Maybe at some point in the past, messaging environments were overlooked for their importance in the organization. Not only has e-mail surpassed most methods of communication, it's now integrated into business workflows. Without it, you can lose time as you wait on important documentation, lose sales because leads are missed, or lose business because responses aren't received.
For any organization running Exchange 2000 or Exchange 2003, some of the most bang for the buck from MOM will come from utilizing the Exchange Server MP to monitor the messaging environment. There are certainly plenty of competitors in this space, but none will go to the level of depth that you can expect to find in this management pack. In fact, this management pack is arguably one of the most in-depth that Microsoft offers.
This is probably one of the most complex management packs to set up. Some of the other management packs covered usually require a few adjustments in thresholds or changes in script parameters. The Exchange Server MP, on the other hand, requires that you utilize an additional application to configure the Exchange servers themselves.
The Exchange Server management pack consists of the following files:
MicrosoftExchange2000Server.akm
MicrosoftExchangeServer2003.akm
MicrosoftExchangeServerReports.xml
As of this writing, the latest version number is 06.5.7385.0000. After downloading the management pack, extract the contents to a common location, and follow the steps in Chapter 8 to import the management pack. After importing the management pack, check the version number against the version number stated in the Management Pack and Product Connector Catalog.
No documentation is included in the management pack. However, the management pack guide can be located online at http://www.microsoft.com/technet/prodtechnol/mom/mom2005/maintain/empformom2005_1.mspx. Like the Active Directory MP, an additional technical reference is also available and located at http://www.microsoft.com/downloads/details.aspx?familyid=&displaylang=en.
Any organization that runs Exchange 2000 or Exchange 2003 requires Active Directory. Because the ADMP and the Exchange Server MP are probably some of the noisiest management packs to configure, the ADMP should first be installed, configured, and tuned before starting on the Exchange Server MP. After all, the basis of any healthy Exchange organization is a healthy Active Directory infrastructure.
This section covers the changes that should be made before and after the installation of the Exchange MP. This includes use of the Configuration Wizard and other configuration considerations for your Exchange deployment.
The items in this section are listed as optional because if the changes are not made prior to the deployment of the Exchange Server MP, the rules in the management pack will generate alerts that ask for these configuration changes to be made. With that in mind, these can be done before or after the management pack deployment. However, if the goal is to cut down noise out of the box, this should be done beforehand.
The IIS Lockdown Wizard should be run against any front-end server. The IIS Lockdown Wizard helps to identify any potential security holes and locks down optional components that may not be required for application. Care should be taken when running this utility because an incorrect configuration may stop other services from running properly.
For proper configuration of IIS Lockdown in an Exchange environment, see these Microsoft knowledge base articles:
How to install and use the IIS Lockdown Wizard (http://www.support.microsoft.com/?kbid=325864)
IIS lockdown and URLscan configurations in an Exchange environment (http://www.support.microsoft.com/?kbid=309508)
Without SSL enabled, the client to front-end server communication is not secure. For this reason, we highly recommend that you require SSL. To take this one step further, the ability to access the front-end server without SSL should be disabled.
Not to mention, the authentication method to front-end servers is through basic authentication. If you're not securing your front-end servers with SSL, user names and passwords are being sent clear-text. Additional information on configuring SSL can be located in the Front-End and Back-End Topology document at http://www.microsoft.com/technet/prodtechnol/exchange/2003/library/febetop.mspx.
If message tracking is enabled, any message handled by SMTP is automatically stored in a shared folder. This allows any Exchange administrator to view the information through Exchange System Manager (or by navigating to the share directly). If the Everyone group has permissions to this share, it should be removed. The Exchange Server MP will verify and alert if the Everyone group has permission to this share.
Note | The message tracking log files are located in %programfiles%\exchsrvr\<servername>.log. Note that <servername> is the name of the Exchange server. |
The Exchange Server MP will verify whether the SMTP directories are located on NTFS partitions. Because SMTP messages are not always secure, utilizing NTFS security can help secure the files. Other file systems aren't capable of being secured adequately. For that reason, move the SMTP directories to an NTFS partition.
Exchange, by default, does not relay messages unless it's submitted by an authenticated user. The Exchange Server MP will verify this setting and alert if Relay Restrictions allows anonymous relay.
The Exchange Server management pack requires additional configuration per server in order to monitor them properly. This is simplified using the Configuration Wizard utility. The Configuration Wizard doesn't come with the Exchange Server MP. Instead, it's a separate download located at http://www.microsoft.com/downloads/details.aspx?FamilyId=&displaylang=en.
Before running the Configuration Wizard, make sure that the following conditions are true:
The administrator running the Configuration Wizard has at least Exchange full administrator privileges for the Administrative Group they're going to configure.
Any Exchange servers that will be configured have the MOM agent installed.
Any Exchange servers that will be configured have the Remote Registry service enabled.
The configuration runs in two modes: default and custom. The default mode enables the following:
Messaging tracking
Exchange Information Store service monitoring
Exchange Management service monitoring
Exchange MTA Stacks service monitoring
Exchange System Attendant service monitoring
SMTP service monitoring
WWW Publishing service monitoring
Creation of MAPI logon test mailboxes
Server availability monitoring
The custom mode can be used to select all the features mentioned in the preceding list as well as to allow additional monitoring requirements to be defined. For example, the custom mode can be used to monitor availability per store instead of per server or add additional services that should be monitored as a part of the health of the Exchange service. Custom mode can also be used to disable monitored features such as mailbox availability or Front-End monitoring.
Both modes allow the customization of mail flow monitoring. This monitoring verifies that e-mail can flow from a designated sending server(s) to a designated receiving server(s).
