a slow response time
for the authentication of client computers or the slow appearance of newly
configured objects in Exchange. If required, you must review your Active
Directory configuration or force replication by using Active Directory Sites
and Services.
! Monitoring Domain Name System (DNS) service. Monitor indicators of
DNS issues daily because Exchange performance issues can be a direct
result of the DNS configuration. Exchange depends on DNS for name
resolution. If you see DNS errors in Event Viewer or if you experience
communication problems between your Exchange servers that are reported
through your daily monitoring, you must review your DNS settings. Use the
DNS management console to ensure that address records exist for your
domain controllers and global catalog servers, and that address and mail
exchanger (MX) resource record exist for your Exchange server.
! Monitoring Internet Information Services (IIS) service. Monitor the
performance of IIS daily for indicators of performance issues. IIS provides
access to Exchange through HTTP. If performance issues are reported, you
may want to review your default Web site configuration.
Module 13: Performing Preventive Maintenance 9
Guidelines for If clusters are not configured properly, Exchange will not perform properly.
monitoring cluster Monitor cluster resources by:
resources
! Verifying that clusters are configured correctly. Use Cluster Administrator
to monitor your Exchange clusters daily for failovers.
! Viewing the overall performance of your server and the performance of
Exchange Server 2003. View the overall performance of your server and the
performance of Exchange Server 2003 by using System Monitor and Event
Viewer. When you deploy Exchange Server 2003 clusters, it is important to
proactively monitor the clusters. This monitoring is especially necessary in
an active/active cluster during a failover, thereby verifying that enough
resources are available to provide your users with the same level of
performance that they experienced before the failover.
! Monitoring virtual memory counters when deploying Exchange server
clusters. Monitor virtual memory counters daily to determine when an
Exchange Virtual Server must be restarted due to memory fragmentation.
• Monitor Event ID 9582, which is logged by the Microsoft Exchange
Information Store service, as an indicator of whether your Exchange
server has become excessively fragmented.
• Monitor the counters in the following table to identify memory
fragmentation for each node in the cluster.
Counter What to monitor
• Current state of Full-Text Indexing for mailbox and public folder stores.
You can view the Index State, Number of documents indexed, Index
size, Last build time, Index name, and Index location.
• Current state of public folders. You can view the size of individual
public folders, the last time the folder was accessed (this is useful if you
are thinking about removing the folder), and the last time a replica was
received.
12 Module 13: Performing Preventive Maintenance
Event ID 8000 and 8001 The start and end of the backup process.
Event ID 700 and 701 The start and end of the online defragmentation process.
Event ID 1206 and 1207 The start and end of the clearing of the deleted items
process.
Module 13: Performing Preventive Maintenance 13
Problematic events Events that indicate specific issues with your Exchange server are listed in the
following table.
Event Indicates
Additional event The following table lists the other event sources that you must monitor in Event
sources Viewer:
Select this event source To
Detailed steps for viewing Exchange-related event sources are in the practice
“Checking Event Viewer for potential issues” later in this topic.
To configure diagnostic The high-level steps for configuring diagnostic logging are as follows:
logging
1. In the Exchange System Manager console tree, browse to Servers, right-
click ServerName, and then click Properties.
2. On the Diagnostics Logging tab, configure the logging level for each
service and category that you want to configure diagnostic logging for.
Module 13: Performing Preventive Maintenance 15
Caution If you increase the logging levels for Exchange services, you will
experience some performance degradation. Additionally, increasing the logging
levels on your Exchange server will cause the log files to grow faster than when
normal logging levels are set. It is recommended that you increase the size of
the application log to contain all the data produced. If you do not increase the
size of the application log, you will receive frequent reminders that the
application log is full. Alternately, you can configure your log files to overwrite
events as required to prevent the log files from becoming full; however, this
option may not provide you with all the data that you may need to diagnose
your problem if some events are overwritten.
Detailed steps for configuring diagnostic logging are in the practice that
follows.
