Module 13: Performing Preventive Maintenance

Module 13: Performing
Preventive Maintenance
Contents
Overview 1
Lesson: Performing Daily Exchange
Maintenance 2
Lesson: Performing Scheduled Exchange
Maintenance 24
Lesson: Performing On-Demand Exchange
Maintenance 44
Discussion: Performing Preventive
Maintenance 60
Information in this document, including URL and other Internet Web site references, is subject to
change without notice. Unless otherwise noted, the example companies, organizations, products,
domain names, e-mail addresses, logos, people, places, and events depicted herein are fictitious,
and no association with any real company, organization, product, domain name, e-mail address,
logo, person, place or event is intended or should be inferred. Complying with all applicable
copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part
of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted
in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or
for any purpose, without the express written permission of Microsoft Corporation.
Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual
property rights covering subject matter in this document. Except as expressly provided in any
written license agreement from Microsoft, the furnishing of this document does not give you any
license to these patents, trademarks, copyrights, or other intellectual property.
 2003 Microsoft Corporation. All rights reserved.
Microsoft, MS-DOS, Windows, Windows NT, Windows Server, ActiveSync, ActiveX, Active
Directory, Hotmail, MSDN, MSN, Outlook, PowerPoint, Visual Basic, and Windows Media are
either registered trademarks or trademarks of Microsoft Corporation in the United States and/or
other countries.
The names of actual companies and products mentioned herein may be the trademarks of their
respective owners.
Module 13: Performing Preventive Maintenance iii
Instructor Notes
Presentation: This module provides students with the knowledge and skills that are needed to
40 minutes perform preventive maintenance (which includes managing daily, scheduled,
and on-demand maintenance tasks) for Microsoft® Exchange Server 2003.
Practices:
75 minutes After completing this module, students will be able to:
! Perform daily Exchange maintenance.
! Perform scheduled Exchange maintenance.
! Perform on-demand Exchange maintenance.
Required materials To teach this module, you need the following materials:
! Microsoft PowerPoint® file 2400B_13.ppt
! Video file 2400B_13_v05.wmv
Important It is recommended that you use PowerPoint 2002 or later to display

the slides for this course. If you use PowerPoint Viewer or an earlier version of
PowerPoint, all the features of the slides may not be displayed correctly.
Preparation tasks To prepare for this module:

! Read all of the materials for this module.
! Complete the practices and review the discussions and assessment
questions. Where possible, anticipate alternative answers that students may
suggest and prepare responses to those answers.
! Complete the demonstration on how to use Connectix Virtual PC, which is
in the Introduction module of this course. All students must watch you
perform this demonstration. It is crucial that students become familiar with
the virtual environment that is used in the practices before they attempt to
complete the first practice in this module on their own.
! Review the links and suggested additional readings for this module.
Document your own suggested additional readings to share with the class.
Classroom setup The classroom should be set up to use Connectix Virtual PC software, as
discussed in the Manual Classroom Setup Guide. No additional classroom setup
is needed.
iv Module 13: Performing Preventive Maintenance
How to Teach This Module

This section contains information that will help you to teach this module.
Emphasize throughout this module that all types of maintenance tasks are a part
of preventive maintenance that must be done to identify potential errors before
such errors obstruct users in their day-to-day operations. Also explain to the
students that there are some preventive tasks that should be performed daily,
some preventive tasks that can be scheduled periodically, and some preventive
tasks are typically performed on-demand when the need arises. Together, all of
these preventive tasks will help them to keep ahead of any unexpected loss of
messaging availability.
How to start Discuss the tasks on the module overview slide and then click the projector
button to show the brief video from a Northwind Trader’s employee before you
continue with the module. In this video, students will be given overall
instructions for tasks from their team lead or co-worker at Northwind Traders.
You can play this video again at the beginning of the first practice in the
module if you think it will help motivate students.
Time to teach this We anticipate that your total presentation time will be about 40 minutes. The
module majority of the time spent on this module should be time that students get to
complete hands-on practice activities, view the multimedia presentation, and
participate in class discussions. In addition to your presentation time, we
anticipate that hands-on time for students will be about 75 minutes.
Tip When this icon appears on the lower-right corner of a slide, it indicates
that students must complete an inline practice before you move on to the next
slide:
Practices Some practices in this module require initial startup time. Consider having
students perform the initial step in these practices before you begin the lecture
on the related content. If a practice begins with a procedure titled “To prepare
for this practice,” then it requires initial startup time.
Lesson: Performing Daily Exchange Maintenance

What Are the Daily Ask students to list some daily maintenance tasks, and then briefly discuss each
Maintenance Tasks? daily maintenance task.
Guidelines for Checking Ask students what types of logs they usually examine during their daily
Logs maintenance, and then discuss the guidelines that they should apply to examine
different logs.
Module 13: Performing Preventive Maintenance v
Guidelines for Ask students what types of services and cluster resources they usually check in
Monitoring Services and their environments, and then discuss the guidelines that they should apply to
Resources check services and cluster resources.
Explain to students that whether they use the Microsoft Windows Server™ 2003
Network Monitor utility or the Network Monitor component in Microsoft
Systems Management Server (SMS) will depend on whether they want to see
all traffic delivered to the remote computer, or only the traffic that comes from
their Exchange server. Also emphasize that they should not install the SMS
Network Monitor component on their Exchange server.
Guidelines for Ask students what types of Exchange store statistics they usually examine in
Examining the Exchange their environments, and then discuss what methods they can use to verify
Store Statistics available disk space.
What to View in Event Use this slide to discuss normal events, problematic events, and additional
Viewer event sources.
How to Monitor Event Use this slide to discuss the high-level steps for viewing Exchange-related
Viewer for Potential event sources and for configuring diagnostic logging. Then have students
Issues complete the inline practice on checking Event Viewer to determine whether
any Exchange errors exist, and answer any questions that they have.
How to Check Use this slide to discuss the high-level steps for verifying server and connector
Monitoring and Status status, and discuss what each type of status indicates. Then have students
for Potential Issues complete the inline practice on verifying that no performance issues currently
exist on a specific server, and answer any questions that they have.
What Is Queue Viewer? Use this slide to explain some of the options in Queue Viewer. You can also
open the Queue Viewer utility to explain each option.
How to Monitor Queues Use this slide to discuss the high-level steps for determining a problem with a
for Potential Issues queue and for finding messages. Then have students complete the inline
practice on verifying queues that have no long-term undelivered messages, and
answer any questions that they have.
Lesson: Performing Scheduled Exchange Maintenance

What Are the Scheduled Ask students to list some scheduled maintenance tasks, and then discuss briefly
Maintenance Tasks? each scheduled maintenance task.
Guidelines for Use this slide to discuss the guidelines for producing monitoring and
Generating Reports and measurement, for capacity planning, for capturing and reporting performance
Identifying Trends data, and for analyzing trends. Then have students complete the inline practice
on creating a performance report, and answer any questions that they have.
How to Review Protocol Use this slide to discuss how to select a log file format and the high-level steps
Logs for Potential for enabling Simple Mail Transfer Protocol (SMTP), Network News Transfer
Issues Protocol (NNTP), and Hypertext Transfer Protocol (HTTP) protocol logging.
Remember to also discuss the example on how to use SMTP log file data. Then
have students complete the inline practice on checking the SMTP log for
problems, and answer any questions that they have.
What Is HTTP Monitor? Use this slide to discuss how HTTP Monitor works and the components and
benefits of using HTTP Monitor.
How to Monitor Outlook Use this slide to discuss the high-level steps for installing, configuring, and
Web Access for running HTTPMon to monitor Microsoft Outlook® Web Access for potential
Potential Issues issues.
vi Module 13: Performing Preventive Maintenance
How to Manage Mailbox Use this slide to discuss the high-level steps for adding the Storage Limits
Limits column to the mailbox view, and discuss the types of mailbox limits to watch
for and why. Also discuss why students must consider enabling diagnostic
logging, and the high-level steps for responding to oversized mailboxes. Then
have students complete the inline practices on identifying mailboxes that
exceed the storage limit and using Mailbox Manager to delete items from an
over-limit mailbox, and answer any questions that students have.
How to Manage the Use this slide to discuss the steps for managing the Badmail folder. Then have
Badmail Folder students complete the inline practice on managing the Badmail folder, and
answer any questions that they have.
How to Manage the Use this slide to discuss the high-level steps for managing the postmaster
Postmaster Mailbox mailbox, for manually setting an SMTP Postmaster Mailbox, and for changing
the account from which delivery status notifications originate. This how-to
topic includes a section on the reasons for changing the origin of a delivery
status notification. Then have students complete the inline practice on opening
the postmaster mailbox and on responding to any pending items before deleting
all items in the mailbox, and answer any questions that they have.
Lesson: Performing On-Demand Exchange Maintenance

What Are the On- Ask students to list some on-demand maintenance tasks, and then discuss
Demand Maintenance briefly each on-demand maintenance task. Emphasize that even as they
Tasks? complete daily and scheduled maintenance, students will be required to perform
some on-demand maintenance tasks to resolve performance issues.
Why defragment the Ask students about fragmentation and defragmentation, and then discuss the
database? event triggers that indicate that defragmentation is necessary. Emphasize that
the on-line maintenance that Exchange performs does not reduce the size of the
database. Explain how the Eseutil command-line tool enables students to
defragment the database. If students are interested in additional information
about the Eseutil command, refer them to Help.
Point out to your students that before they consider running maintenance
utilities on the Exchange databases they must consider other means of
defragmenting their Exchange stores, such as creating a new Exchange store
and moving mailboxes or public folders to that Exchange store. Performing this
process would allow them to keep their old Exchange store online during the
process.
How to Defragment Use this slide to discuss the steps for defragmenting the database. Then have
Exchange Stores students complete the inline practice, and answer any questions that they have.
Mention to students that the command parameters used in the practice assume
that the .edb and .stm files are located in the same directory.
How Isinteg Verifies the Discuss what events trigger the requirement for verifying Exchange store
Exchange Store Integrity integrity. Explain how the Isinteg command-line tool enables the verification of
Exchange store integrity, and identify the process that Isinteg uses to verify
Exchange store integrity. If students are interested in additional information
about the Isinteg command, refer them to Help.
Tell your students that it is recommended that the use of maintenance utilities
such as Isinteg be performed while they are on the telephone with the support
team to reduce any possibility of something going wrong and also allowing
them to recover as quick as possible if something does go wrong.
Module 13: Performing Preventive Maintenance vii
How to Verify the Use this slide to discuss the high-level steps for verifying Exchange store
Exchange Store Integrity integrity. Then have students complete the inline practice on verifying
Exchange store integrity, and answer any questions that they have.
What to Look for When Emphasize that to be able to identify potential issues, students must develop a
Checking Queues queue baseline so that they can identify the difference between normal behavior
and abnormal behavior.
Guidelines for Ask students to provide some examples of the basic questions that they need to
Configuring a have answered about their environment to monitor the performance of their
Performance Console Exchange servers. Then use this slide to discuss the guidelines for configuring a
performance console.
Discussion: Performing Preventive Maintenance

The scenarios in this discussion were designed to allow students to reflect on
what they did in the module and to give them an opportunity to ask any
remaining questions that they have. Use the discussion scenarios to provide a
summary of the module content. You can also return to the Module overview
slide and use it to help summarize the lessons covered in this module.
You can do this activity with the entire class. Or, if you have time, have
students work in small groups to come up with solutions to the problems in the
scenarios, and then present and discuss their ideas with the class.
Before taking part in the discussion, students should have completed all of the
practices. Students who have not completed the practices may have difficulty
taking part in the discussion.
Assessment
Assessment questions for this module are located on the Student Materials
compact disc. You can use the assessment questions in whatever way you think
is best for your students. For example, you can use them as pre-assessments to
help students identify areas of difficulty, or you can use them as post-
assessments to validate learning. Consider using the questions to reinforce
learning at the end of the day or at the beginning of the next day. If you choose
not to use the assessment questions during class, show students where they are
so that they can use them to assess their own learning outside of class.
Module 13: Performing Preventive Maintenance 1
Overview
*****************************ILLEGAL FOR NON-TRAINER USE******************************

