Logo
CAR REVIEW
Windows Vista
Windows 7
Windows Azure
Windows Server
Windows Phone
PREGNANCY
 
 
Windows Server

Microsoft Exchange Server 2010 : Introducing Journaling - Implementing Journaling, Reading Journal Reports

2/13/2014 3:46:29 AM

A lot of people confuse journaling, which is the process of capturing a set of communications for future use, with archiving, which is the practice of removing less frequently accessed or older message data from the message store in favor of a secondary storage location.

Archiving is all about getting stuff—usually older and bulkier messages and attachments—out of your mailboxes, so you can reduce the performance hit on your comparatively expensive Mailbox server storage systems and reduce your backup windows.

Journaling is record keeping; you're defining a set of users whose traffic you must keep track of, and Exchange dutifully captures faithful copies of every message they send or receive. As stated before, journaling is one of the main strategies that compliance and archival vendors use to get messaging data into their solutions.

Although you may not have any explicit applicable regulatory language that forces you to implement journaling, journaling can still be one of the easiest ways to meet the requirements you do have. As compliance becomes more of an issue, the ability to quickly and easily put your hands on complete and accurate records of messaging communications will become critical.

Exchange Server 2007 journaling capabilities are essentially identical to those in Exchange Server 2010. The base journaling mechanism used by Exchange 2010 is envelope journaling, which captures all recipient information (even Bcc: headers and forwards). However, you have two options for journaling:

  • Standard journaling (a.k.a. per-mailbox database journaling) uses the Journaling agent on Hub Transport servers to journal all messages sent to and from recipients and senders whose mailboxes are homed on specified mailbox databases.

  • Premium journaling (a.k.a. per-recipient journaling) also uses the Journaling agent on Hub Transport servers, but it's more granular. It offers you the ability to design journaling rules for groups or even specific users if need be.

You must have an Exchange Enterprise Client Access License (CAL) to use premium journaling.

1. Implementing Journaling

The Journaling agent, present on your Hub Transport servers, is responsible for detecting whether a given message falls under your journaling rules. When you use standard journaling, you enable it for an entire mailbox database. Any messages sent to or by recipients whose mailboxes are located on a journal-enabled database will be detected by the Journaling agent and copies will be sent to a designated journal recipient. This journal recipient can be another recipient in the Exchange organization—if it is an Exchange mailbox it must be dedicated to the purpose—or an SMTP address on another messaging system.

Journaling to an external recipient may seem like a crazy idea at first blush. However, this allows Exchange 2010 to be used with compliance and archival solutions that are not part of the Exchange organization or even with hosted solution providers.

If you use an external journal recipient, you should ensure that your SMTP transport connections to the external system are fully secure and authenticated.

When you use premium journaling, you create journal rules that define a subset of the recipients in your organization. Premium journaling rules are stored in the Active Directory and propagated to all Hub Transport servers, depending on the normal AD replication mechanism. The Journaling agent on the Hub Transport server detects that the rule matches a given message and again sends a copy of the message to the journal recipient. Premium journaling rules are found on the Hub Transport subcontainer of the Organization Configuration in the Exchange Management Console.

Journaling rules can have three scopes, which helps the Journaling agent decide whether it needs to examine a given message:

  • The Internal scope matches messages where all senders and recipients are members of the Exchange organization.

  • The External scope matches messages where at least one sender or recipient is an external entity.

  • The Global scope matches all messages, even those that may have already been matched by the other scopes.

To create a new journaling rule, run the New Journal Rule wizard found on the Actions pane.

This same operation can be performed by using the Exchange Management Shell and the following command:

New-JournalRule -Name 'Journal VIP mail' -JournalEmailAddress
'volcanosurfboards.com/Users/zz_VIP Mail Archive' -Scope 'Global'
-Enabled $True -Recipient 'VIPs@somorita.com'

1.1. Managing Journaling Traffic and Security

If you are using an internal mailbox as your journaling recipient, you should be aware that it may collect a large amount of traffic. Though you can use the same mailbox for all journal reports generated in your organization, you may need to create multiple mailboxes to control mailbox size and ensure that your backup windows can be maintained. If you are using the Unified Messaging role in your organization, you may not want to journal UM-generated messages such as voicemail because of the large amount of storage space it requires. (On the other hand, you may be required to preserve these types of messages as well as your regular email.)