Note For additional information about event log errors, see “Welcome to
Exchange 2000 Server Error and Event Messages” on the Microsoft
Exchange 2000 Server Product Documentation Web site at
http://www.microsoft.com/exchange/en/60/help/default.asp.
Practice: Checking In this practice, you will check Event Viewer on London to determine whether
Event Viewer for any Exchange errors exist.
potential issues
! To prepare for this practice
1. Start up 2400_London-Virtual PC, if not already started.
2. Log on as NWTraders\LondonAdmin with a password of P@ssw0rd.
3. Run the script entitled “2400B_13_Setup.vbs” located in the
C:\MOC\2400\practices\Mod13 folder.
4. If not already open, open Microsoft Outlook® Web Access by using
Microsoft Internet Explorer to open the URL http://london/exchange/
londonadmin. When prompted for credentials, use nwtraders\londonadmin
with a password of P@ssw0rd.
5. Read the message with the subject “Performing Preventative Maintenance”
from your team lead, Samantha Smith.
Note This procedure may take 5 minutes to complete before you can
continue.
What kind of events do you see identified? What problems may this
indicate? What should you do about potential problems?
Responses will vary.
15. On the View menu, click All Records to view all events, and then close
Event Viewer.
16. Switch to Exchange System Manager.
17. Right-click London and then click Properties.
18. In the London Properties dialog box, click the Diagnostics Logging tab.
19. On the Diagnostics Logging tab, under Services, expand MSExchangeIS
and click Mailbox.
20. Under Categories, click General.
21. In the Logging level area, click None, and then click OK.
Module 13: Performing Preventive Maintenance 17
Unreachable One of the main services on the server is down or, if a server is
in a different routing group, a connector between routing
groups may be down or may not exist. Review your servers
and connectors for indications of failures.
Unknown System Attendant cannot communicate with the local server.
Review your server for an indication of why the System
Attendant is not communicating.
Critical or Warning A monitored resource has reached the critical or warning state
defined for the resource. For example, Critical: service not
running indicates that a service defined in the monitor has
stopped. If a resource has reached its threshold, try to free up
that resource—for example, by stopping a process that is
consuming too many CPU resources. If a service has stopped,
check the event logs to see why the service stopped and then
try to restart the service.
Unavailable A communication service, such as the routing service, is not
functioning on this connector. Review your server for
indications of service failures.
18 Module 13: Performing Preventive Maintenance
Detailed steps for configuring diagnostic logging are in the practice that
follows.
Practice: Checking In this practice, you will use the Monitoring and Status utility in Exchange
Monitoring and Status System Manager to verify that no performance issues currently exist on
for potential issues London.
1. In Exchange System Manager, browse to Tools\Monitoring and Status and
then click Status.
2. In the details pane, view the status of the servers and connectors in your
environment. If Miami-Virtual PC is not currently running, notice that
Status indicates that MIAMI is unreachable.
You would like to take down one of your Exchange servers for
maintenance. You do not want Exchange to generate any alerts or
notifications while the server is down. Using the Status tool, how can
you disable monitoring of a server?
Right-click the server in the Status window and then click
Properties. From the server’s properties dialog box, you can select
the Disable all monitoring of this server check box.
Module 13: Performing Preventive Maintenance 19
Disable Outbound Mail Disable outbound mail from all SMTP queues. For
example, you may want to disable outbound e-mail if a
virus is active in your organization. This option does not
disable the MTA or System queues.
If you want to prevent outbound e-mail from transmitting
from a particular remote queue, instead of disabling all the
SMTP queues, you can freeze the messages in that queue.
Right-click the queue, and then click Freeze. This will
freeze all the messages in the queue. To unfreeze the
messages, right-click the queue, and then click Unfreeze.
Settings Determine the frequency at which the queues are refreshed.