Introduction Preventive maintenance is the key to ensuring the availability and reliability of
a messaging system. By categorizing and scheduling maintenance tasks
accordingly, a messaging administrator can approach his or her administrative
tasks in an organized manner, leaving nothing to chance.
Microsoft® Windows Server™ 2003 and Microsoft Exchange Server 2003
provide numerous monitoring tools, utilities, and services to help you ensure
that computers running Exchange 2003 are functioning efficiently. Your ability
to use these tools, utilities, and services to analyze the gathered data will help
you reduce server performance issues and plan for future hardware resources.
Objectives After completing this module, you will be able to:
! Perform daily Exchange maintenance.
! Perform scheduled Exchange maintenance.
! Perform on-demand Exchange maintenance.
2 Module 13: Performing Preventive Maintenance
Lesson: Performing Daily Exchange Maintenance

Introduction In addition to disaster prevention and regular backups, you must monitor
system activity and server performance every day to provide effective
preventive maintenance of Exchange Server 2003. By monitoring Exchange on
a daily basis, you can identify what is typical and normal for your Exchange
server and identify trends that indicate problems so that you can resolve any
problems before they become issues for your users.
Windows Server 2003 and Exchange Server 2003 offer tools and utilities to
monitor application performance and server performance. By using the
available tools and utilities, you can analyze data that will help you to
administer Exchange proactively.
Lesson objectives After completing this lesson, you will be able to:
! Describe the daily maintenance tasks.
! Explain guidelines for checking logs.
! Explain guidelines for monitoring services and cluster resources.
! Explain guidelines for examining the Exchange store statistics.
! Explain what events must be viewed in Event Viewer.
! Monitor Event Viewer for potential issues.
! Check Monitoring and Status in Exchange System Manager for potential
issues.
! Explain the purpose of Queue Viewer.
! Monitor queues by using Queue Viewer for potential issues.
What Are the Daily Maintenance Tasks?

Monitoring is the daily task of ensuring that critical Exchange services are
running properly. The goal of daily monitoring is to identify problems before
they impact your users. Both Windows Server 2003 and Exchange Server 2003
provide utilities, such as Event Viewer, System Monitor, and Exchange System
Manager, that monitor and analyze server components and
Exchange Server 2003 performance and use.
While the daily task of checking the performance of Exchange and other
established monitors will allow you to resolve problems as they are discovered,
monitoring will also allow you to identify trends that can indicate future
problems or trends that allow you to plan for future growth.
Daily maintenance tasks Maintenance tasks that you must perform on a daily basis allow you to
determine what is normal for your Exchange server and when abnormal events
occur. These tasks include:
! Monitor Event Viewer for potential issues. Use Event Viewer to obtain
information about service failures, replication errors in the Microsoft Active
Directory® directory service, and warnings when system resources such as
virtual memory or available disk space are running low. Using Event
Viewer enables you to identify problems that must be resolved and identify
trends that will require future action.
! Check Monitoring and Status for potential issues. Use Monitoring and
Status to check connector status and Exchange server status. This check
enables you to identify when resources have reached defined thresholds and
when connector or server failures will affect your users.
! Check Queue Viewer for problems. Use Queue Viewer to view the message
load on your Exchange servers. Queue Viewer enables you to view message
queues to determine whether too many messages are queued up or whether
any message delivery failures have occurred.
! Check logs for errors. Review the logs available through Event Viewer,
Performance console, virtual servers, and your antivirus product. This
review enables you to identify performance problems, viruses, and protocol
errors. It also will allow you to see when abnormal events in your
environment occur.
! Check for available disk space. Use Windows Explorer to check for
available disk space on volumes that store Exchange logs and databases. By
monitoring disk space daily, you can determine when you must add
additional storage to prevent the Microsoft Exchange Information Store
service from being shut down due to insufficient disk space.
! Monitor Exchange and network services. Monitor the Exchange and
Microsoft Windows® required services. Verify that the default Exchange
services, such as the Microsoft Information Store service and Microsoft
Exchange System Attendant service, and Windows services, such as World
Wide Web Publishing and Simple Mail Transfer Protocol (SMTP), are
started. Verify that network services such as Active Directory replication
and overall network is performing properly.
! Monitor server performance. Use the Windows Performance console to
monitor Windows and Exchange performance. This console allows you to
identify performance bottlenecks that can cause Exchange performance
issues. You can use the data collected through the Performance console to
identify trends that will indicate when an upgrade needs to be performed.
! Monitor cluster resources. Use Cluster Administrator to monitor failovers
and monitor hardware resources, such as virtual memory, by using the
Performance console.
! Verify replication. Use Active Directory Sites and Services to verify
replication. Active Directory Sites and Services allows you to identify the
Active Directory replication issues that create performance issues for
Exchange.
! Examine Exchange store statistics. Use Exchange System Manager to
examine Exchange store statistics. This examination enables you to
determine whether the Exchange store is mounted, what users are logged on,
the state of public folder replication, and the state of full-text indexing.
Note The Microsoft Exchange Application Management Pack for Microsoft

Operations Manager 2000 includes key performance metrics to monitor the
overall performance of Exchange, and to alert you to critical performance
issues. By using Microsoft Operations Manager reporting, you can analyze and
graphically represent this performance data to understand usage trends, perform
accurate load balancing, and manage system capacity. You can also use
Microsoft Operations Manager to centralize the task of daily maintenance. For
more information about Microsoft Operations Manager, see Course 2550,
Implementing Microsoft Operations Manager 2000.
Guidelines for Checking Logs

Knowing what is typical in your environment will help you to identify potential
errors or anomalies to which you must respond immediately before such errors
become a problem for your users. Consider checking event logs, performance
logs, antivirus logs, and protocol logs daily, and consider archiving all logs to
review for historical data and to identify trends.
Guidelines Apply the following guidelines when checking the different logs every day:
! Review event logs daily and respond to errors immediately. Review
Windows event logs daily because both Exchange and Windows report
warning and error conditions to event logs. For example, if a partition has
10 percent or less of disk space available, Windows reports a low-disk-
space warning as “Event ID 2013: The disk is at or near capacity. You may
be required to delete some files.”
! Monitor the performance and capacity of your Exchange servers. Use
system management utilities, such as Performance console, to monitor the
performance and capacity of your Exchange servers. Configure these
utilities to alert your operations staff when performance and capacity
measurements fall outside of normal operating parameters. For instance,
check against low disk space, or excessive use of CPU processors. Capture
performance data to establish a performance baseline, and use the baseline
for comparison against daily monitoring results to identify trends.
! Review the antivirus logs. Review antivirus logs for information about when
the last virus scan was performed, what was scanned, and what issues
resulted from the scan. Review this information to ensure that the antivirus
product is working correctly and informs you of any problems that may
arise, such as a virus that could not be removed. If your log file indicates
that a virus exists that could not be removed, search the Web site of your
antivirus vendor for a possible solution.
! Review protocol logs. Review the logging information in the SMTP,

Network News Transfer Protocol (NNTP), and Hypertext Transfer Protocol
(HTTP) virtual servers to track the commands that a virtual server receives
from client computers. For example, for each message sent, you can view
the client computer’s IP address and domain name, date and time of the
message, and number of bytes sent. You can use these log files to identify
unusual activities, such as messages that include odd recipients and
messages with suspicious attachments. After identifying such unusual
activities, you can review your security settings to filter any unwanted mail
from being delivered to your server.
Guidelines for Monitoring Services and Resources

Exchange performance issues can be a result of service failures, insufficient
system resources, network performance issues, and security and permissions
problems such as a denial of service or an improper use of distribution lists.
You must monitor your servers, network services, and network daily to ensure
that Exchange is performing as expected. Depending on the situation that you
encounter, check on what service or resource is impacting Exchange 2003
performance, by using the appropriate utility.
Guidelines for If the network is slow, users will perceive that Exchange is slow. Verify the
monitoring network network performance daily by:
performance
! Capturing, displaying, and analyzing network traffic. Use Network Monitor,
a Windows Server 2003 utility that captures, displays, and analyzes network
traffic that flows to and from the network adapter and that is installed on
each computer on the network. If you want to capture frames that are sent to
or from a remote computer, you must use the Network Monitor component
that comes with Microsoft Systems Management Server (SMS), or use
Terminal Services to connect to the remote computer and run the Windows
Network Monitor from that computer.
! Locating network and connectivity problems. You can also use Network
Monitor to locate client-to-server connection problems, to find a computer
that makes a disproportionate number of work requests, and to identify
unauthorized users on your network. By capturing and analyzing network
data and by using that data in conjunction with performance logs, you can
see what is happening on your network and use that analysis to solve many
types of network problems that may impact your Exchange servers, as well
as to forecast the improvements that you must make to your network.
Guidelines for If Windows is not performing properly, Exchange will not perform properly.
monitoring server Verify daily that Windows is working correctly by:
performance
! Reviewing programs and processes running on your computer. Use Task
Manager, a Windows Server 2003 utility that provides information about
programs and processes running on your computer. Task manager also
enables you to monitor key performance indicators of each server. Use Task
Manager, for example, to identify a process that consumes too much CPU or
memory resources and to view pagefile and memory usage. You can use this
information to determine whether an application running on your Exchange
server, such as a monitoring utility, must be moved to another server or
upgraded, or whether you must tune system resources or perform system
upgrades.
! Monitoring performance counters of services running on your Exchange
server. Use Performance console, a Windows Server 2003 utility that allows
you to monitor performance counters. You must monitor hardware counters
in combination with Exchange counters to determine if performance
bottlenecks exist and to identify trends that you can use to plan for
upgrades. For example, you can monitor your Exchange server for
MSExchangeIS\RPC Requests and MSExchangeIS\RPC Operations/sec
to determine whether the slow response time of a client computer is a result
of something preventing the client computer from connecting to the
Exchange server or some process running on the Exchange server. If
operations per second are low and outstanding requests are zero, evaluate
your network resources. Otherwise, you must review Exchange server
resources.
Guidelines for If Windows services are not configured or working properly, Exchange will not
monitoring Windows work properly. If you receive performance indicators through utilities, such as
services Event Viewer, that Windows services are not functioning, you may be required
to verify or modify the configuration of that service. Verify that the following
Windows services are working correctly by:
! Monitoring Active Directory. Monitor indicators of Active Directory
performance daily because Active Directory configuration directly impacts
your Exchange performance. By monitoring Active Directory, you can
identify trends before actual problems occur, such as a slow response time
for the authentication of client computers or the slow appearance of newly
configured objects in Exchange. If required, you must review your Active
Directory configuration or force replication by using Active Directory Sites
and Services.
! Monitoring Domain Name System (DNS) service. Monitor indicators of
DNS issues daily because Exchange performance issues can be a direct
result of the DNS configuration. Exchange depends on DNS for name
resolution. If you see DNS errors in Event Viewer or if you experience
communication problems between your Exchange servers that are reported
through your daily monitoring, you must review your DNS settings. Use the
DNS management console to ensure that address records exist for your
domain controllers and global catalog servers, and that address and mail
exchanger (MX) resource record exist for your Exchange server.
! Monitoring Internet Information Services (IIS) service. Monitor the
performance of IIS daily for indicators of performance issues. IIS provides
access to Exchange through HTTP. If performance issues are reported, you
may want to review your default Web site configuration.
Guidelines for If clusters are not configured properly, Exchange will not perform properly.
monitoring cluster Monitor cluster resources by:
resources
! Verifying that clusters are configured correctly. Use Cluster Administrator
to monitor your Exchange clusters daily for failovers.
! Viewing the overall performance of your server and the performance of
Exchange Server 2003. View the overall performance of your server and the
performance of Exchange Server 2003 by using System Monitor and Event
Viewer. When you deploy Exchange Server 2003 clusters, it is important to
proactively monitor the clusters. This monitoring is especially necessary in
an active/active cluster during a failover, thereby verifying that enough
resources are available to provide your users with the same level of
performance that they experienced before the failover.
! Monitoring virtual memory counters when deploying Exchange server
clusters. Monitor virtual memory counters daily to determine when an
Exchange Virtual Server must be restarted due to memory fragmentation.
• Monitor Event ID 9582, which is logged by the Microsoft Exchange
Information Store service, as an indicator of whether your Exchange
server has become excessively fragmented.
• Monitor the counters in the following table to identify memory
fragmentation for each node in the cluster.
Counter What to monitor
MSExchangeIS\VM Largest Monitor this counter to see when it drops

