As an Exchange administrator, you should routinely monitor event logs,
services, servers, and resource usage. These elements are the keys to
ensuring that the Exchange organization is running smoothly. Because you
can't be on-site 24 hours a day, you can set alerts to notify you when
problems occur.
1. Viewing Events
System and application
events generated by Exchange Server are recorded in the Windows event
logs. The primary log that you'll want to check is the application
log. In this log, you'll find the key events recorded by Exchange
Server services. Keep in mind that related events might be recorded in
other logs, including the directory service, DNS server, security, and
system logs. For example, if the server is having problems with a
network card and this card is causing message delivery failures, you'll
have to use the system log to pinpoint the problem.
You access the application log by completing the following steps:
Click Start, point to All Programs, point to Administrative Tools, and then select Event Viewer. If
you want to view the logs on another computer, in the console tree,
right-click the Event Viewer entry, and choose Connect To Another
Computer from the shortcut menu. You can now choose the server for which
you want to manage logs. Double-click the Windows Logs node. You should now see a list of logs. Select the Application log, as shown in Figure 1.
Entries in the main panel of
Event Viewer provide an overview of when, where, and how an event
occurred. To obtain detailed information on an event, select its entry.
The event level precedes the date and time of the event. Event levels
include the following:
Information An informational event, generally related to a successful action Warning Details for warnings are often useful in preventing future system problems Error An error such as the failure of a service to start
In addition to level, date, and time, the summary and detailed event entries provide the following information:
Source The application, service, or component that logged the event. Event ID An identifier for the specific event. Task Category The category of the event, which is sometimes used to further describe the related action. User The user account that was logged on when the event occurred. Computer The name of the computer on which the event occurred. Description In the detailed entries, this provides a text description of the event. Data In the detailed entries, this provides any data or error code output created by the event.
Use the event entries to detect
and diagnose Exchange performance problems. Exchange-related event
sources include the following:
Microsoft Forefront Protection Helps you track activities related to Microsoft
Forefront Protection and licensed anti-spam/antivirus engines. Watch
for errors related to signature file updates for the anti-spam and
antivirus engines. If you've improperly configured Microsoft Forefront
Protection, or if Microsoft Forefront Protection is unable to access the
Internet to retrieve updates, you'll see update errors. You'll see
additional errors from the GetEngineFiles source because there are no
updates to process. Additional related sources for Microsoft Forefront
Protection include FSCController, FSCMonitor, FSCRealtimeScanner,
FSCStatisticsService, FSCTransportScanner, FSEIMC, and FSEMailPickup. MSExchangeIS, MSExchangeIS Mailbox Store, MSExchangeIS Public Store
Help you track activities related to the Microsoft Exchange Information
Store service, mailbox databases, and public folder databases. If a
user is having problems logging on to Exchange, you might see multiple
logon errors. You might also see lots of logon errors if someone is
trying to hack into an Exchange mailbox. ESE Helps you track activities related to the Extensible
Storage Engine (ESE) used by Exchange ServerWatch for logging and
recovery errors, which might indicate a problem with the database
engine. If you want to track the status of online defragmentation, look
for Event ID 703. MSExchangeADAccess
Helps you track activities related to the Exchange Active Directory
Provider, which is used for retrieving information for Active Directory
and performing the DNS lookups that Exchange uses to locate domain
controllers and global catalog servers. Watch for topology discovery
failures and DNS lookup failures, which can indicate problems with the
DNS configuration as well as with the Active Directory site
configuration. MSExchange Anti-Spam Update
Helps you track activities related to Windows Update. When you've
configured Microsoft Exchange to use Microsoft Update to retrieve
anti-spam updates, watch for errors regarding update failure. You might
need to change the Microsoft Update configuration or the way updates are
retrieved. MSExchange Assistants, MSExchangeMailboxAssistants
Help you track activities related to the Microsoft Exchange Mailbox
Assistants service. The Microsoft Exchange Mailbox Assistants service
performs background processing of mailboxes and public folder data.