The default rate at which the queues are refreshed is 2
minutes. You can set the refresh rate to 1 minute, 5
minutes, 10 minutes, or Never refresh. If you are trying to
resolve a delivery problem, you may want to set the refresh
rate to a shorter interval, such as 1 minute, so that you can
see changes to the queues reflect sooner.
20 Module 13: Performing Preventive Maintenance
(continued)
Use this option To
(continued)
State Description
3. Review the Number of messages and Total message size (KB) columns to
see if a large number of messages are backed up in the queue or if the
message size is too large for your environment:
• If a large number of messages are backed up in the queue, you can force
a connection by using the context menu for the queue.
• If you have an extremely large message that is preventing other
messages from being delivered, consider deleting the message.
To find messages You can also use the Find Messages feature to locate a message in the message
queues. You typically look for a message in a queue if a user has reported that
they sent an important message that was never received. The high-level steps
for finding messages in queues by using the queue viewer are as follows:
1. Select the Queues node for the server you want to view.
2. Use the Find Messages option for the queue in which you want to search
for messages.
3. Use Search Results to view information about the messages located in the
queue, such as whether the message is in the Retry state, what the size of the
message is, what time the message was submitted, and what time the
message will expire. This information will help you to identify potential
issues.
Detailed steps for finding messages are in the practice that follows.
Practice: Verifying that In this practice, you will check the queues to verify that no undelivered
queues have no long- messages have been waiting in the queue for longer than expected.
term undelivered
messages 1. In Exchange System Manager, browse to Administrative Groups\
First Administrative Group\Servers\London, and then expand London.
2. In the console tree, click Queues.
3. In the details pane, browse the available queues. Notice that the queue to
Miami is in a Retry state because Miami is not currently running.
4. In the Queues details pane, click London – Miami RGC (Routing Group
Connector) and then click Find Messages.
5. In the Find Messages – London – Miami RGC (Routing Group
Connector) dialog box, click Find Now. Notice that the Search Results
window lists the first 100 messages that are currently stuck in this queue.
Close the Find Messages – London – Miami RGC (Routing Group
Connector) dialog box.
6. In the Queues details pane, at the bottom of the window, click Settings.
Module 13: Performing Preventive Maintenance 23
7. In the Settings dialog box, notice that the connection is retried every 2
minutes by default, and then click OK to attempt a connection immediately.
8. Explore the queue window and test the available options by disabling and
enabling outbound e-mail, by scrolling to the right in the queue viewer, and
by testing the options on the context menu of the queues.
You notice that one of the queues has messages in it. You identify the
problem and re-establish connectivity to the destination server. How
can you force the queue to retry connection to the destination server?
In the Queues details pane, right-click the queue that you want to
force to reconnect, and then click Force connection.
24 Module 13: Performing Preventive Maintenance
Guidelines for capacity Capacity planning is the allocation and monitoring of system resources to
planning ensure that optimal system performance is maintained as the system load
increases.
To provide capacity planning, you must establish baselines for each service,
and then continually monitor all levels of system operations. For example, it is
important to plan carefully before substantially increasing the number of users
supported on a server running Exchange Server 2003; otherwise, the increased
user load may degrade performance and overload both hard disk resources and
other system resources.
Guidelines for capturing To provide information on performance objects and related counters, use
and reporting Performance console. Performance console contains two snap-ins; Performance
performance data Log and Alerts and System Monitor. To provide information on performance
objects and related counters:
! Record and log system activity over a period of time by using Performance
Logs and Alerts. You collect data to analyze performance and usage. To use
Performance console to generate reports, you must:
• Capture performance data.
• Configure Performance Logs and Alerts to collect data for the
recommended counters at regular intervals, such as every 10 to 15
minutes.
• Retain logs over extended periods of time by storing data in a database
such as Microsoft Access or Microsoft SQL Server™. If you store the
data in a database, you can use the reporting features of those programs
to create complex reports that can be used to assess overall performance,
do trend analysis, and do capacity planning.
! Chart activity in real time and display information contained in log files by
using System Monitor. You can use System Monitor to:
• View server activity when server performance degrades.
