1. Managing Connectivity Logging
Connectivity logs record the connection activity of the outgoing message
delivery queues. A connectivity log tracks connection activity from the sending
queue to the destination Mailbox server, smart host, or domain. You can use both
the EMC and the EMS to configure connectivity logging in Microsoft Exchange
Server 2010. However, you must use the EMS to configure size and age
restrictions on the connectivity log files.
1.1. Enabling or Disabling Connectivity Logging
Connectivity logging is disabled by default on Hub Transport or Edge
Transport servers. To use the EMC to enable connectivity logging or disable
it if it has already been enabled, carry out the following procedure:
On an Edge Transport server, click Edge Transport. On a Hub
Transport server, expand Server Configuration and select Hub
Transport.
On the Actions pane, under
the Transport server you want to configure, click Properties.
On the Properties page, click the Log Settings tab.
In the Connectivity Log section, shown in Figure 1, either select Enable Connectivity Log
to enable connectivity logging or clear Enable Connectivity Log to
disable connectivity logging.
You can use the Set-TransportServer cmdlet to enable
or disable connectivity logging. For example, the following command enables
connectivity logging on the Hub Transport server VAN-EX1:
Set-TransportServer VAN-EX1 -ConnectivityLogEnabled $true
The following command disables connectivity logging on the Edge Transport
server DEN-EX2:
Set-TransportServer DEN-EX2 -ConnectivityLogEnabled $false
1.2. Configuring the Location of the Connectivity Log Files
By default, the connectivity log files are stored in the C:\Program
Files\Microsoft\Exchange Server\V14\TransportRoles\Logs\Connectivity
directory. You can change this location, but the directory must be local to
the Exchange Server 2010 computer.
To use the EMC to change the location of the
connectivity log files, carry out the following procedure:
Access the Log Settings tab of the hub or edge server Properties
page, as described in the previous procedure, where you enabled or
disabled connectivity logging.
In the Connectivity Log section, click Browse next to Connectivity
Log Path.
In the Browse For Folder window, browse to the new location where
you want to store the connectivity log files. If you want to create
a folder, select a parent folder, click Make New Folder, and then
type the name of the new folder. After you select or create a
folder, click OK to close the Browse For Folder window.
You can also use an EMS command to change the connectivity log file
location. For example, the following command changes the location of the
connectivity log file to C:\ConnectivityLogFile on the Hub Transport server
VAN-EX1:
Set-TransportServer VAN-EX1 -ConnectivityLogPath "C:\ConnectivityLogFile"
Note:
DISABLING CONNECTIVITY
LOGGING
If you set the value of the ConnectivityLogPath parameter to $null,
this effectively disables connectivity logging. However, this can
generate errors, and Microsoft does not recommend the procedure. If you
want to disable connectivity logging, you should instead set the value
of the ConnectivityLogEnabled parameter to $false, as described
previously in this lesson.
1.3. Changing the Maximum Size of Individual Connectivity Log Files and the
Connectivity Log Directory
The maximum size for each connectivity log file is by default 10 MB. When
a connectivity log file reaches its maximum size, Exchange Server 2010 opens
a new log file. This process continues until the connectivity log directory
reaches its specified maximum size or a connectivity log file reaches its
specified maximum age. After the maximum size or age limit is reached,
circular logging deletes the oldest connectivity log files.
If you want to change the maximum size of individual connectivity log
files, you need to use the EMS. You cannot use the EMC to perform this
function. For example, the following command sets the maximum size of any
connectivity log file on the hub server VAN-EX1 to 15 MB:
Set-TransportServer VAN-EX1 -ConnectivityLogMaxFileSize 15MB
Similarly, you can use the EMS but not the EMC to change the maximum size
of the connectivity log directory. The default maximum size for the
connectivity log directory is 250 MB. Circular logging deletes the oldest
connectivity log files when either the connectivity log directory reaches
its specified maximum size or a connectivity log file reaches its specified
maximum age. The size of individual
connectivity log files cannot be larger than the size of the entire
directory (in practice, the individual file size will be much less than the
directory size). The permitted range for both the individual log file size
and the directory size is 1 through 9,223,372,036,854,775,807 bytes.