Block Size below 32 megabytes (MB). Exchange logs a
warning in the event log (Event ID=9582)
and logs an error if this counter drops below
16 MB.
MSExchangeIS\VM Total Monitor the trend on this counter to predict
16MB Free Blocks when the number of 16 MB blocks is likely
to drop below three. When the number drops
below three, it is recommended to restart all
the services on the node.
MSExchangeIS\VM Total Monitor this counter to measure the degree to
Free Blocks which available virtual memory is being
fragmented. The average block size is the
Process\Virtual Bytes\STORE instance
divided by MSExchangeIS\VM Total Free
Blocks.
MSExchangeIS\VM Total Monitor this counter to ensure that this
Large Free Block Bytes counter does not drop below 32 MB. If a
node in the cluster drops below 32 MB, fail
over the Exchange Virtual Servers, restart all
of the Exchange services on the node (or
restart the server), and then fail back the
Exchange Virtual Servers.
Guidelines for Examining the Exchange Store Statistics

Exchange requires free disk space to support the extra capacity required for user
databases and transaction logs, and the ability to run maintenance utilities. By
monitoring Exchange store statistics daily, you can anticipate when Exchange
will run out of disk space and be prepared to add additional storage resources
before Exchange runs out of disk space. Event ID 1113 in the Application event
log indicates that Exchange has run out of disk space.
Guidelines To verify available disk space, you can:
! Check available free space on Exchange volumes by using Windows
Explorer. Check the available free space daily by:
• Comparing the available disk space on each of the Exchange volumes to
the expected rate of growth that you predict for your databases and
transaction log files, thereby determining when you will need additional
disk resources to support that growth.
• Viewing the statistics for each of the Exchange databases and comparing
these statistics to the available free space to ensure that sufficient free
disk space exists to run maintenance utilities. Available free disk space
must be equal to or greater than 110 percent of the size of the largest
database. Additionally, this free disk space must be contained on a single
drive.
! Gather additional information daily about the Exchange stores by using the
Exchange System Manager utility. Expand the mailbox or public folder store
node in Exchange System Manager to view the:
• Users who are logged on to an Exchange store (mailbox or public). This
view can be useful if you must perform maintenance and have to notify
specific users to close their mailbox.
• Size of individual mailboxes. This view can be useful if you are trying to
identify which users are consuming the most resources.
• Current state of Full-Text Indexing for mailbox and public folder stores.
You can view the Index State, Number of documents indexed, Index
size, Last build time, Index name, and Index location.
• Current state of public folders. You can view the size of individual
public folders, the last time the folder was accessed (this is useful if you
are thinking about removing the folder), and the last time a replica was
received.
What to View in Event Viewer

Event Viewer is a Windows utility that you can use to monitor hardware and
software activities. In Event Viewer, the application log contains errors,
warnings, and information events related to the operation of Exchange and
other applications on the operating system. By reviewing the data contained in
the application log, you can identify the cause of issues that you may encounter
and then anticipate more critical issues before they occur. For example, a
corrupt database will log errors in Event Viewer during online maintenance and
online backups. By monitoring Event Viewer, you can identify a corrupt
database in time to repair it, instead of trying unsuccessfully to restore the
database from a backup due to a corruption in the database.
To effectively monitor Event Viewer for potential issues, you must distinguish
between events that indicate normal behavior for the Exchange server and
events that indicate a problem with the Exchange server. By reviewing the
event logs daily, you can establish a baseline of typical events and save time in
identifying what events need your attention.
Normal events A normal event includes items such as those listed in the following table.
Event Indicates
Event ID 8000 and 8001 The start and end of the backup process.
Event ID 700 and 701 The start and end of the online defragmentation process.
Event ID 1206 and 1207 The start and end of the clearing of the deleted items
process.
Problematic events Events that indicate specific issues with your Exchange server are listed in the
following table.
Event Indicates
Event ID 2064 and 2069 DSAccess problems caused by incorrect DNS

configuration.
Event ID 9582 Low or fragmented virtual memory.
Events containing error: There may be file-level damage to an Exchange
- 1018 JET_errReadVerifyFailure database.
- 1019 JET_errPageNotInitialized
- 1022 JET_errDiskIO
Additional event The following table lists the other event sources that you must monitor in Event
sources Viewer:
Select this event source To
MSExchangeTransport View events recorded when SMTP is used to route

messages.
Event ID 4000 indicates that a connection fails for a
reason other than a specific protocol error. Other
connection failures can include DNS problems, the server
not being online, and dropped connections when the
server is overloaded or encounters internal errors.
MSExchangeAL View events related to the service that addresses e-mail
through address lists.
Event ID 8026 indicates network connectivity or
Lightweight Directory Access Protocol (LDAP)
configuration problems.
MSExchangeIS View events related to the service that allows access to
mailbox and public folder stores.
Event ID 9518 indicates a failure while starting an
Exchange storage group—for example, if all databases in
a storage group are offline or if an Extensible Storage
Engine (ESE) error occurred while starting a database
within a storage group.
MSExchangeSA View events recorded when Exchange uses Active
Directory to store and share directory information.
How to Monitor Event Viewer for Potential Issues

The application log helps you to identify and diagnose the cause of problems
you may encounter such as insufficient disk space or database corruption. If in
your daily monitoring you have identified potential problems with your
Exchange server, you can increase the logging levels that control the amount of
information logged in the application log. The higher you set the logging level,
the more events you can view in the application log, which increases your
ability to diagnose the problem.
To view Exchange- The high-level steps for using Event Viewer to view the application log are as
related event sources follows:
1. Open Event Viewer from Administrative Tools.
2. Click Application Log.
3. In Event source, select an Exchange-related event source, depending on
what you want to view.
Detailed steps for viewing Exchange-related event sources are in the practice
“Checking Event Viewer for potential issues” later in this topic.
To configure diagnostic The high-level steps for configuring diagnostic logging are as follows:
logging
1. In the Exchange System Manager console tree, browse to Servers, right-
click ServerName, and then click Properties.
2. On the Diagnostics Logging tab, configure the logging level for each
service and category that you want to configure diagnostic logging for.
Caution If you increase the logging levels for Exchange services, you will
experience some performance degradation. Additionally, increasing the logging
levels on your Exchange server will cause the log files to grow faster than when
normal logging levels are set. It is recommended that you increase the size of
the application log to contain all the data produced. If you do not increase the
size of the application log, you will receive frequent reminders that the
application log is full. Alternately, you can configure your log files to overwrite
events as required to prevent the log files from becoming full; however, this
option may not provide you with all the data that you may need to diagnose
your problem if some events are overwritten.
Detailed steps for configuring diagnostic logging are in the practice that
follows.
Note For additional information about event log errors, see “Welcome to
Exchange 2000 Server Error and Event Messages” on the Microsoft
Exchange 2000 Server Product Documentation Web site at
http://www.microsoft.com/exchange/en/60/help/default.asp.
Practice: Checking In this practice, you will check Event Viewer on London to determine whether
Event Viewer for any Exchange errors exist.
potential issues
! To prepare for this practice
1. Start up 2400_London-Virtual PC, if not already started.
2. Log on as NWTraders\LondonAdmin with a password of P@ssw0rd.
3. Run the script entitled “2400B_13_Setup.vbs” located in the
C:\MOC\2400\practices\Mod13 folder.
4. If not already open, open Microsoft Outlook® Web Access by using
Microsoft Internet Explorer to open the URL http://london/exchange/
londonadmin. When prompted for credentials, use nwtraders\londonadmin
with a password of P@ssw0rd.
5. Read the message with the subject “Performing Preventative Maintenance”
from your team lead, Samantha Smith.
Note This procedure may take 5 minutes to complete before you can
continue.
! To check Event Viewer for potential issues

1. On the desktop, click Start, point to Administrative Tools, and then click
Event Viewer.
2. In Event Viewer, in the console tree, click Application.
3. In the details pane, browse through the events, with particular attention to
any red stop events and yellow warning events. You will not be acting on
any events at this time.
4. Leave Event Viewer open.
5. Switch to Exchange System Manager.
6. In Exchange System Manager, expand Administrative Groups\

First Administrative Group\Servers, right-click London, and then click
Properties.
7. In the London Properties dialog box, click the Diagnostics Logging tab.
8. On the Diagnostics Logging tab, under Services, expand MSExchangeIS
and click Mailbox.
9. Under Categories, click General.
10. In the Logging level area, click Maximum, and then click OK.
11. Switch to Event Viewer.
12. On the View menu, click Filter to filter the log to list entries for a specific
type of Exchange-related events.
13. In the Application Properties dialog box, in the Event source box, click
MSExchangeIS Mailbox Store.
14. In the Application Properties dialog box, in the Category box, click
General, and then click OK.
What kind of events do you see identified? What problems may this
indicate? What should you do about potential problems?
Responses will vary.
15. On the View menu, click All Records to view all events, and then close
Event Viewer.
17. Right-click London and then click Properties.
18. In the London Properties dialog box, click the Diagnostics Logging tab.
19. On the Diagnostics Logging tab, under Services, expand MSExchangeIS
and click Mailbox.
20. Under Categories, click General.
21. In the Logging level area, click None, and then click OK.
How to Check Monitoring and Status for Potential Issues

Monitoring the status of your network and your Exchange servers is one of the
most effective ways to ensure that your system and the network are functioning
properly. By default, Exchange enables monitoring of key Exchange services.
In addition, you can configure Exchange to constantly monitor the performance
level of other network and application services. You use the Monitoring and
Status utility daily to monitor the status of your servers and connectors to
determine if they are up and functioning properly.
To verify server and To monitor the status of servers and connectors, use the Status column in
connector status Monitoring and Status to determine whether any service failures exist,
whether system resources are running low, or whether messages are not
flowing. Use the following table to understand what the status indicates.
Server status What does it indicate?
Unreachable One of the main services on the server is down or, if a server is
in a different routing group, a connector between routing
groups may be down or may not exist. Review your servers
and connectors for indications of failures.
Unknown System Attendant cannot communicate with the local server.
Review your server for an indication of why the System
Attendant is not communicating.
Critical or Warning A monitored resource has reached the critical or warning state
defined for the resource. For example, Critical: service not
running indicates that a service defined in the monitor has
stopped. If a resource has reached its threshold, try to free up
that resource—for example, by stopping a process that is
consuming too many CPU resources. If a service has stopped,
check the event logs to see why the service stopped and then
try to restart the service.
Unavailable A communication service, such as the routing service, is not
functioning on this connector. Review your server for
indications of service failures.
Detailed steps for configuring diagnostic logging are in the practice that
follows.
Practice: Checking In this practice, you will use the Monitoring and Status utility in Exchange
Monitoring and Status System Manager to verify that no performance issues currently exist on
for potential issues London.
1. In Exchange System Manager, browse to Tools\Monitoring and Status and
then click Status.
2. In the details pane, view the status of the servers and connectors in your
environment. If Miami-Virtual PC is not currently running, notice that
Status indicates that MIAMI is unreachable.
You would like to take down one of your Exchange servers for
maintenance. You do not want Exchange to generate any alerts or
notifications while the server is down. Using the Status tool, how can
you disable monitoring of a server?
Right-click the server in the Status window and then click
Properties. From the server’s properties dialog box, you can select
the Disable all monitoring of this server check box.
What Is Queue Viewer?