• Perform analysis of processor activity and queues, which is useful in
isolating problems with specific components.
• Display logs of captured performance data, viewed as reports, graphs, or
histograms.
Guidelines for analyzing By capturing data and analyzing the reports you create by using that data, you
trends can uncover hidden patterns and predict future trends. This trend analysis will
allow you to be proactive in determining how to manage your Exchange servers
in the future. For example, by analyzing the current usage on your Exchange
server, you can predict when normal growth, such as mailbox growth, will
require you to upgrade your storage.
28 Module 13: Performing Preventive Maintenance
1. On the desktop, click Start, click Run, type perfmon and then click OK.
2. In the console tree, click System Monitor.
3. In the details pane, on the toolbar, click View Log Data.
4. In the System Monitor Properties dialog box, on the Source tab, click Log
files, and then click Add.
5. In the Select Log File dialog box, set the Look in box to C:\perflogs, click
the London Stores_000001.tsv log file, and then click Open.
6. In the System Monitor Properties dialog box, click Data.
7. On the Data tab, click Add.
8. In the Add Counters dialog box, add all counters for all available
performance objects, and then click Close.
9. In System Monitor Properties, click OK.
10. Use the toolbar to view the data in graph and histogram format.
11. View the data that you collected to determine whether any performance
trends exist that you should act on. You can use the Highlight button at the
bottom of the window to emphasize the graphical representation of the data
collected for each counter selected.
What kind of trends are you looking for in the report? How do you
know if you should take an action on them?
You are looking for any upward or downward trends in the
counters that are recorded in the report. You should take action on
any trends that appear to be approaching the thresholds that you
have already defined regarding Exchange performance
expectations.
Module 13: Performing Preventive Maintenance 29
To enable SMTP or The high-level steps for enabling logging for an SMTP or NNTP virtual server
NNTP protocol logging are as follows:
1. Use the Properties dialog box of the virtual server to enable logging.
2. Select the logging file format to use.
3. Specify the schedule for when new log files will be created and the location
of these files. (These options are available for all file formats except ODBC
Logging.)
4. Select the items that you want to track if your log file format is W3C
Extended Log File Format.
Detailed steps for enabling SMTP protocol logging are in the practice
“Checking the SMTP log for problems,” later in this topic.
To enable HTTP protocol HTTP protocol logging is configured by using the properties of the Web site
logging that uses the IIS Manager. By default, protocol logging is enabled, and the log
file format is set to W3C Extended Log File Format. The high-level steps for
enabling HTTP protocol logging are as follows:
1. Use the Properties dialog box of the Default Web Site to enable logging.
2. Select the logging file format to use.
3. Specify the schedule for when new log files will be created and the location
of these files. These options are available for all file formats except ODBC
Logging.
4. Select the items you want to track if your log file format is W3C Extended
Log File Format.
An example of using the You can use the log file data for general troubleshooting—for example, to
SMTP log file data explain how users receive messages when their addresses do not appear on the
To or Cc lines. You can match the recipients specified in a RCPT TO command
with addresses that are posted in a message header or in the To and Cc lines of
the message. Or you can look for the message ID of a remote system,
collaborating with another system’s administrators to trace a message.
To determine the maximum-size message that a server will accept, you may
also look for response codes that a receiving server returns after your server
issues an EHLO command (for example: 250-SIZE 60000000). You can also
use the log data to generate reports. If another server attempts to use your server
as a relay (assuming your server is properly configured to prevent unauthorized
SMTP relays), the log file posts a numeric response code of 550, which equates
to Relaying Prohibited, in the protocol status (sc-status) field. A script can
easily search this field and tally the number of reported 550 codes.
Module 13: Performing Preventive Maintenance 31
Practice: Checking the In this practice, you will check the SMTP log for problems.