Journaling mailboxes should be kept very secure and safe from everyday access because they may one day be material evidence in the event that your business is sued or must prove compliance to auditors.

To guard against the loss of journaling reports in the event of trouble within your Exchange organization, you can designate an alternate journaling mailbox. This mailbox will receive any nondelivery reports that are issued if your journaling recipient cannot be delivered to.

Unfortunately, you can configure only a single alternate mailbox for your entire organization. Not only can this cause performance and mailbox size issues, but your local regulations may prevent you from mixing multiple types of journal information in one mailbox.

Note that since the introduction of RMS interoperability with messaging and transport rules, it brings up some new issues, notably with journaling. Exchange Server 2010 now has the ability to decrypt and journal an unencrypted version of a message.

2. Reading Journal Reports

The journaling process creates a special Exchange message known as the journal report. This message is essentially a wrapper that contains a summary of the original message properties. It also contains a pristine copy of the original message that generated the report, neatly attached to the journal report.

The journal reports are designed to be human and machine readable, allowing you to automate processing of journal reports via a third-party application as well as perform manual checks on the data.

Table 1 shows the fields that Exchange 2010 places in the journal report.

Table 1. Exchange 2010 Journal Report Fields
FieldWhat It Contains
ToThe SMTP address of a recipient in the To header or the SMTP envelope recipient. If the message was sent through a distribution list, this field contains the Expanded field. If the message was forwarded, this field contains the Forwarded field.
CcThe SMTP address of a recipient in the Cc header or the SMTP envelope recipient. If the message was sent through a distribution list, this field contains the Expanded field. If the message was forwarded, this field contains the Forwarded field.
BccThe SMTP address of a recipient in the Bcc header or the SMTP envelope recipient. If the message was sent through a distribution list, this field contains the Expanded field. If the message was forwarded, this field contains the Forwarded field.
RecipientThe SMTP address of a recipient who is not a member of the Exchange 2010 organization, such as Internet recipients or recipients on legacy Exchange servers.
SenderThe sender's SMTP address, found either in the From or Sender header of the message.
On Behalf OfThe relevant SMTP address if the Send On Behalf Of feature was used.
SubjectThe Subject header.
Message-IDThe internal Exchange Message-ID.

Depending on your routing topology and journal rule configuration, you may receive multiple journal reports for a given message. This is not an error; it reflects the fact that any given Hub Transport server may not have a complete view of the organization, depending on AD replication, recipient caching, and other factors.