Queue viewer is a utility that you use to maintain and administer the
organization messaging queues. In queue viewer, the following queues can be
displayed from either a local or a remote computer: an SMTP virtual server, a
Microsoft message transfer agent (MTA) object, a connector, any DNS
messages pending submission, a failed message retry queue, and messages
queued for deferred delivery.
Options in Queue Viewer The following table describes some of the options in queue viewer.
Use this option To
Disable Outbound Mail Disable outbound mail from all SMTP queues. For
example, you may want to disable outbound e-mail if a
virus is active in your organization. This option does not
disable the MTA or System queues.
If you want to prevent outbound e-mail from transmitting
from a particular remote queue, instead of disabling all the
SMTP queues, you can freeze the messages in that queue.
Right-click the queue, and then click Freeze. This will
freeze all the messages in the queue. To unfreeze the
messages, right-click the queue, and then click Unfreeze.
Settings Determine the frequency at which the queues are refreshed.
The default rate at which the queues are refreshed is 2
minutes. You can set the refresh rate to 1 minute, 5
minutes, 10 minutes, or Never refresh. If you are trying to
resolve a delivery problem, you may want to set the refresh
rate to a shorter interval, such as 1 minute, so that you can
see changes to the queues reflect sooner.
(continued)
Use this option To
Find Messages Display messages in the queue or to search for messages

by specifying search criteria such as the sender or
recipient, and the message state (for example, frozen). You
can also specify the number of messages that you want
your search to return. You can use this option if you are
searching for a particular message or want to enumerate
the messages in the queues to see when the oldest message
was submitted.
Additional queue View additional information, such as troubleshooting
information information about a particular queue. Information on errors
returned from Exchange-specific extensions to SMTP
service (such as the queue’s not operating properly due to
remote server connection problems or the queue’s inability
to find the destination through DNS) is also displayed. The
Additional queue information option also indicates
whether the queue is unavailable—for example, whether
the service has not started. Based on the information
provided, you may be required to review other services,
such as DNS settings, to eliminate the problem.
How to Monitor Queues for Potential Issues

As an Exchange administrator, it is your responsibility to monitor Exchange
queues daily. Exchange uses queues to hold messages while they are being
processed for routing and delivery. If messages remain in a queue for an
extended period, a problem may exist. For example, if an Exchange server is
unable to connect to the network, you may find that messages are not being
cleared out of queues.
To check for problem messages, you must enumerate messages in the queue by
using the Find Messages feature. You can use the queue viewer to determine if
a problem exists with a particular queue.
To determine a problem The steps for determining a problem with a queue are as follows:
with a queue
1. Select the Queues node for the server you want to view.
2. Review the State column to see which state the queue is in. The following
table lists the types of states.
State Description
Active Indicates that a link queue has an active connection. Requires no

action.
Ready Indicates that a link queue is ready to have a connection allocated
to it. Requires no action.
Retry Indicates that a connection attempt has failed and that the server
is waiting for a retry. Review the State column again to ensure
that this state has changed. If it is still in the Retry state,
determine the problem that is preventing the queue from
delivering messages.
Scheduled Indicates that the queue is waiting for a scheduled connection
attempt. Requires no action.
(continued)
State Description
Remote Indicates that the queue is waiting for a remote dequeue

command (TURN/ETRN). Requires no action.
Frozen Indicates that no messages will leave the link queue. Messages
may still be inserted in the queue if the Exchange routing
categorizer is still running. If you have frozen the queue for a
particular reason, such as during a virus attack, you will be
required to unfreeze the queue when the virus problem is
resolved.
3. Review the Number of messages and Total message size (KB) columns to
see if a large number of messages are backed up in the queue or if the
message size is too large for your environment:
• If a large number of messages are backed up in the queue, you can force
a connection by using the context menu for the queue.
• If you have an extremely large message that is preventing other
messages from being delivered, consider deleting the message.
To find messages You can also use the Find Messages feature to locate a message in the message
queues. You typically look for a message in a queue if a user has reported that
they sent an important message that was never received. The high-level steps
for finding messages in queues by using the queue viewer are as follows:
1. Select the Queues node for the server you want to view.
2. Use the Find Messages option for the queue in which you want to search
for messages.
3. Use Search Results to view information about the messages located in the
queue, such as whether the message is in the Retry state, what the size of the
message is, what time the message was submitted, and what time the
message will expire. This information will help you to identify potential
issues.
Detailed steps for finding messages are in the practice that follows.
Practice: Verifying that In this practice, you will check the queues to verify that no undelivered
queues have no long- messages have been waiting in the queue for longer than expected.
term undelivered
messages 1. In Exchange System Manager, browse to Administrative Groups\
First Administrative Group\Servers\London, and then expand London.
2. In the console tree, click Queues.
3. In the details pane, browse the available queues. Notice that the queue to
Miami is in a Retry state because Miami is not currently running.
4. In the Queues details pane, click London – Miami RGC (Routing Group
Connector) and then click Find Messages.
5. In the Find Messages – London – Miami RGC (Routing Group
Connector) dialog box, click Find Now. Notice that the Search Results
window lists the first 100 messages that are currently stuck in this queue.
Close the Find Messages – London – Miami RGC (Routing Group
Connector) dialog box.
6. In the Queues details pane, at the bottom of the window, click Settings.
7. In the Settings dialog box, notice that the connection is retried every 2
minutes by default, and then click OK to attempt a connection immediately.
8. Explore the queue window and test the available options by disabling and
enabling outbound e-mail, by scrolling to the right in the queue viewer, and
by testing the options on the context menu of the queues.
You notice that one of the queues has messages in it. You identify the
problem and re-establish connectivity to the destination server. How
can you force the queue to retry connection to the destination server?
In the Queues details pane, right-click the queue that you want to
force to reconnect, and then click Force connection.
Lesson: Performing Scheduled Exchange Maintenance

Introduction The data that you accumulate through scheduled monitoring provides the
information you need for trend analysis and capacity planning. By
characterizing system performance over time, you can justify the need for new
resources before the need becomes critical, and then use that collected data to
proactively troubleshoot your servers.
! Describe the scheduled maintenance tasks.
! Generate reports and identify trends.
! Review protocol logs for potential issues.
! Explain the purpose of HTTP Monitor.
! Monitor Outlook Web Access servers to identify potential issues.
! Manage mailbox limits.
! Manage the Badmail folder.
! Manage the Postmaster mailbox.
What Are the Scheduled Maintenance Tasks?

In addition to requiring daily administration, Exchange requires certain
scheduled maintenance tasks to continue running smoothly and to keep up with
the level of service that users demand.
Scheduled maintenance You must define the required procedures and the frequency of specific
tasks Exchange monitoring tasks in your company for managing the following items:
! Generate reports and identify trends. Use System Monitor, Microsoft
Operations Manager, or third-party utilities to capture performance data that
will allow you to create reports and to estimate when servers must be
upgraded.
! Review protocol logs for potential issues. Use protocol logs to track
commands that are sent and received by SMTP, NNTP, and HTTP virtual
servers. Reviewing these logs can help you troubleshoot messaging
problems and identify potential issues.
! Monitor Outlook Web Access servers for potential issues. Users can use
Outlook Web Access to access their Exchange data. Use HTTPMon to
monitor your Outlook Web Access servers to ensure that client computers
are not experiencing connection or performance issues.
! Manage mailbox limits. Understand which users consume the most
resources on your servers to help you configure and maintain your
Exchange storage.
! Manage the Badmail folder. Monitor the Badmail folder to identify trends
and prevent messages from building up. Messages that cannot be delivered
and cannot be returned to the sender are sent to the Badmail folder. Over
time, these messages can build up and take up disk storage.
! Manage the Postmaster mailbox. The Postmaster account is used for non-
delivery reports (NDR). Managing the postmaster account includes
determining what e-mail account will be associated with the postmaster
account and monitoring and responding to NDR messages when necessary.
Guidelines for Generating Reports and Identifying Trends

To ensure that Exchange Server 2003 runs at optimal efficiency and with
minimal downtime, you must gather enough information to establish a baseline
for the performance of your server. By gathering the appropriate information,
you can manage the system running Exchange Server 2003 proactively and
perform trend analysis and capacity planning. You must create a baseline when
you first deploy your server and then re-create the baseline any time a change in
hardware or workload occurs, such as a change in the number of users.
Guidelines for At the minimum, you must create procedures for the following monitoring and
monitoring and measurement tasks:
measurement
! System monitoring. These procedures must include information about server
resources that must be monitored, including memory, processor usage, hard
disk space and disk performance, and network performance. In addition,
Exchange-specific performance indicators, such as Exchange store
performance, message delivery rates, and message queue problems, must be
included.
Each of these procedures must specify the frequency of monitoring tasks,
the baseline or expected data to be captured, and the appropriate escalation
procedures for managing problems, as they arise.
! System measurement. These procedures work with system monitoring
procedures and must include standards for the types of information
measured, the measurement sampling rate, the equations to use when
analyzing data, the formats to store the data in, and the formats to use for
reporting.
Guidelines for capacity Capacity planning is the allocation and monitoring of system resources to
planning ensure that optimal system performance is maintained as the system load
increases.
To provide capacity planning, you must establish baselines for each service,
and then continually monitor all levels of system operations. For example, it is
important to plan carefully before substantially increasing the number of users
supported on a server running Exchange Server 2003; otherwise, the increased
user load may degrade performance and overload both hard disk resources and
other system resources.
Guidelines for capturing To provide information on performance objects and related counters, use
and reporting Performance console. Performance console contains two snap-ins; Performance
performance data Log and Alerts and System Monitor. To provide information on performance
objects and related counters:
! Record and log system activity over a period of time by using Performance
Logs and Alerts. You collect data to analyze performance and usage. To use
Performance console to generate reports, you must:
• Capture performance data.
• Configure Performance Logs and Alerts to collect data for the
recommended counters at regular intervals, such as every 10 to 15
minutes.
• Retain logs over extended periods of time by storing data in a database
such as Microsoft Access or Microsoft SQL Server™. If you store the
data in a database, you can use the reporting features of those programs
to create complex reports that can be used to assess overall performance,
do trend analysis, and do capacity planning.
! Chart activity in real time and display information contained in log files by
using System Monitor. You can use System Monitor to:
• View server activity when server performance degrades.
• Perform analysis of processor activity and queues, which is useful in
isolating problems with specific components.
• Display logs of captured performance data, viewed as reports, graphs, or
histograms.
Guidelines for analyzing By capturing data and analyzing the reports you create by using that data, you
trends can uncover hidden patterns and predict future trends. This trend analysis will
allow you to be proactive in determining how to manage your Exchange servers
in the future. For example, by analyzing the current usage on your Exchange
server, you can predict when normal growth, such as mailbox growth, will
require you to upgrade your storage.
Practice: Generating a In this practice, you will generate a performance report.