SMTP log for problems
Important To complete this practice, you must have configured your SMTP
virtual server to perform protocol logging. If you have not created an SMTP
log, you should complete the practice entitled Practice: Configuring SMTP
Logging in Module 2, “Configuring and Managing Microsoft Exchange
Server 2003,” in Course 2400, Implementing and Managing Microsoft
Exchange Server 2003.
1. On your desktop, click Start, click Run, type logfiles and then click OK.
This opens C:\Windows\System32\LogFiles.
2. In the C:\Windows\System32\Logfiles window, open SMTPSVC1, and
then open any log file.
3. Peruse the log file. Note that every character transmitted to the virtual server
on the SMTP port is captured in the log file.
4. Close the log file.
What kind of problems are you looking for in the SMTP log? How do
you know whether you should take action on a problem in the SMTP
log?
You are looking for indications of a security breach or functional
problems with message delivery. You should take action on any
suspicious SMTP traffic, such as repeated attempts to use your
SMTP server to send messages to external SMTP domains
(indicates an attempt to use your server for open relaying). You
can also use the log for troubleshooting purposes, including
determining if message size limits are causing delivery problems
for users transmitting messages to an external SMTP domain.
32 Module 13: Performing Preventive Maintenance
To run HTTPMon The high-level steps for running HTTPMon are as follows:
1. Start HTTPMon Configuration Manager, configure any Global Settings for
your environment.
2. In HTTPMon Configuration Manager, add the server you want to monitor to
the Web Clusters.
3. Start the HTTP Monitoring Service by using the Services mmc.
4. After your tests start running, review the .csv files in the Output directory
for response codes, for the length of time the sample took to return the text,
and for the number of retries HTTPMon attempted. This data can indicate
problems with your Outlook Web Access servers.
5. Review the events logged by HTTPMon in Event Viewer.
34 Module 13: Performing Preventive Maintenance
Detailed steps for adding the Storage Limits column are in the practice
“Checking for over-limit mailboxes,” later in this topic.
Module 13: Performing Preventive Maintenance 35
To use Event Viewer to If you want to see events in the application log of Event Viewer when
manage mailbox limits mailboxes reach the various stages of storage limit warnings, you can configure
diagnostic logging on your server. You may consider using diagnostic logging
on your server if you have delegated the task of monitoring your event logs to a
support person who does not have administrative permissions on your
Exchange server or if you are using a utility to monitor your event logs.
To respond to oversized Mailbox Manager is defined as a recipient policy and can be used to create
mailboxes reports or take actions to clean old e-mail from users’ mailboxes. You can
schedule the mailbox management process to run at a specific time for regularly
scheduled cleanups or to be run manually. Consider running the mailbox
management process manually if you are in immediate need of mailbox
statistics or if you must immediately clear mailboxes of old e-mail. The high-
level steps for responding to oversized mailboxes are as follows:
1. In the Exchange System Manager console tree, browse to Servers.
2. Right-click the server that you want to process, and then click Start
Mailbox Management Process.
Mailbox management starts after a short delay, depending on the current level
of resource use on that computer.
Note Avoid using the mailbox management process when the system is busy,
because using this process may affect server performance.
Important To complete the following two practices, you must have established
storage limits on your mailbox store and created a recipient policy that defines
how you want user mailboxes cleaned. If you do not have storage limits
defined, complete the practice entitled “Creating and applying a mailbox store
policy” located in Module 2, “Configuring and Managing Microsoft Exchange
Server 2003.” If you do not have a recipient policy created, complete the
practice “Creating and applying recipient policies,” located in Module 2,
“Configuring and Managing Microsoft Exchange Server 2003.”
Practice: Cleaning In this practice, you will use Mailbox Manager to delete items from an over-
mailboxes limit mailbox.
1. In Exchange System Manager, browse to Administrative Groups\
First Administrative Group\Servers\London\, and then click London.
2. In the console tree, right-click London and then click Start Mailbox
Management Process. Mailbox Manager will delete items based on the
recipient policy applied to your user mailboxes.