To change the maximum size of the connectivity log directory on the Hub
Transport server VAN-EX1 to 300 MB, you would enter the following
command:
Set-TransportServer VAN-EX1 -ConnectivityLogMaxDirectorySize 300MB
1.4. Changing the Maximum Age of the Connectivity Log Files
You can use the EMS but not the EMC to change the maximum age of the
connectivity log files. The maximum age for any connectivity log file is 30
days by default. Circular logging deletes the oldest connectivity log files
when the connectivity log directory reaches its specified maximum size and
deletes a connectivity log file when that file reaches its specified maximum
age.
You can specify an age value by entering it as a time span using the
format dd.hh:mm:ss. The valid range for the
ConnectivityLogMaxAge parameter is 00:00:00 through 24855.03:14:07. Setting
the parameter value to 00:00:00 prevents the automatic removal of
connectivity log files because they have reached a maximum age, although the
oldest files will still be removed if the connectivity log directory reaches
its specified maximum size.
The following command changes the maximum age of the connectivity log
files on the Hub Transport server VAN-EX1 to 40 days:
Set-TransportServer VAN-EX1 -ConnectivityLogMaxAge 40.00:00:00
2. Managing Protocol Logging
Protocol logging logs the SMTP
communication between email servers that occurs as part of message delivery.
This traffic, known as SMTP conversations, occurs on Send connectors and Receive
connectors configured on computers running Exchange Server 2010 that have the
Hub Transport or Edge Transport server role installed.
Protocol logging is disabled on all Send and Receive connectors by default and
is enabled or disabled on a per-connector basis. All the Receive connectors on a
Hub Transport or Edge Transport server share the same protocol log files and
protocol log options. Similarly, all the Send connectors on a Hub Transport or
Edge Transport server share the same protocol log files and protocol log
options. The Receive connector protocol log files and protocol log options are
independent of the Send connector protocol log files and protocol log options on
the same server.
By default, the Exchange 2010 server uses circular logging to limit the
protocol logs based on file size and file age to help control the hard disk
space used by the log files. You can perform the following configuration tasks
for the protocol logs of all Send connectors or all Receive connectors on a
Transport server:
Specify the location of the Send or Receive connector protocol log
files.
Specify a maximum size for the Send or Receive connector protocol log
files. The default size is 10 MB.
Specify a maximum size for the directory that contains the Send or
Receive connector protocol log files. The default size is 250 MB.
Specify a maximum age for the Send or Receive connector protocol log
files. The default maximum age is 30 days.
2.1. Configuring the Intraorganization Send Connector
The intraorganization Send connector is a special Send connector that
exists on every Hub Transport server. It is implicitly created and invisible
and requires no management. The intraorganization Send connector is used to
relay messages to Exchange Server 2010 and Exchange Server 2007 Hub
Transport servers, to Exchange Server 2003 servers, and to Edge Transport
servers in the Exchange organization.
Protocol logging for the intraorganization Send connector is disabled by
default. The following EMS command enables protocol logging for the
intraorganization Send connector:
Set-TransportServer -IntraOrgConnectorProtocolLoggingLevel Verbose
The following command disables protocol logging for the intraorganization
Send connector if this has previously been enabled:
Set-TransportServer -IntraOrgConnectorProtocolLoggingLevel None
If the IntraOrgConnectorProtocolLoggingLevel
parameter of the Set-TransportServer cmdlet is set to
Verbose, logging occurs in the Send connector protocol logs configured on
the Hub Transport server. The information is written to the Send connector
protocol log specified by the SendProtocolLog parameter.
2.2. Protocol Log File Structure
The default locations for the protocol log files are as follows:
Receive connector protocol log files are located at C:\Program
Files\Microsoft\Exchange
Server\V14\TransportRoles\Logs\ProtocolLog\SmtpReceive
Send connector protocol log files are located at C:\Program
Files\Microsoft\Exchange
Server\V14TransportRoles\Logs\ProtocolLog\SmtpSend
The naming convention for log files in each protocol log directory is
prefixyyyymmdd-nnnn.log. The variables represent
the following information:
The variable prefix is SEND for Send
connectors or RECV for Receive connectors.