performance report and
looking for trends
Important To complete this practice, you must have a counter log that tracks
Exchange-specific objects and counters. If you have not already created a
counter log, you should complete the practice entitled Practice: Configuring
Performance Logs in Module 2, “Configuring and Managing Microsoft
Exchange Server 2003,” in Course 2400, Implementing and Managing
Microsoft Exchange Server 2003.
1. On the desktop, click Start, click Run, type perfmon and then click OK.
2. In the console tree, click System Monitor.
3. In the details pane, on the toolbar, click View Log Data.
4. In the System Monitor Properties dialog box, on the Source tab, click Log
files, and then click Add.
5. In the Select Log File dialog box, set the Look in box to C:\perflogs, click
the London Stores_000001.tsv log file, and then click Open.
6. In the System Monitor Properties dialog box, click Data.
7. On the Data tab, click Add.
8. In the Add Counters dialog box, add all counters for all available
performance objects, and then click Close.
9. In System Monitor Properties, click OK.
10. Use the toolbar to view the data in graph and histogram format.
11. View the data that you collected to determine whether any performance
trends exist that you should act on. You can use the Highlight button at the
bottom of the window to emphasize the graphical representation of the data
collected for each counter selected.
What kind of trends are you looking for in the report? How do you
know if you should take an action on them?
You are looking for any upward or downward trends in the
counters that are recorded in the report. You should take action on
any trends that appear to be approaching the thresholds that you
have already defined regarding Exchange performance
expectations.
How to Review Protocol Logs for Potential Issues

You can use Protocol Logging to track commands that an HTTP, SMTP, or
NNTP virtual server receives from client computers, and to track outgoing
commands. You must establish a schedule for regularly reviewing protocol
logs, and you should always review the log files if you are experiencing support
issues.
How to select a log file You can select from four types of file formats that are available for a protocol
format log file, depending on how you want to store the information. The following
table describes the four types of file formats that are available for a protocol
log.
File format What happens to the information?
Microsoft Internet The information is written to a comma-delimited

Information Services (IIS) ASCII text file. The data that is logged is fixed, which
Log means that you cannot customize the log.
NCSA Common Log The information is written to an ASCII text file that
uses the National Center for Supercomputing
Applications (NCSA) format. The data logged is fixed,
which means that you cannot customize the log.
ODBC Logging The information that is logged is written to a database.
You must set up an open database connectivity
(ODBC)-compliant database before using this format.
World Wide Web Consortium The information is written to an ASCII text file. The
(W3C) Extended Log W3C Extended Log File Format is the most flexible
format because the data is variable, which means that
you can choose what you want to track.
To enable SMTP or The high-level steps for enabling logging for an SMTP or NNTP virtual server
NNTP protocol logging are as follows:
1. Use the Properties dialog box of the virtual server to enable logging.
2. Select the logging file format to use.
3. Specify the schedule for when new log files will be created and the location
of these files. (These options are available for all file formats except ODBC
Logging.)
4. Select the items that you want to track if your log file format is W3C
Extended Log File Format.
Detailed steps for enabling SMTP protocol logging are in the practice
“Checking the SMTP log for problems,” later in this topic.
To enable HTTP protocol HTTP protocol logging is configured by using the properties of the Web site
logging that uses the IIS Manager. By default, protocol logging is enabled, and the log
file format is set to W3C Extended Log File Format. The high-level steps for
enabling HTTP protocol logging are as follows:
1. Use the Properties dialog box of the Default Web Site to enable logging.
2. Select the logging file format to use.
3. Specify the schedule for when new log files will be created and the location
of these files. These options are available for all file formats except ODBC
Logging.
4. Select the items you want to track if your log file format is W3C Extended
Log File Format.
An example of using the You can use the log file data for general troubleshooting—for example, to
SMTP log file data explain how users receive messages when their addresses do not appear on the
To or Cc lines. You can match the recipients specified in a RCPT TO command
with addresses that are posted in a message header or in the To and Cc lines of
the message. Or you can look for the message ID of a remote system,
collaborating with another system’s administrators to trace a message.
To determine the maximum-size message that a server will accept, you may
also look for response codes that a receiving server returns after your server
issues an EHLO command (for example: 250-SIZE 60000000). You can also
use the log data to generate reports. If another server attempts to use your server
as a relay (assuming your server is properly configured to prevent unauthorized
SMTP relays), the log file posts a numeric response code of 550, which equates
to Relaying Prohibited, in the protocol status (sc-status) field. A script can
easily search this field and tally the number of reported 550 codes.
Practice: Checking the In this practice, you will check the SMTP log for problems.
SMTP log for problems
Important To complete this practice, you must have configured your SMTP
virtual server to perform protocol logging. If you have not created an SMTP
log, you should complete the practice entitled Practice: Configuring SMTP
Logging in Module 2, “Configuring and Managing Microsoft Exchange
Server 2003,” in Course 2400, Implementing and Managing Microsoft
Exchange Server 2003.
1. On your desktop, click Start, click Run, type logfiles and then click OK.
This opens C:\Windows\System32\LogFiles.
2. In the C:\Windows\System32\Logfiles window, open SMTPSVC1, and
then open any log file.
3. Peruse the log file. Note that every character transmitted to the virtual server
on the SMTP port is captured in the log file.
4. Close the log file.
What kind of problems are you looking for in the SMTP log? How do
you know whether you should take action on a problem in the SMTP
log?
You are looking for indications of a security breach or functional
problems with message delivery. You should take action on any
suspicious SMTP traffic, such as repeated attempts to use your
SMTP server to send messages to external SMTP domains
(indicates an attempt to use your server for open relaying). You
can also use the log for troubleshooting purposes, including
determining if message size limits are causing delivery problems
for users transmitting messages to an external SMTP domain.
What Is HTTP Monitor?

HTTP Monitor (HTTPMon) is a utility that you can use to monitor Web sites or
applications. HTTPMon can check several Web sites and report the results to
either a log file in comma-separated values (CSV) format or in the
Windows Server 2003 event log. You can then use Windows Management
Instrumentation (WMI) or other technologies to monitor the event log, or you
can import the CSV output into Microsoft Excel or SQL Server for further
analysis. You can also use the SQL Server data and Client Monitor to track
your servers and use the reporting capabilities of SQL Server to analyze the
data that was captured.
Components of HTTPMon is comprised of three components:
HTTPMon
! Realtime Sampling Service. This component is the real-time monitoring
service.
! SQL Reporting Server. This component pulls data from monitor servers and
loads it into SQL Server.
! Client Monitor. This component is a set of Web pages that displays the
results from the SQL Reporting Server database.
Benefits of using The main benefits of using HTTPMon are as follows:

HTTPMon
! Allows you to ensure that the Exchange Web site is functioning and is
responding to requests from the client computer in a timely manner.
! Allows you to test several sites simultaneously to ensure that sites are up or
responding within reasonable amounts of time.
How to Monitor Outlook Web Access Servers for Potential Issues

Outlook Web Access in Exchange provides administrators convenient access to
Exchange data by using HTTP through a Web browser. You can use the HTTP
Monitoring Service (HTTPMon) to monitor Outlook Web Access servers to
identify and troubleshoot problems with Outlook Web Access. You must
establish a schedule for monitoring Outlook Web Access on a regular basis.
Consider monitoring Outlook Web Access by starting to monitor servers
weekly and then increase or decrease the frequency of your monitoring based
on the trends that you observe.
To install and configure The high-level steps for installing and configuring HTTPMon are as follows:
HTTPMon
1. Install HTTPMon from the resource kit by running Setup.exe from the
\apps\httpmon folder of the Resource Kit.
2. Specify the appropriate information in the Setup program.
3. After the installation is complete, run HTTPMon Configuration Manager to
configure the service.
To run HTTPMon The high-level steps for running HTTPMon are as follows:
1. Start HTTPMon Configuration Manager, configure any Global Settings for
your environment.
2. In HTTPMon Configuration Manager, add the server you want to monitor to
the Web Clusters.
3. Start the HTTP Monitoring Service by using the Services mmc.
4. After your tests start running, review the .csv files in the Output directory
for response codes, for the length of time the sample took to return the text,
and for the number of retries HTTPMon attempted. This data can indicate
problems with your Outlook Web Access servers.
5. Review the events logged by HTTPMon in Event Viewer.
How to Manage Mailbox Limits

You can check sizes of mailboxes by using the mailbox node. You can modify
the mailbox view to include the column Storage Limits. This column provides
feedback on whether certain limits have been enforced for a specific mailbox
based on storage limit settings that you have configured earlier and, if so, what
condition the mailbox is in (for example, Mailbox Disabled). You can use
Event Viewer to view events that are recorded when a mailbox reaches a limit
threshold. Consider making the task of monitoring mailboxes a weekly task.
To use Exchange In Exchange System Manager, you can add a Storage Limits column under the
System Manager to mailbox resources of the server container. This column reports whether limits
manage mailbox limits have been set for each user, and reports the status of each user according to the
limits. The following table defines the limits that are used in the Storage
Limits column.
Limit Description
No Checking Mailbox limits are not enabled for this mailbox.

Below Limit Mailbox has limits set, but the mailbox is below all set limits.
Issue Warning Mailbox has reached the Issue Warning limit and a warning
message is delivered to the mailbox.
Prohibit Send Mailbox has reached the Prohibit Send limit and is no longer
able to send messages.
Mailbox Disabled Mailbox has reached the Prohibit Send and Receive limit and
is now set to Disabled. You are not able to send messages from
this mailbox, and this mailbox is unable to receive messages.
Detailed steps for adding the Storage Limits column are in the practice
“Checking for over-limit mailboxes,” later in this topic.
To use Event Viewer to If you want to see events in the application log of Event Viewer when
manage mailbox limits mailboxes reach the various stages of storage limit warnings, you can configure
diagnostic logging on your server. You may consider using diagnostic logging
on your server if you have delegated the task of monitoring your event logs to a
support person who does not have administrative permissions on your
Exchange server or if you are using a utility to monitor your event logs.
To respond to oversized Mailbox Manager is defined as a recipient policy and can be used to create
mailboxes reports or take actions to clean old e-mail from users’ mailboxes. You can
schedule the mailbox management process to run at a specific time for regularly
scheduled cleanups or to be run manually. Consider running the mailbox
management process manually if you are in immediate need of mailbox
statistics or if you must immediately clear mailboxes of old e-mail. The high-
level steps for responding to oversized mailboxes are as follows:
1. In the Exchange System Manager console tree, browse to Servers.
2. Right-click the server that you want to process, and then click Start
Mailbox Management Process.
Mailbox management starts after a short delay, depending on the current level
of resource use on that computer.
Note Avoid using the mailbox management process when the system is busy,
because using this process may affect server performance.
Detailed steps for responding to oversized mailboxes are in the practice

“Cleaning mailboxes.”
Practice: Checking for In this practice, you will use Exchange System Manager to identify mailboxes
over-limit mailboxes that are exceeding the storage limit.
Important To complete the following two practices, you must have established
storage limits on your mailbox store and created a recipient policy that defines
how you want user mailboxes cleaned. If you do not have storage limits
defined, complete the practice entitled “Creating and applying a mailbox store
policy” located in Module 2, “Configuring and Managing Microsoft Exchange
Server 2003.” If you do not have a recipient policy created, complete the
practice “Creating and applying recipient policies,” located in Module 2,
“Configuring and Managing Microsoft Exchange Server 2003.”
1. In Exchange System Manager, browse to Administrative Groups\