Watch for processing errors, which can indicate database structure
problems. Additional related sources include MSExchangeMailboxAssistants
and MSExchangeSA. MSExchange EdgeSync, MSExchangeEdgeSync Help you track activities related to the Edge Synchronization processes. The Microsoft Exchange EdgeSync
service uses the Exchange Active Directory Provider to obtain
information about the Active Directory topology. If the service cannot
locate a suitable domain controller, the service fails to initialize and
edge synchronization fails as well. MSExchange Messaging Policies
Helps you track activities related to messaging policies, including
transport rules, journal rules, and address rewrite. Watch for load
failures, which can indicate a configuration problem that needs to be
resolved. MSExchangeIMAP4, MSExchange IMAP4 service, MSExchange IMAP4, MSExchangePOP3, MSExchange POP3 service, MSExchange POP3, MS Exchange OWA
Help you track activities related to IMAP4, POP3, and Outlook Web App
(OWA), respectively. Keep in mind Outlook Anywhere requires the RPC Over
HTTP Proxy component. If you enable Outlook Anywhere but don't install
this component, you'll see errors for the MSExchange RPC Over HTTP
Autoconfig source stating that this component is not installed or is not
configured correctly. Additional related sources include MSExchange
IMAP4 service and MSExchange POP3 service. MSExchange TransportService, MSExchange Unified Messaging Help you track activities related to the Microsoft Exchange Transport service and the Microsoft Exchange Unified
Messaging service, respectively. Watch for errors that can indicate
configuration issues. For example, if you haven't created a dial plan,
you'll see errors for the MSExchange Unified Messaging service.
Additional related sources include MSExchangeTransport,
MSExchangeServiceHost, and MSExchangeMailSubmission. MSExchangeFDS, MSExchange OAB Maintenance Help you track activities related to the Microsoft Exchange File Distribution service. This service is responsible for synchronizing
offline address books (OABs) and generating related files for
distribution. Watch for errors regarding synchronization and directory
generation. The Microsoft Exchange File Distribution service generates
OAB data in a subfolder of the OAB Distribution share. By default, this
share is located under %SystemDrive%\Program Files\Microsoft\Exchange
Server\ExchangeOAB. The Exchange Servers group must have read access to
the share, the directory, and subdirectories of the directory. If for
some reason the automatically generated directory is not created, you
should create the required directory. The related error message provides
the expected directory name.
2. Managing Essential Services
Most of Exchange
Server's key components run as system services. If an essential service
stops, its related functionality will not be available and Exchange
Server won't work as expected. When you are troubleshooting Exchange
Server problems, you'll want to check to ensure that essential services
are running as expected early in your troubleshooting process. To manage
system services, you'll use the Services node in the Computer
Management console. You can start Computer Management and access the
Services entry by completing the following steps:
Select Computer Management in the Administrative Tools folder. If you want to manage the services
on another computer, right-click the Computer Management entry in the
console tree, and select Connect To Another Computer on the shortcut
menu. You can now choose the system whose services you want to manage. Expand the Services And Applications node, and then select Services.
As Figure 2 shows, you'll now see the available services. Services are listed by
Name The name of the service. Description A short description of the service and its purpose. Status The status of the service. If the entry is blank, the service is stopped. Startup Type The startup setting for the service. Log On As The account the service logs on as. The default in most cases is the local system account.
Tip:
Any service that has a startup
type of Automatic should have a status of Started. If a service has a
startup type of Automatic and the status is blank, the service is not
running and you should start it (unless another administrator has
stopped it to perform maintenance or troubleshooting).
If a service is stopped and
it should be started, you need to restart it. If you suspect a problem
with a service, you might want to stop and then restart it. To start,
stop, or restart a service, complete the following steps:
Access the Services node in the Computer Management console. Right-click the service you want to manage, and then select Start, Stop, or Restart, as appropriate.
After you start or restart a
service, you should check the event logs to see if there are errors
related to the service. Any related errors you find might help you
identify why the service wasn't running.
|