The variable yyyymmdd is the UTC date on
which the log file was created.
The variable nnnn is an instance number that
starts at the value of 1 for each day.
Information is written to the log file until the file size reaches its
maximum specified value. At this point, a new log file with an incremented
instance number opens. Circular logging deletes the oldest log files when
the protocol log directory reaches its maximum specified size or when a log
file reaches its maximum specified age.
The protocol log files are text files that contain data in CSV format.
Each protocol log file has a header that contains the following
information:
#Software
The software that created the protocol log file. Typically,
this value is Microsoft Exchange Server.
#Version
The version number of the software that created the protocol
log file. Currently, this value is 14.0.0.0.
#Log-Type
The log type value, which is either SMTP Receive Protocol Log
or SMTP Send Protocol Log.
#Date
The UTC date-time when the log file was created. This is in
the date-time format:
yyyy-mm-ddThh:mm:ss.fffZ, where
yyyy = year, mm =
month, dd = day, hh =
hour, mm = minute, ss
= second, fff = fractions of a second, and
Z signifies Zulu, which is another
designation for UTC.
#Fields
A comma-delimited list of names of the fields used in the
protocol log files.
The protocol log stores each SMTP protocol event on a single line. The
information stored on each line is organized into fields, separated by
commas.
A single SMTP conversation represents the sending or receiving of a single
email message. However, this generates multiple SMTP events that cause
multiple lines to be written to the protocol log. Multiple SMTP
conversations that represent the sending or receiving of multiple email messages can occur
simultaneously, which creates interspersed protocol log entries. You need to
use the session-id and sequence-number fields to identify protocol log
entries by SMTP conversation.
2.3. Analyzing External Message Traffic
Send and Receive connectors handle external messages. Protocol logging
records the SMTP conversations that occur between email servers as part of
message delivery. If protocol logging is enabled, you can use protocol logs
to generate reports on external message traffic. Protocol log files are in
CSV format and can be read by report generation software.
You can determine fairly easily how many mailbox-enabled users are
configured to use specific client protocols, for example, POP3, IMAP4, and
OWA. It is more difficult to discover how much network traffic is being
generated by these protocols. This requires a network monitoring tool such
as Network Monitor (Netmon.exe).
You can use EMS commands based on the Get-CASMailbox
cmdlet to list the client settings on a Client Access server.
You can specify parameters for the Get-CASMailbox
cmdlet to get client settings for a single mailbox or for all
mailbox-enabled users in an Active Directory OU. Also, the
Get-CASMailbox cmdlet supports the Filter
parameter, but properties such as OWAenabled and PopEnabled are not
filterable. Therefore, you need to capture the client settings details and
process the information in the report generation software or use the
where-object (?) cmdlet. For example, as mentioned
earlier in this lesson, the following command returns the client settings
for all the mailboxes that have OWA enabled on the server on which the
command runs:
Get-CasMailbox | ? { $_.OWAEnabled -eq $True }
2.4. Using the HTTP Monitoring Service
You can also generate reports specific to the OWA servers in your Exchange
organization by using the HTTP Monitoring (HTTPMon) service. Although this
utility has been around for some time, it remains a powerful tool for
monitoring websites and applications and, in particular, OWA servers. You
should be aware that HTTPMon exists, although it is not mentioned in the
examination objectives.
HTTPMon can check several websites, OWA servers, or applications
simultaneously and export the results to a log file in CSV format or to the
Windows Server event log. After you install HTTPMon, you need to run HTTPMon
Configuration Manager to configure global settings for your organization and
add the OWA servers you want to monitor and for which you need to generate
reports. HTTPMon runs a series of tests that generate CSV files that you
review and analyze to detect problems with your OWA servers. You can also
review the events logged by HTTPMon in Event Viewer.