First Administrative Group\Servers\London\First Storage Group\
Mailbox Store (LONDON)\Mailboxes, and then click Mailboxes.
2. On the menu, click View, and then click Add/Remove Columns.
3. In the Add/Remove Columns dialog box, in the Available columns box,
click Storage Limits and then click Add.
4. In the Displayed columns box, click Move Up until Storage Limits is the
second item in the list, and then click OK.
5. In Exchange System Manager, in the Mailboxes details pane, view the
Storage Limits column to determine whether any mailboxes are over their
storage limit. To more easily locate over-limit mailboxes, click the Storage
Limits column header to sort the data by storage limit status.
Practice: Cleaning In this practice, you will use Mailbox Manager to delete items from an over-
mailboxes limit mailbox.
First Administrative Group\Servers\London\, and then click London.
2. In the console tree, right-click London and then click Start Mailbox
Management Process. Mailbox Manager will delete items based on the
recipient policy applied to your user mailboxes.
3. To verify that items were deleted, open LondonAdmin mailbox and read the
message with the subject “Microsoft Exchange Server Mailbox Manager
Report” from the System Attendant. The recipient policy specifies that each
mailbox that was cleaned will have received a similar message.
Does running the mailbox management process cause all mailboxes to

be within storage limits?
Not necessarily. The recipient policy defined will be used to clean
mailboxes, and there may not be sufficient items meeting the
criteria in the policy to enable the mailbox management process to
bring a mailbox back within storage limits. In this case, the
recipient policy only purges the deleted items folder of messages
that are older than 1 day. Because mailboxes may be overlimit even
with nothing in the deleted items folder, mailboxes that are cleaned
by using this policy may not be within storage limits as a result of
running the mailbox management process.
How to Manage the Badmail Folder

The Badmail folder stores undeliverable messages that cannot be returned to the
sender. If a message has reached the retry limit and cannot be delivered to the
sender, a copy of the message is placed in the Badmail folder. Messages placed
in the Badmail folder cannot be delivered or returned. You should consider
making the task of reviewing the content of the Badmail folder a weekly task.
Why monitor the Over time, messages in the Badmail folder can build up. If you fail to monitor
Badmail folder? the Badmail folder, Exchange can run out of disk space, causing the Microsoft
Exchange Information Store service to shut down. You must establish policies
for monitoring the folder and removing messages after a certain amount of time
to prevent the Exchange Information Store service from shutting down. Also,
too many messages in the Badmail folder could indicate a security breach.
To configure the
location of the Badmail The steps for configuring the location of the Badmail folder are as follows:
folder 1. Select the virtual server whose Badmail folder you want to configure.
2. Use the Messages tab in the Properties dialog box of the virtual server to
specify the location of the Badmail folder.
Note By default, the Badmail folder is located in the virtual server’s home
directory. You may consider moving the location of the Badmail folder to a
separate drive from your Exchange databases and log files to prevent an
accumulation of messages in the folder from impacting your database and log
file storage.
To manage the Badmail The tasks for managing the Badmail folder are as follows:
folder
! Use Windows Explorer to check the contents of the Badmail folder for
messages that could not be delivered. A large number of undelivered
messages indicate delivery problems such as a DNS or network failure.
! Delete messages from the Badmail folder based on policies that your
company has established, such as deleting messages once a week.
Practice: Managing the In this practice, you will send undeliverable messages to your Exchange
Badmail folder organization by using a script, and then manage the messages in the Badmail
folder.
Important You must complete this practice to be able to complete subsequent

practices in this module.

1. In Exchange System Manager, browse to First Administrative Group\
Servers\London\Protocols\SMTP, and then expand SMTP.
2. In the console tree, right-click Default SMTP Virtual Server, and then
click Properties.
3. In the Default SMTP Virtual Server Properties dialog box, click
Delivery.
4. On the Delivery tab, in the Outbound area, configure settings as follows,
and then click OK.
a. First retry interval (minutes) = 1
b. Second retry interval (minutes) = 1
c. Third retry interval (minutes) = 1
d. Subsequent retry interval (minutes) = 1
e. Delay notification = 2 minutes
f. Expiration time-out = 2 minutes
5. Run the script titled 2400B_13_badmail.vbs, which is located in the
C:\MOC\2400\practices\Mod13 folder.
! To manage undeliverable messages

1. On your desktop, click Start, click Run, type C:\Program Files\
Exchsrvr\Mailroot\vsi 1\BadMail and then click OK.
2. Use Microsoft Notepad to view the contents of any messages with a .bad
extension that you are interested in, and then delete the contents of the
folder. Note that because of the retry intervals for the SMTP virtual server,
it will take several minutes for messages to appear in the BadMail folder.
You can view the status of message delivery by viewing the SMTP queue
on the London server.
3. Close Notepad and C:\Program Files\Exchsrvr\Mailroot\vsi 1\BadMail.
You changed the delivery settings on the default SMTP virtual server in
this practice to expedite an undeliverable condition for undeliverable
messages. In what circumstance will it be appropriate to modify the
delivery settings in a production environment?
Answers will vary. In general, you should identify reasonable
delivery times for your network and configure the delivery settings
accordingly. For example, on fast and permanent networks you
may want to reduce the amount of time for an undeliverable status
to occur. On very slow or intermittent connections, you may want
to increase the amount of time for an undeliverable status to occur.
How to Manage the Postmaster Mailbox

In Exchange, the postmaster account is an account that receives NDRs and is
used to send the delivery status of a message to the sender. By default,
Exchange 2003 creates the postmaster proxy address and assigns this address to
the user who created the Exchange organization. You may want to change this
default assignment to keep from exposing the name of your administrator
account to outside users.
Note Request For Comments (RFC) 2822 defines a reserved address for the
postmaster. For additional information on RFCs, see http://www.rfc-
editor.org/rfc.html.
To designate a specific user’s mailbox as the Postmaster mailbox for any local
SMTP domain that is created, you manually add the proxy
postmaster@localdomainname to the user’s list of SMTP proxy addresses.
To manage the The high-level tasks for managing the Postmaster mailbox are as follows:
Postmaster mailbox
! Determine whether to:
• Associate a single e-mail account with the postmaster, such as your Help
desk mailbox account.
• Create a dedicated postmaster account that will be used when NDRs are
sent.
! Delegate access to the postmaster’s mailbox to the appropriate support staff
if you are creating a dedicated postmaster account. Two ways of managing a
dedicated mailbox are to:
• Create a dedicated account and log on as that account by using an
Outlook profile, and respond to the account messages.
• Delegate Send As permissions on the account to the person who
typically manages the mailbox, and add the mailbox to their Outlook
profile.
! Establish a regular schedule, such as a weekly schedule, for reviewing and

responding to the delivery reports contained in the mailbox. For example,
you may want to respond to messages in which the e-mail alias is incorrect
and then notify the sender that they must update their records. The schedule
you establish should be based on your company’s requirements. Some
companies make this a daily task in an effort to reduce the number of e-mail
messages that are delivered to users who are no longer with the company,
while other companies make this a weekly or monthly maintenance task.
! Determine whether you want a copy of all NDRs to be sent to the
postmaster account.
To manually set an The high-level steps for manually setting an SMTP Postmaster mailbox to
SMTP Postmaster receive NDRs are as follows:
Mailbox to receive NDRs
1. Select the user account that you want to be the postmaster account.
2. Create an SMTP proxy address of postmaster@domain.msft (where
domain is the organization’s default domain name) for the user.
3. Define that address on the virtual server in the Send copy of Non-Delivery
Report to box.
Why change the origin By default, delivery status notifications come from the account that contains the
of delivery status postmaster@domain.msft SMTP address. In Exchange 2003, the account that
notification? originally contains the postmaster@domain.msft SMTP address is the account
that created the Exchange organization, typically the Administrator account.
The From line of the message contains the display name of that account.
You may want to either change the display name that appears on the delivery
status notifications, or have the delivery status notifications originate from a
different account by associating the postmaster address with a different user
account.
To change the account The high-level steps for changing the account from which delivery status
from which delivery notifications originate are as follows:
status notifications
originate 1. Select the Administrator account and remove the postmaster@domain.msft
SMTP proxy address from the account.
2. Locate the account that you want to make the new postmaster account, and
add the postmaster@domain.msft (where domain is your e-mail domain)
SMTP proxy address to the account.
3. Change the display name for the account if you want NDRs to come from a
name other than the original name on the account.
Any new delivery status notifications will originate from the display name of
the account that you associated with the postmaster e-mail address.
Note This change affects only delivery status notifications. This change does
not affect NDRs, delivery receipts, or read receipts. NDRs, delivery receipts,
and read receipts always originate from the System Administrator account.
Practice: Configuring In this practice, you will configure Exchange to deliver copies of NDRs to a
the Postmaster mailbox Postmaster mailbox.
that will receive NDRs
Important To complete the verification steps in this practice in a timely
manner, you must first complete the practice “Managing the BadMail folder,”
located earlier in this module.
! To remove the Postmaster proxy address from the Administrator

account
1. On 2400_London-Virtual PC, open Active Directory Users and Computers.
2. In Active Directory Users and Computers, browse to the Users
organizational unit, and then click Users.
3. In the details pane, right-click Administrator, and then click Properties.
4. In the Administrator Properties dialog box, click the E-mail Addresses
tab.
5. On the E-mail Addresses tab, click postmaster@NWTraders.msft, and
then click Remove. When prompted to confirm the removal of the e-mail
address, click Yes.
6. In the Administrator Properties dialog box, click OK.
! To create an account to be used as the Postmaster mailbox

1. In Active Directory Users and Computers, browse to Managed Objects\
IT Admin\IT Users.
2. In the console tree, right-click IT Users, point to New, and then click User.
3. In the New Object-User dialog box, type the following, and then click
Next.
a. In the First name box, type Postmaster
b. In the User logon name box, type Postmaster
4. In the Password and Confirm password boxes, type P@ssw0rd and clear
the User must change password at next logon check box, and then click
Next.
5. Verify that the Create an Exchange mailbox check box is selected, the
Server box is set to Northwind Traders/First Administrative Group/
London, and the Mailbox Store box is set to First Storage Group/
Mailbox Store (London), and then click Next.
6. Click Finish to create the postmaster account.
! To configure the virtual server to use the new postmaster mailbox

First Administrative Group\Servers\London\Protocols\SMTP, and then
expand SMTP.
3. In the console tree, right-click Default SMTP Virtual Server, and then
click Properties.
4. In the Default SMTP Virtual Server Properties dialog box, click the
Messages tab.
5. On the Messages tab, in the Send copy of Non-Delivery Report to box,
type Postmaster and then click OK.
! To verify that the postmaster mailbox will receive copies of

Non-Delivery Reports
1. If not already open, open Outlook Web Access by using Internet Explorer to
open the URL http://london/exchange/londonadmin. When prompted for
credentials, use nwtraders\londonadmin with a password of P@ssw0rd.
2. In Outlook Web Access, create a new message to
undeliverable@tailspintoys.msft, click Send, and then wait for a message
from System Administrator with a subject including the word
Undeliverable.
Note that because of the retry intervals for the SMTP virtual server, it will
take several minutes for NDR messages to be generated. You can view the
status of message delivery by viewing the SMTP queue on the London
server. You may also need to use the Check for new messages button on the
toolbar in Outlook Web Access.
First Administrative Group\Servers\London\First Storage Group\
Mailbox Store (London) Mailboxes, and then click Mailboxes.
4. In the details pane, locate the Postmaster account and verify that it contains
at least 1 item.
Why did you need to remove the postmaster@nwtraders.msft SMTP

proxy address from the Administrator account?
Technically, you did not need to do that. However, if you want to
use an account named postmaster (as you did in this practice), you
must remove the postmaster SMTP address from the
Administrator account because you cannot have two accounts with
the same SMTP address. By default, the account used to install
Exchange will include a secondary SMTP address of Postmaster.
Lesson: Performing On-Demand Exchange Maintenance

Introduction Over time, Exchange databases grow and can become fragmented, thereby
creating performance problems that will affect users. Inconsistencies in
Exchange databases can be resolved by using the tools and utilities that are
available in Exchange. In addition, you can monitor queues and the
performance of your Exchange servers to help identify normal and abnormal
trends. Typically, on-demand maintenance tasks that you perform are the result
of errors that have been reported by monitoring utilities or by users.
! Identify the on-demand maintenance tasks.
! Explain the purpose of defragmenting the database.
! Defragment mailbox and public folder stores.
! Explain how the Isinteg command-line tool verifies mailbox and public
folder store integrity.
! Verify the mailbox and public folder store integrity.
! Explain what to look for when checking queues.
! Explain guidelines for configuring a Performance console.
What Are the On-Demand Maintenance Tasks?