3. To verify that items were deleted, open LondonAdmin mailbox and read the
message with the subject “Microsoft Exchange Server Mailbox Manager
Report” from the System Attendant. The recipient policy specifies that each
mailbox that was cleaned will have received a similar message.
Note By default, the Badmail folder is located in the virtual server’s home
directory. You may consider moving the location of the Badmail folder to a
separate drive from your Exchange databases and log files to prevent an
accumulation of messages in the folder from impacting your database and log
file storage.
38 Module 13: Performing Preventive Maintenance
To manage the Badmail The tasks for managing the Badmail folder are as follows:
folder
! Use Windows Explorer to check the contents of the Badmail folder for
messages that could not be delivered. A large number of undelivered
messages indicate delivery problems such as a DNS or network failure.
! Delete messages from the Badmail folder based on policies that your
company has established, such as deleting messages once a week.
Practice: Managing the In this practice, you will send undeliverable messages to your Exchange
Badmail folder organization by using a script, and then manage the messages in the Badmail
folder.
You changed the delivery settings on the default SMTP virtual server in
this practice to expedite an undeliverable condition for undeliverable
messages. In what circumstance will it be appropriate to modify the
delivery settings in a production environment?
Answers will vary. In general, you should identify reasonable
delivery times for your network and configure the delivery settings
accordingly. For example, on fast and permanent networks you
may want to reduce the amount of time for an undeliverable status
to occur. On very slow or intermittent connections, you may want
to increase the amount of time for an undeliverable status to occur.
40 Module 13: Performing Preventive Maintenance
Note Request For Comments (RFC) 2822 defines a reserved address for the
postmaster. For additional information on RFCs, see http://www.rfc-
editor.org/rfc.html.
To designate a specific user’s mailbox as the Postmaster mailbox for any local
SMTP domain that is created, you manually add the proxy
postmaster@localdomainname to the user’s list of SMTP proxy addresses.
To manage the The high-level tasks for managing the Postmaster mailbox are as follows:
Postmaster mailbox
! Determine whether to:
• Associate a single e-mail account with the postmaster, such as your Help
desk mailbox account.
• Create a dedicated postmaster account that will be used when NDRs are
sent.
! Delegate access to the postmaster’s mailbox to the appropriate support staff
if you are creating a dedicated postmaster account. Two ways of managing a
dedicated mailbox are to:
• Create a dedicated account and log on as that account by using an
Outlook profile, and respond to the account messages.
• Delegate Send As permissions on the account to the person who
typically manages the mailbox, and add the mailbox to their Outlook
profile.
Module 13: Performing Preventive Maintenance 41
To manually set an The high-level steps for manually setting an SMTP Postmaster mailbox to
SMTP Postmaster receive NDRs are as follows:
Mailbox to receive NDRs
1. Select the user account that you want to be the postmaster account.
2. Create an SMTP proxy address of postmaster@domain.msft (where
domain is the organization’s default domain name) for the user.
3. Define that address on the virtual server in the Send copy of Non-Delivery
Report to box.
Why change the origin By default, delivery status notifications come from the account that contains the
of delivery status postmaster@domain.msft SMTP address. In Exchange 2003, the account that
notification? originally contains the postmaster@domain.msft SMTP address is the account
that created the Exchange organization, typically the Administrator account.
The From line of the message contains the display name of that account.
You may want to either change the display name that appears on the delivery
status notifications, or have the delivery status notifications originate from a
different account by associating the postmaster address with a different user
account.
To change the account The high-level steps for changing the account from which delivery status
from which delivery notifications originate are as follows:
status notifications
originate 1. Select the Administrator account and remove the postmaster@domain.msft
SMTP proxy address from the account.
2. Locate the account that you want to make the new postmaster account, and
add the postmaster@domain.msft (where domain is your e-mail domain)
SMTP proxy address to the account.
3. Change the display name for the account if you want NDRs to come from a
name other than the original name on the account.