2.5. Enabling and Disabling Protocol Logging
You can use the EMC or the EMS to
enable or disable protocol logging on connectors. The following procedure
describes how you enable use the EMC to enable protocol logging on a Hub
Transport server:
Expand Server Configuration in the Console tree and click Hub
Transport.
In the Result pane, select the server that has the Receive
connector that you want to modify and then click the Receive
Connectors tab.
Click the Receive connector you want to modify.
Under the name of the Receive connector in the Actions pane, click
Properties.
On the General tab, use the drop-down box next to Protocol Logging
Level to enable or disable protocol logging. Figure 2 shows
protocol logging being enabled for the Default VAN-EX2 Receive
connector on the VAN-EX2 Transport server.
The procedure to enable or disable protocol logging on Send connectors is
similar, except that to access Send connectors, you expand Organization
Configuration and click Hub Transport. You then click the Send Connectors
tab.
You can also use the EMS to enable or disable protocol logging on
connectors. For example, to enable protocol logging for the Default VAN-EX2
Receive connector, you would enter the following command:
Set-ReceiveConnector "Default VAN-EX2" -ProtocolLoggingLevel Verbose
To disable protocol logging for the Send
connector MySendConnector, you would enter the following command:
Set-SendConnector MySendConnector -ProtocolLoggingLevel None
You can use the EMS but not the EMC to enable or disable protocol logging
for the intraorganization Send connector. The following command enables
protocol logging for the intraorganization Send connector on the Hub
Transport server VAN-EX1:
Set-TransportServer -Identity VAN-EX1 -IntraOrgConnectorProtocolLoggingLevel Verbose
Note:
LOGGING LEVELS
The logging levels for protocol logging are Verbose and None. However,
for diagnostic logs used for troubleshooting, you can specify a number
of logging levels that control the events that are written to event
logs. Diagnostic logging levels are discussed later in this
lesson.
2.6. Changing the Location of Protocol Log Files
By default, the Receive connector protocol log files are located at
C:\Program Files\Microsoft\Exchange
Server\V14\TransportRoles\Logs\ProtocolLog\SmtpReceive, and the Send
connector protocol log files are located at C:\Program
Files\Microsoft\Exchange
Server\V14\TransportRoles\Logs\ProtocolLog\SmtpSend. The directory must be
local to the Exchange Server 2010 computer. You can use either the EMC or
the EMS to change these locations.
To use the EMC to change the location of the Receive connector protocol
log files on a Hub Transport server, carry out the following
procedure:
In the Console tree, expand Server Configuration and select Hub
Transport.
In the Actions pane, click Properties directly under the server
name.
Click the Log Settings tab in the Properties dialog box.
In the Protocol Log section, click Browse next to Receive
Connector Protocol Log File Path.
In the Browse For Folder window, shown in Figure 3, browse to
the new location where you want to store the Receive connector
protocol log files. If you want to create a folder, select a parent
folder, click Make New Folder, and then type the name of the new
folder. After you make your folder selection, click OK to close the
Browse For Folder window.
To change the location of the Send connector protocol log files on a Hub
Transport server, the procedure is similar, except that you click Browse
next to Send Connector Protocol Log File Path in the Protocol Log section of
the Log Settings tab.
You can also use the EMS to change the location of the Receive connector
and Send connector protocol log files and log directories. For example, to
set the Receive connector protocol log directory to C:\ProtolcolLogs\Receive
on the Hub Transport server VAN-EX1, you would enter the following
command:
Set-TransportServer -Identity VAN-EX1 -ReceiveProtocolLogPath C:\ProtocolLogs\Receive
To change the location of the Send connector protocol log files directory
to C:\ProtolcolLogs\Send on the Hub Transport server VAN-EX1, you would
enter the following command:
Set-TransportServer -Identity VAN-EX1 -SendProtocolLogPath C:\ProtocolLogs\Send
Note:
DISABLING PROTOCOL LOGGING
Setting the value of the SendProtocolLogPath parameter or
ReceiveProtocolLogPath parameter to $null disables protocol logging for
all Send connectors and all Receive connectors, respectively, on the
server. However, if you set either of these parameters to $null when
protocol logging is enabled on any Receive connector or any Send
connector, including the intraorganization Send connector, this can
generate event log errors.