Even after performing daily and scheduled maintenance, you may be required
to perform some on-demand maintenance tasks to resolve performance issues.
If you are monitoring your servers daily, indicators of problems will be reported
by the utilities that you are using (such as errors in the event logs) or may be the
result of users placing support calls to your Help desk.
On-demand tasks The following list describes the on-demand maintenance tasks:
! Defragment mailbox and public folder stores. Over time, Exchange
databases can grow and can become noncontiguous storage, thereby
creating performance problems. You can defragment Exchange databases by
using Eseutil.exe. By defragmenting the databases, you can reduce their size
and create contiguous storage space.
! Verify mailbox and public folder store integrity. Inconsistencies in
Exchange databases can be resolved by verifying and repairing the integrity
of the database by using Isinteg.exe.
! Check queues. You can use queue viewer to monitor queues. This activity
allows you to identify normal and abnormal trends for messages that are
visible in the queues. Large amounts of messages backed up in the queue
can indicate a security threat, a spam attack, or a network performance
issue.
! Configure Performance console. You can configure System Monitor to
monitor the performance of your Exchange servers, so that you can
understand what is normal and what changes you can make to improve
performance.
Why Defragment the Database?

You perform an offline defragmentation to reduce the size of a database and to
create a new, defragmented version of the database. Because of tree
fragmentation, the original database may not accept messages fast enough to
keep up with the incoming volume. When this fragmentation occurs, an offline
compaction will create a new version of the database that is free from the
problems.
What is Eseutil? Eseutil is a command-line tool that is used to defragment the mailbox and
public folder stores in Exchange Server 2003. Eseutil examines the structure of
the database tables and records, which can include reading, scanning, repairing,
and defragmenting the low level of the database.
Which mode of Use the following table to determine when to use each of the modes of
operation to use operation of Eseutil.
Mode of operation Use the command to:
Eseutil /d Perform an offline compaction of a database.

Eseutil /r Perform a recovery and bring all databases to a consistent state.
Eseutil /g Verify the integrity of a database.
Eseutil /m Generate a formatted output of various database file types.
Eseutil /p Repair a corrupted or damaged database.
Eseutil /c Restore information.
Eseutil /k Verify the checksums of a database.
Eseutil /y Copy a database, streaming file, or log file.
Requirements for To be able to defragment a database:

defragmenting a
database ! The database must not be mounted.
! The free disk space must be at least 110 percent of the size of the database
being processed. If free space is not available on the volume where the
database resides, you must free up space or move the database to a volume
that has enough free space to enable Eseutil to run.
How to Defragment Exchange Stores

When you defragment a database, the defragmentation makes used storage
contiguous, eliminates unused storage, and compacts the database by copying
the database records to a new database. When the defragmentation is complete,
the original database is deleted or saved to a user-specified location, and the
new version is renamed as the original. Only one database in any storage group
can be defragmented at any given time. However, databases from separate
storage groups can be defragmented at the same time, as long as there are
resources available for the process.
To defragment a The high-level steps for defragmenting a database by using the Eseutil
database command-line tool are as follows:
1. Use Exchange System Manager to dismount the Exchange store that you
want to defragment.
2. At the command prompt, run eseutil /d.
For example, the following command runs the standard defragmentation utility
on a mailbox store database:
C:\exchsrvr\bin>eseutil /d c:\exchsrvr\mdbdata\firststore.edb
Note For more information about how to defragment Exchange databases, see
the article “How to Defragment Exchange Databases” on the Product Support
Services page of the Microsoft Web site at http://support.microsoft.com.
Detailed steps for defragmenting a database are in the practice that follows.
Practice: Defragmenting In this practice, you will use Eseutil.exe to defragment a mailbox store.
an Exchange store
1. In 2400_London-Virtual PC, on the menu, click PC, and then click Shut
Down.
2. In the Shut Down dialog box, click Save PC state and keep changes,
verify that the Commit hard drive changes now check box is selected, and
then click OK.
3. Restart 2400_London-Virtual PC.
Note This procedure may take 5 minutes to complete before you can
continue.
! To determine the size of the mailbox store before defragmentation

1. On 2400_London-Virtual PC, click Start, click Run, type C:\Program
Files\Exchsrvr\mdbdata and then click OK.
2. In the C:\Program Files\Exchsrvr\mdbdata window, record the size of the
file priv1.edb.
____________________________________________________________
! To defragment the store

1. Switch to Exchange System Manager. In Exchange System Manager,
browse to Administrative Group\First Administrative Group\Servers\
London\First Storage Group, and then expand First Storage Group.
2. In the console tree, right-click Mailbox Store (LONDON), and then click
Dismount Store.
3. In the Mailbox Store (London) warning box, click Yes to dismount the
mailbox store.
4. From your desktop, click Start, click Run, type cmd and then click OK.
5. At the command prompt, type cd \program files\exchsrvr\bin and then
press ENTER.
6. At the command prompt, type eseutil /d “c:\program files\exchsrvr\
mdbdata\priv1.edb” and then press ENTER.
7. View the output of eseutil in the command prompt window to verify that the
defragmentation completed successfully. Leave the command prompt
window open.
8. In Exchange System Manager, right-click Mailbox Store (LONDON),
click Mount Store, and then click OK to acknowledge that the mailbox
store was successfully mounted. If the mailbox store does not successfully
mount, close London-Virtual PC without saving changes, and then start
London-Virtual PC.
! To determine the size of the mailbox store after defragmentation

1. Switch to C:\Program Files\Exchsrvr\mdbdata.
2. In the C:\Program Files\Exchsrvr\mdbdata window, record the size of the
file priv1.edb.
____________________________________________________________
Did the size of the priv1.edb file change as a result of running

Eseutil.exe?
Yes, running Eseutil.exe removes the unused space from the
database and causes the database to occupy less space on a hard
disk. The size of priv1.edb is smaller after running Eseutil.exe.
How Isinteg Verifies the Exchange Store Integrity

Considerations for You must verify the Exchange store integrity when any of the following
verifying Exchange situations occur:
store integrity
! An item count on a mailbox is inconsistent. For example, if a mailbox
containing 150 messages reports its size as anything other than 150, some of
the counters and pointers in your mailbox store may be corrupt.
! You cannot move a mailbox. For example, if the Move Mailbox command
or Exmerge fails on a particular mailbox, the structure of the mailbox or of a
message inside the mailbox may be corrupt.
! The Exchange store or e-mail client computer crashes frequently. For
example, Outlook crashes repeatedly when a user tries to access a particular
message or mailbox. Running Isinteg may identify the cause of the errors.
What is Isinteg? Isinteg is a command-line tool that searches through an offline Exchange store
for integrity weaknesses. You can also repair issues that Isinteg detects. Isinteg
is run at a command prompt.
What happens when When you run Isinteg, it performs the following tasks:
Isinteg is run?
1. Checks to see whether the MSExchangeIS service is stopped, and then
Isinteg does one of the following:
• If the MSExchangeIS service is stopped, Isinteg displays the message
“Error: unable to get databases status from server. The reason could be
either wrong server name or networking problems,” and then Isinteg
stops.
• If the service is not stopped, Isinteg displays a list of databases to select
from on that server.
2. Browses all of the cross-reference tables for errors. For the cross-reference
tables, Isinteg builds an Exchange database, Refer.mdb, of reference counts
before Isinteg browses the tables.
3. Compares the counts found to the counts in the reference database. If Isinteg
is running with the -fix switch, these counts are updated to the true values,
as determined by Isinteg.
4. Performs the named to ID or named properties cleanup check to remove
unused named properties.
How to Verify the Exchange Store Integrity

The syntax for using the Isinteg command-line tool is as follows:
isinteg -s ServerName [-fix] [-verbose] [-l LogFilename] -test
TestName[[, TestName]...]
Use the following table to decide which switch to use when you run Isinteg.
Switch Use the switch to
-fix Fix any inconsistencies in your database.

-verbose Display a detailed report of issues that isinteg discovers.
-test TestName Define the tests that isinteg will perform when it runs (for
example, to perform all text available, use –test alltests, or to
test folders, use –test allfoldertests).
To run Isinteg The steps to run the Isinteg command-line tool based on a specific criteria are
as follows:
! To test the integrity of the Exchange store, at a command prompt, type
c:\program files\exchsrvr\bin>isinteg -s ServerName -test
alltests
For example, you can type exchsrvr\bin\isinteg -s Server1 -test

allfoldertests
! To fix inconsistencies and errors in the Exchange store, at a command
prompt, type
c:\program files\exchsrvr\bin>isinteg -s ServerName -fix
For example, type exchsrvr\bin\isinteg -s server1 -fix
Detailed steps for running Isinteg are in the practice that follows.
Practice: Verifying a In this practice, you will verify the integrity of a mailbox store by using
mailbox store by using isinteg.exe.
Isinteg.exe
1. In Exchange System Manager, browse to Administrative Group\
First Administrative Group\Servers\London\First Storage Group, expand
First Storage Group, right-click Mailbox Store (LONDON), and then
click Dismount Store.
2. In the Mailbox Store (London) warning box, click Yes to dismount the
mailbox store.
3. If the command prompt is not already open, on your desktop, click Start,
click Run, type cmd and then click OK. Then, at the command prompt,
type cd \program files\exchsrvr\bin and then press ENTER.
4. At the command prompt, type isinteg –s London –test allfoldertests and
then press ENTER.
5. When prompted to specify a number to select a database, type 3 and then
press ENTER to select Mailbox Store (LONDON). The number that is
associated with the Mailbox Store will vary depending on how many
Exchange stores you have created on your server.
6. When asked whether to continue with your selection of First Storage
Group / Mailbox Store (London), type Y and then press ENTER.
7. In the command prompt window, view the results of the test to verify that
no errors occurred, and then close the command prompt window.
8. In Exchange System Manager, browse to Administrative Group\
First Administrative Group\Servers\London\First Storage Group, expand
First Storage Group, right-click Mailbox Store (LONDON), and then
click Mount Store.
In what circumstances should you run Isinteg.exe?