Any new delivery status notifications will originate from the display name of
the account that you associated with the postmaster e-mail address.
Note This change affects only delivery status notifications. This change does
not affect NDRs, delivery receipts, or read receipts. NDRs, delivery receipts,
and read receipts always originate from the System Administrator account.
42 Module 13: Performing Preventive Maintenance
Practice: Configuring In this practice, you will configure Exchange to deliver copies of NDRs to a
the Postmaster mailbox Postmaster mailbox.
that will receive NDRs
Important To complete the verification steps in this practice in a timely
manner, you must first complete the practice “Managing the BadMail folder,”
located earlier in this module.
For example, the following command runs the standard defragmentation utility
on a mailbox store database:
C:\exchsrvr\bin>eseutil /d c:\exchsrvr\mdbdata\firststore.edb
Note For more information about how to defragment Exchange databases, see
the article “How to Defragment Exchange Databases” on the Product Support
Services page of the Microsoft Web site at http://support.microsoft.com.
Detailed steps for defragmenting a database are in the practice that follows.
Module 13: Performing Preventive Maintenance 49
Practice: Defragmenting In this practice, you will use Eseutil.exe to defragment a mailbox store.
an Exchange store
! To prepare for this practice
1. In 2400_London-Virtual PC, on the menu, click PC, and then click Shut
Down.
2. In the Shut Down dialog box, click Save PC state and keep changes,
verify that the Commit hard drive changes now check box is selected, and
then click OK.
3. Restart 2400_London-Virtual PC.
Note This procedure may take 5 minutes to complete before you can
continue.
What is Isinteg? Isinteg is a command-line tool that searches through an offline Exchange store
for integrity weaknesses. You can also repair issues that Isinteg detects. Isinteg
is run at a command prompt.
52 Module 13: Performing Preventive Maintenance
What happens when When you run Isinteg, it performs the following tasks:
Isinteg is run?
1. Checks to see whether the MSExchangeIS service is stopped, and then
Isinteg does one of the following:
• If the MSExchangeIS service is stopped, Isinteg displays the message
“Error: unable to get databases status from server. The reason could be
either wrong server name or networking problems,” and then Isinteg
stops.
• If the service is not stopped, Isinteg displays a list of databases to select
from on that server.
2. Browses all of the cross-reference tables for errors. For the cross-reference
tables, Isinteg builds an Exchange database, Refer.mdb, of reference counts
before Isinteg browses the tables.
3. Compares the counts found to the counts in the reference database. If Isinteg
is running with the -fix switch, these counts are updated to the true values,
as determined by Isinteg.
4. Performs the named to ID or named properties cleanup check to remove
unused named properties.
Module 13: Performing Preventive Maintenance 53
Use the following table to decide which switch to use when you run Isinteg.
Switch Use the switch to
To run Isinteg The steps to run the Isinteg command-line tool based on a specific criteria are
as follows:
! To test the integrity of the Exchange store, at a command prompt, type
c:\program files\exchsrvr\bin>isinteg -s ServerName -test
alltests
Detailed steps for running Isinteg are in the practice that follows.
54 Module 13: Performing Preventive Maintenance
Practice: Verifying a In this practice, you will verify the integrity of a mailbox store by using
mailbox store by using isinteg.exe.
Isinteg.exe
1. In Exchange System Manager, browse to Administrative Group\
First Administrative Group\Servers\London\First Storage Group, expand
First Storage Group, right-click Mailbox Store (LONDON), and then
click Dismount Store.
2. In the Mailbox Store (London) warning box, click Yes to dismount the
mailbox store.
3. If the command prompt is not already open, on your desktop, click Start,
click Run, type cmd and then click OK. Then, at the command prompt,
type cd \program files\exchsrvr\bin and then press ENTER.
4. At the command prompt, type isinteg –s London –test allfoldertests and
then press ENTER.