Other -----------------
- Microsoft Exchange Server 2010 : Setting Up Transport Rules (part 5) - Creating New Rules with the Exchange Management Shell
- Microsoft Exchange Server 2010 : Setting Up Transport Rules (part 4) - Creating New Rules with the Exchange Management Console
- Microsoft Exchange Server 2010 : Setting Up Transport Rules (part 3) - Selecting Actions
- Microsoft Exchange Server 2010 : Setting Up Transport Rules (part 2) - Selecting Conditions and Exceptions
- Microsoft Exchange Server 2010 : Setting Up Transport Rules (part 1) - Transport Rules Coexistence Between Exchange 2007 and 2010 , Transport Rules and Server Design Decisions
- Microsoft Systems Management Server 2003 : Analysis and Troubleshooting Tools - Using SMS Trace (part 2)
- Microsoft Systems Management Server 2003 : Analysis and Troubleshooting Tools - Using SMS Trace (part 1) - Obtaining SMS Trace
- Microsoft Systems Management Server 2003 : Analysis and Troubleshooting Tools - Using SMS Service Manager
- Microsoft Systems Management Server 2003 : Analysis and Troubleshooting Tools - Status Message Process Flow
- Microsoft Systems Management Server 2003 : Analysis and Troubleshooting Tools - Working with Status Message Queries
- Microsoft Systems Management Server 2003 : Filtering Status Messages (part 2) - Status Filter Rules
- Microsoft Systems Management Server 2003 : Filtering Status Messages (part 1) - Configuring Status Reporting Properties
- Exchange Server 2007 : Migrating from Windows 2000 Server to Windows Server 2003 (part 6) - Upgrading Domain and Forest Functional Levels
- Exchange Server 2007 : Migrating from Windows 2000 Server to Windows Server 2003 (part 5) - Moving Operation Master Roles
- Exchange Server 2007 : Migrating from Windows 2000 Server to Windows Server 2003 (part 4) - Replacing Existing Domain Controllers
- Exchange Server 2007 : Migrating from Windows 2000 Server to Windows Server 2003 (part 3) - Upgrading the AD Schema Using adprep
- Exchange Server 2007 : Migrating from Windows 2000 Server to Windows Server 2003 (part 2) - Upgrading a Single Member Server
- Exchange Server 2007 : Migrating from Windows 2000 Server to Windows Server 2003 (part 1) - Beginning the Migration Process
- Microsoft Systems Management Server 2003 : Understanding Status Summarizers (part 3) - Configuring Status Summarizers - Site System Status Summarizer
- Microsoft Systems Management Server 2003 : Understanding Status Summarizers (part 2) - Configuring Status Summarizers - Component Status Summarizer
 
 
Most view of day
- Using COM to Develop UMDF Drivers : Basic Infrastructure Implementation
- Microsoft Exchange Server 2010 : Introducing Journaling - Implementing Journaling, Reading Journal Reports
- Exchange Server 2007 : Leveraging the Capabilities of the Outlook Web Access Client - Getting to Know the Look and Feel of OWA 2007
- Microsoft Word 2010 : Proofing a Document - Finding and Replacing Text
- Microsoft PowerPoint 2010 : Animating Slide Content (part 5) - Animating Parts of a Chart, Animation Tips
- Windows Server 2012 : Installing and Managing Hyper-V in Full or Server Core Mode - Verifying Hyper-V requirements
- Maintaining Desktop Health : Understanding Windows Error Reporting (part 1) - Error Reporting Cycle, Report Data Overview
- System Center Configuration Manager 2007 : Operating System Deployment - Drivers
- Windows Server 2012 Group Policies and Policy Management - Group Policy Processing: How Does It Work?
- Windows Phone 8 : Working with the Windows Phone Software (part 3) - Adding an Album to Your Phone,Adding a Musical Artist to Your Phone
Top 10
- Windows Phone 8 : Scheduled Tasks - Scheduled Task API Limitations
- Windows Phone 8 : Scheduled Tasks - Updating Tiles Using a Scheduled Task Agent
- Windows Phone 8 : Scheduled Tasks - To-Do List Scheduled Task Sample (part 5) - Editing an Existing To-Do Item
- Windows Phone 8 : Scheduled Tasks - To-Do List Scheduled Task Sample (part 4) - Creating the To-Do Item Shell Tile, Saving a To-Do Item
- Windows Phone 8 : Scheduled Tasks - To-Do List Scheduled Task Sample (part 3) - Debugging Scheduled Tasks
- Windows Phone 8 : Scheduled Tasks - To-Do List Scheduled Task Sample (part 2) - TodoService, TodoItemViewModel
- Windows Phone 8 : Scheduled Tasks - To-Do List Scheduled Task Sample (part 1) - TodoItem,TodoDataContext
- Windows Phone 8 : Scheduled Tasks - Using Scheduled Tasks
- Windows Phone 8 : Scheduled Tasks - Background Agent Types
- Windows Phone 8 : Windows Phone Toolkit Animated Page Transitions - Reusing the Transition Attached Properties
 
 
Windows XP
Windows Vista
Windows 7
Windows Azure
Windows Server
Windows Phone
2015 Camaro