You should run Isinteg.exe when:
" An item count on a mailbox is inconsistent, indicating that
some of the counters and pointers in your mailbox store may
be corrupt.
" You cannot move a mailbox, indicating that the mailbox or a
message inside the mailbox may be corrupt.
" The Exchange store or e-mail client computer crashes
frequently and running Isinteg may identify the cause of the
errors.
" You are unable to create any system, mailbox store, or public
folder store policies in your Exchange organization, indicating
that you may have a corrupt information store.
! To prepare for the next module

1. In 2400_London-Virtual PC, on the menu, click PC, and then click Shut
Down.
2. In the Shut Down dialog box, click Save PC state and keep changes,
verify that the Commit hard drive changes now check box is selected, and
then click OK.
3. Restart 2400_London.
What to Look for When Checking Queues

You use the queue viewer tool to maintain and administer your organization’s
messaging queues and to identify and isolate-mail-flow issues. As for all other
performance metrics, you must develop a queue baseline so that you can
identify the difference between normal behavior and abnormal behavior.
Typically, on-demand use of the queue viewer is the result of a support call
indicating that e-mail delivery is slow or a message has not been delivered.
What to check Use the queue viewer to check for the following items:
! Extended periods of queues. Unless an Exchange 2003 server handles an
extremely high volume of e-mail, the server will not usually acquire queued
messages for any extended duration. Having extended periods of queuing
typically indicates an abnormal system event that warrants your attention.
Review your performance metrics to see if some other performance issues
are causing e-mail to be queued. If not, look for connectors or servers that
are down or not functioning.
! Spikes in queued messages. Spikes in queued messages can occur when
someone sends:
• A message to a large distribution list.
• An extremely large message to many people.
• A message whose destination is across a slow network link.
These situations are not a cause for alarm. The cause for alarm is finding
hundreds of messages queued to:
• The same account. Having hundreds of messages queued to the same
account can be a symptom of a spam attack, e-mail loop, or a denial-of-
service (DoS) attack.
• A specific server or domain. Having many messages queued to a

particular server or domain indicates that a server is down, a service is
stopped, a domain is unreachable, or a network disruption is preventing
the system from establishing a connection.
If either of these situations exists, you must review your security for your
Exchange organization.
Guidelines for Configuring a Performance Console

You can configure System Monitor to monitor the performance of your
Exchange servers so you can understand what system behavior is normal and
what changes you can make to improve Exchange performance.
What are the basic You must be able to answer some basic questions about your system
questions about your environment, such as the:
environment?
! Number of messages received per user per day.
! Number of messages that are downloaded.
! Frequency with which users open folders.
! Number of additional users that servers can support.
! Peak delivery rate, the peak period during the day, and the peak day of the
week.
! Frequency of monthly or quarterly peaks, if any.
Guidelines for creating a To answer these basic questions, you must create a Performance console that
Performance console allows you to see the entire system environment and that also registers even
minor changes in the performance of your servers. The guidelines for creating a
Performance console are as follows:
1. Create a Performance console that has two different sample times, such as:
• 900 seconds for a 24-hour view
• 10 seconds to catch short-lived spikes
2. Include a minimal set of counters in each console, such as:
• Processor(_Total)\% Processor Time
• Process(store)\% Processor Time
• MSExchangeIS\RPC Requests
• MSExchangeIS\RPC Operations/sec
• PhysicalDisk(_Total)\Disk Transfers/sec
• SMTP Server\Local Queue Length
• SMTP Server\Messages Delivered/sec
• MSExchangeIS Mailbox\Local Delivery Rate
• MSExchangeIS Mailbox\Folder Opens/sec
• MSExchangeIS Mailbox\Message Opens/sec
3. Examine your busiest server. You must examine your busiest server to
understand why it is so busy and to understand what performance issues can
be resolved when the server does not perform as well as the other servers.
4. Save reference logs. By saving your log files you can develop historical
baseline data that will allow you to see what changes have occurred and
what you must accommodate for in growth over time.
Guidelines for using the Microsoft Operations Manager collects, filters, analyzes, reports and responds
Microsoft Operations to events and performance data that are generated by computers to a central
Manager and Exchange location. You can use Microsoft Operations Manager to automate the
Application Management monitoring of large numbers of servers and their applications to provide the
pack best level of service for client computers.
The Microsoft Exchange Application Management Pack includes key
performance metrics to monitor the overall performance of Exchange 2003, and
to alert you to critical performance issues. By using Microsoft Operations
Manager reporting, you can analyze and graph this performance data to
understand usage trends, perform accurate load balancing, and manage system
capacity.
The Exchange Application Management Pack is included with Exchange 2003.
Discussion: Performing Preventive Maintenance

Instructions Read the following scenarios and then discuss the possible solutions with the
class.
Scenario 1 Your company is growing and, as the messaging administrator, you have found
that you cannot keep up with the daily maintenance tasks. You have decided to
delegate some of the daily maintenance tasks to a coworker. You want to
delegate responsibility for service failures and Exchange store statistics. Which
specific daily monitoring tasks should you delegate to your coworker?
You should delegate the following tasks:
• Daily monitoring of Event Viewer to identify event information about
service failures, Active Directory replication errors, and low-disk-space
warnings.
• Checking Monitoring and Status daily to see connector status and
Exchange server status.
• Daily monitoring of Exchange and network services to detect problems
with services startup and Active Directory replication, and network
health.
• Daily reviewing of Exchange store statistics to determine whether the
Exchange store mounted, what users are logged on, the state of public
folder replication, and the state of full-text indexing.
________________________________________________________________
________________________________________________________________
________________________________________________________________
________________________________________________________________
Scenario 2 One user complains that when she sends an attachment to a particular user, she
receives a NDR. You suspect that the server that is used by the recipient has a
size limit for inbound messages. How can you determine what this size limit is?
Review the SMTP protocol log-file data for the response codes that the
receiving server returns after your server issues an EHLO command. Look
for the response code 250-SIZE xxxxxxxx, where xxxxxxxx is the maximum
message size that the server can accept.
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
Scenario 3 You are receiving unusual complaints from several users on one of your
Exchange stores. The complaint is that the counter for unread messages does
not accurately reflect the actual unread messages in their Inbox. You verify that
the users do not have a filter on their Inbox. What should you do next?
Use Isinteg to test the Exchange store integrity. Based on the information
that Isinteg provides, you may be required to perform a repair on the
Exchange store.
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
Scenario 4 Your company has many Exchange servers that you are responsible for
monitoring. To save time analyzing all of the logs on all the servers, you have
decided to identify the most important server to analyze. Which server must
you spend the most time analyzing, and why?
You must study your busiest server so that you can understand why it is
busier than the other servers. You can compare the performance data from
this server with your baseline data from other servers in your environment
to identify trends.
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
THIS PAGE INTENTIONALLY LEFT BLANK

Module 13: Performing Preventive Maintenance

Hochgeladen von

Dokumentinformationen

Originaltitel

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

Module 13: Performing Preventive Maintenance

Hochgeladen von

Copyright:

Verfügbare Formate

Module 13: Performing

 2003 Microsoft Corporation. All rights reserved.

Important It is recommended that you use PowerPoint 2002 or later to display

Preparation tasks To prepare for this module:

How to Teach This Module

Lesson: Performing Daily Exchange Maintenance

Lesson: Performing Scheduled Exchange Maintenance

Lesson: Performing On-Demand Exchange Maintenance

Discussion: Performing Preventive Maintenance

*****************************ILLEGAL FOR NON-TRAINER USE******************************

Lesson: Performing Daily Exchange Maintenance

*****************************ILLEGAL FOR NON-TRAINER USE******************************

What Are the Daily Maintenance Tasks?

*****************************ILLEGAL FOR NON-TRAINER USE******************************

Note The Microsoft Exchange Application Management Pack for Microsoft

Guidelines for Checking Logs

*****************************ILLEGAL FOR NON-TRAINER USE******************************

! Review protocol logs. Review the logging information in the SMTP,

Guidelines for Monitoring Services and Resources

*****************************ILLEGAL FOR NON-TRAINER USE******************************

MSExchangeIS\VM Largest Monitor this counter to see when it drops

Guidelines for Examining the Exchange Store Statistics

*****************************ILLEGAL FOR NON-TRAINER USE******************************

What to View in Event Viewer

*****************************ILLEGAL FOR NON-TRAINER USE******************************

Event ID 2064 and 2069 DSAccess problems caused by incorrect DNS

MSExchangeTransport View events recorded when SMTP is used to route

How to Monitor Event Viewer for Potential Issues

*****************************ILLEGAL FOR NON-TRAINER USE******************************

! To check Event Viewer for potential issues

6. In Exchange System Manager, expand Administrative Groups\

How to Check Monitoring and Status for Potential Issues

*****************************ILLEGAL FOR NON-TRAINER USE******************************

What Is Queue Viewer?

*****************************ILLEGAL FOR NON-TRAINER USE******************************

Find Messages Display messages in the queue or to search for messages

How to Monitor Queues for Potential Issues

*****************************ILLEGAL FOR NON-TRAINER USE******************************

Active Indicates that a link queue has an active connection. Requires no

Remote Indicates that the queue is waiting for a remote dequeue

Lesson: Performing Scheduled Exchange Maintenance

*****************************ILLEGAL FOR NON-TRAINER USE******************************

What Are the Scheduled Maintenance Tasks?

*****************************ILLEGAL FOR NON-TRAINER USE******************************

Guidelines for Generating Reports and Identifying Trends

*****************************ILLEGAL FOR NON-TRAINER USE******************************

Practice: Generating a In this practice, you will generate a performance report.

How to Review Protocol Logs for Potential Issues

*****************************ILLEGAL FOR NON-TRAINER USE******************************

Microsoft Internet The information is written to a comma-delimited

What Is HTTP Monitor?

*****************************ILLEGAL FOR NON-TRAINER USE******************************

Benefits of using The main benefits of using HTTPMon are as follows:

How to Monitor Outlook Web Access Servers for Potential Issues

*****************************ILLEGAL FOR NON-TRAINER USE******************************

How to Manage Mailbox Limits

*****************************ILLEGAL FOR NON-TRAINER USE******************************

No Checking Mailbox limits are not enabled for this mailbox.

Detailed steps for responding to oversized mailboxes are in the practice

1. In Exchange System Manager, browse to Administrative Groups\

Does running the mailbox management process cause all mailboxes to

How to Manage the Badmail Folder

*****************************ILLEGAL FOR NON-TRAINER USE******************************

*ILLEGAL FOR NON-TRAINER USE**

*ILLEGAL FOR NON-TRAINER USE**

*ILLEGAL FOR NON-TRAINER USE**

*ILLEGAL FOR NON-TRAINER USE**

*ILLEGAL FOR NON-TRAINER USE**

*ILLEGAL FOR NON-TRAINER USE**

*ILLEGAL FOR NON-TRAINER USE**

*ILLEGAL FOR NON-TRAINER USE**

*ILLEGAL FOR NON-TRAINER USE**

*ILLEGAL FOR NON-TRAINER USE**

*ILLEGAL FOR NON-TRAINER USE**

*ILLEGAL FOR NON-TRAINER USE**

*ILLEGAL FOR NON-TRAINER USE**

*ILLEGAL FOR NON-TRAINER USE**

*ILLEGAL FOR NON-TRAINER USE**

*ILLEGAL FOR NON-TRAINER USE**

*ILLEGAL FOR NON-TRAINER USE**

*ILLEGAL FOR NON-TRAINER USE**

*ILLEGAL FOR NON-TRAINER USE**

*ILLEGAL FOR NON-TRAINER USE**

*ILLEGAL FOR NON-TRAINER USE**

*ILLEGAL FOR NON-TRAINER USE**

*ILLEGAL FOR NON-TRAINER USE**

*ILLEGAL FOR NON-TRAINER USE**

*ILLEGAL FOR NON-TRAINER USE**

*ILLEGAL FOR NON-TRAINER USE**

*ILLEGAL FOR NON-TRAINER USE**

*ILLEGAL FOR NON-TRAINER USE**

*ILLEGAL FOR NON-TRAINER USE**