5. When prompted to specify a number to select a database, type 3 and then
press ENTER to select Mailbox Store (LONDON). The number that is
associated with the Mailbox Store will vary depending on how many
Exchange stores you have created on your server.
6. When asked whether to continue with your selection of First Storage
Group / Mailbox Store (London), type Y and then press ENTER.
7. In the command prompt window, view the results of the test to verify that
no errors occurred, and then close the command prompt window.
8. In Exchange System Manager, browse to Administrative Group\
First Administrative Group\Servers\London\First Storage Group, expand
First Storage Group, right-click Mailbox Store (LONDON), and then
click Mount Store.
If either of these situations exists, you must review your security for your
Exchange organization.
58 Module 13: Performing Preventive Maintenance
Guidelines for creating a To answer these basic questions, you must create a Performance console that
Performance console allows you to see the entire system environment and that also registers even
minor changes in the performance of your servers. The guidelines for creating a
Performance console are as follows:
1. Create a Performance console that has two different sample times, such as:
• 900 seconds for a 24-hour view
• 10 seconds to catch short-lived spikes
2. Include a minimal set of counters in each console, such as:
• Processor(_Total)\% Processor Time
• Process(store)\% Processor Time
• MSExchangeIS\RPC Requests
• MSExchangeIS\RPC Operations/sec
• PhysicalDisk(_Total)\Disk Transfers/sec
• SMTP Server\Local Queue Length
• SMTP Server\Messages Delivered/sec
• MSExchangeIS Mailbox\Local Delivery Rate
• MSExchangeIS Mailbox\Folder Opens/sec
• MSExchangeIS Mailbox\Message Opens/sec
3. Examine your busiest server. You must examine your busiest server to
understand why it is so busy and to understand what performance issues can
be resolved when the server does not perform as well as the other servers.
4. Save reference logs. By saving your log files you can develop historical
baseline data that will allow you to see what changes have occurred and
what you must accommodate for in growth over time.
Guidelines for using the Microsoft Operations Manager collects, filters, analyzes, reports and responds
Microsoft Operations to events and performance data that are generated by computers to a central
Manager and Exchange location. You can use Microsoft Operations Manager to automate the
Application Management monitoring of large numbers of servers and their applications to provide the
pack best level of service for client computers.
The Microsoft Exchange Application Management Pack includes key
performance metrics to monitor the overall performance of Exchange 2003, and
to alert you to critical performance issues. By using Microsoft Operations
Manager reporting, you can analyze and graph this performance data to
understand usage trends, perform accurate load balancing, and manage system
capacity.
The Exchange Application Management Pack is included with Exchange 2003.
60 Module 13: Performing Preventive Maintenance
________________________________________________________________
________________________________________________________________
________________________________________________________________
Module 13: Performing Preventive Maintenance 61
Scenario 2 One user complains that when she sends an attachment to a particular user, she
receives a NDR. You suspect that the server that is used by the recipient has a
size limit for inbound messages. How can you determine what this size limit is?
Review the SMTP protocol log-file data for the response codes that the
receiving server returns after your server issues an EHLO command. Look
for the response code 250-SIZE xxxxxxxx, where xxxxxxxx is the maximum
message size that the server can accept.
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
Scenario 3 You are receiving unusual complaints from several users on one of your
Exchange stores. The complaint is that the counter for unread messages does
not accurately reflect the actual unread messages in their Inbox. You verify that
the users do not have a filter on their Inbox. What should you do next?
Use Isinteg to test the Exchange store integrity. Based on the information
that Isinteg provides, you may be required to perform a repair on the
Exchange store.
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
Scenario 4 Your company has many Exchange servers that you are responsible for
monitoring. To save time analyzing all of the logs on all the servers, you have
decided to identify the most important server to analyze. Which server must
you spend the most time analyzing, and why?
You must study your busiest server so that you can understand why it is
busier than the other servers. You can compare the performance data from
this server with your baseline data from other servers in your environment
to identify trends.
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
THIS PAGE INTENTIONALLY LEFT BLANK