Microsoft therefore recommends that you
disable protocol logging using the
Set-SendConnector or
Set-ReceiveConnector cmdlet to set the
ProtocolLoggingLevel parameter to None. You can also use the
Set-TransportServer cmdlet to set the
IntraOrgProtocolConnectorLoggingLevel parameter to None.
2.7. Configuring the Maximum Size of Protocol Log Files
The maximum size for each protocol log file is 10 MB by default. All
Receive connectors on a Transport server share the same protocol log files.
All Send connectors on the server share the same protocol log files.
However, the log files that the Receive connectors use are not the same as
the log files that the Send connectors use.
When a protocol log file reaches its maximum size, a new protocol log file
opens. This process continues until either the protocol log directory
reaches its specified maximum size or a protocol log file reaches its
specified maximum age. After the maximum size or age limit is reached,
circular logging deletes the oldest protocol log files.
You can use the EMS but not the EMC to set the maximum size of Receive
connector and Send connector protocol log files. For example, to set the
maximum size of Receive connector protocol log files to 15 MB on the Hub
Transport server VAN-EX1, you would enter the following command:
Set-TransportServer -Identity VAN-EX1 -ReceiveProtocolLogMaxFileSize 15MB
To set the maximum size of Send connector protocol log files to 20 MB on
the Edge Transport server DEN-EDGE1, you would enter the following
command:
Set-TransportServer -Identity DEN-EDGE1 -SendProtocolLogMaxFileSize 20MB
2.8. Configuring the Maximum Size of the Protocol Log Directory
The maximum size for the whole protocol log directory is 250 MB by
default. All Receive connectors on a Transport server share the same
protocol log directory, and all Send connectors on a Transport server share
the same protocol log directory. However, the Receive protocol directory is
not the same directory as the Send protocol log directory. Circular logging
deletes the oldest protocol log files when either the protocol log directory
reaches its specified maximum size or a protocol log file reaches its
specified maximum age.
You can use the EMS but not the EMC to configure the maximum size of the
Receive connector protocol log directory and the Send connector protocol log
directory. For example, to change the maximum size of the Receive connector
protocol log directory to 300 MB on the Hub Transport server VAN-EX2, you
would enter the following command:
Set-TransportServer -Identity VAN-EX2 -ReceiveProtocolLogMaxDirectorySize 300MB
To set the maximum size of the Send connector protocol log directory to
400 MB on the Hub Transport server VAN-EX1, you would enter the following
command:
Set-TransportServer -Identity VAN-EX1 -SendProtocolLogMaxDirectorySize 400MB
2.9. Configuring the Maximum Age of Protocol Log Files
The
maximum age for a protocol log file is 30 days by default. Circular logging
deletes the oldest protocol log files if either the protocol log directory
reaches its specified maximum size or a protocol log file reaches its
specified maximum age.
You can use the EMS but not the EMC to configure the age limit of the
Receive connector protocol log files and the Send connector protocol log
files. You specify an age value by entering it as a time span in the format
dd.hh:mm:ss, where dd = days,
hh = hours, mm = minutes, and
ss = seconds. The valid input range for this
parameter is 00:00:00 through 24855.03:14:07. Setting the value of the
ReceiveProtocolLogMaxAge parameter or the SendProtocolLogMaxAge parameter to
00:00:00 prevents the automatic removal of protocol log files because of
their age.
For example, to change the age limit of the Receive connector protocol log
files to 45 days on Edge Transport server DEN-EDGE2, you would enter the
following command:
Set-TransportServer -Identity DEN-EDGE2 -ReceiveProtocolLogMaxAge 45.00:00:00
To set the age limit of the Send connector protocol log files to 40 days
on the Hub Transport server VAN-EX2, you would enter the following
command:
Set-TransportServer -Identity VAN-EX2 -SendProtocolLogMaxAge 40.00:00:00