Note | When running the Configuration Wizard, it's a good idea to select a like pair of servers. This will cut down on the configuration time per server. For example, you can select all of your Front-End Outlook Web Access servers and configure them with the same settings (because most likely the services and mail flow will be the same). |
If multiple Exchange servers require configuration, working through a wizard may make configuration a little time-consuming. To get around this, use ExchangeMPConfig.exe to import or export configurations from server to server. This utility is located in the %programfiles%\Exchange Management Pack\ Configuration Utility directory.
Note | We highly recommend that you configure an Exchange server first with Configuration Wizard. This ensures that the exported configuration is valid for use elsewhere. |
ExchangeMPConfig.exe supports the following switches:
Export configuration
/e <configfile.xml>: Exports a configuration to the file name specified.
/s <filter>: Specifies the name of servers to pull configuration from (supports wild-cards such as ∗ or ?).
/a <filter>: Specifies the name of an administrative group to pull configuration from (supports wildcards such as ∗ or ?).
Import configuration
/i <configfile.xml>: Imports and applies the specified configuration file.
/u <domain\username>: Specifies the Mailbox Access account name.
/p <password>: Specifies the password for the Mailbox Access account.
To display Exchange data in a topology view, the Microsoft Exchange Topology Discovery Computers Computer Group must be updated to include any Exchange server (2000 or 2003) in the Active Directory forest. The Computer Group uses static membership only. Simply add the computer to the Included Computers tab. This computer will run the ExchangeTopology Discovery Script.
This management pack consists of the following:
Attributes | ExchangeService |
MS ADC | |
MSADC Version | |
MSADC Service Installation | |
MSExchange Instant Messaging Server | |
MSExchangeServer | |
MSExchangeServerVersion | |
Computer Groups | Microsoft Exchange 2003 Active Directory Connector Servers |
Microsoft Exchange Installed Computers | |
Microsoft Exchange Instant Messaging Server | |
Microsoft Exchange Server 2000 | |
Microsoft Exchange Server 2000 Frontend | |
Microsoft Exchange Server 2003 Backend | |
Microsoft Exchange Server 2003 Frontend | |
Microsoft Exchange Topology Discovery Computers | |
Notification Groups | Mail Administrators |
All Computer Groups (except for the Microsoft Exchange Topology Discovery Computers) associate agent membership through formula evaluations.
This section lists all Exchange Server MP scripts that have parameters that can be defined. Some of the scripts for Exchange Server 2003 are duplicates of the Exchange 2000 Server scripts and for that reason have been left out of this list. Refer to the 2000 version in this list to see the available parameters. When viewing this list, you should gain a deeper understanding of how these scripts work to help manage the Exchange environment.
This script is used by the computers that are members of the Microsoft Exchange Topology Discovery Computers to gather topology information that is displayed in the Exchange topology view.
Name | Description | Value |
---|---|---|
enableSMTPandSiteConnectorDiscovery | Discovers SMTP and site connector information if value is set to true | False |
This script checks the free space on all drives (as well as Log and Queue drives separately) by percentage and megabytes available and generates alerts based on warning or error level thresholds.
Name | Description | Value |
---|---|---|
MBErrorAll | For all disks—free megabytes threshold for error alert | 400 |
MBErrorLog | For Log disks—free megabytes threshold for error alert | 1000 |
MBErrorQueue | For Queue disks—free megabytes threshold for error alert | 1000 |
MBWarningAll | For all disks—free megabytes threshold for warning alert | 1000 |
MBWarningLog | For Log disks—free megabytes threshold for warning alert | 5000 |
MBWarningQueue | For Queue disks—free megabytes threshold for warning alert | 5000 |
PercentErrorAll | For all disks—% free space threshold for error alert | 2 |
PercentErrorLog | For Log disks—% free space threshold for error alert | 5 |
PercentErrorQueue | For Queue disks—% free space threshold for error alert | 5 |
PercentWarningAll | For all disks-% free space threshold for warning alert | 2 |
PercentWarningLog | For Log disks-% free space threshold for warning alert | 5 |
PercentWarningQueue | For Queue disks-% free space threshold for warning alert | 5 |
The Check mailbox store status script checks to see if a mailbox store is online.
Name | Description | Value |
---|---|---|
LogMailboxStoreStatus | Enables mailbox store status logging (0 disables, 1 enables) | 0 |
The Check services state script checks to see if specified services are running. The list of services is specified by the Configuration Wizard.
Name | Description | Value |
---|---|---|
LogServiceState | Enables service state logging (0 disables, 1 enables) | 0 |
This performs the same action as the Check services state script.
Name | Description | Value |
---|---|---|
LogServiceState | Enables service state logging (0 disables, 1 enables) | 0 |
This script collects mailbox statistics up to the specified number in MaxEntries.
Name | Description | Value |
---|---|---|
Mailbox | Suffix of the mailbox names used to perform logons to MAPI sessions | MOM |
MaxEntries | Number of entries collected (0 collects all) | 200 |
The script collects message tracking log statistics up to the specified number in MaxEntries.
Name | Description | Value |
---|---|---|
MaxEntries | Number of entries collected (0 collects all) | 200 |
This script collects mailbox statistics up to the specified number in MaxEntries.
Name | Description | Value |
---|---|---|
Mailbox | Suffix of the mailbox names used to perform logons to MAPI sessions | MOM |
MaxEntries | Number of entries collected (0 collects all) | 200 |
The script installs the Exchange Help Object on Exchange servers.
Name | Description | Value |
---|---|---|
MsiPackageGuid | GUID of the ExchMPObj.msi | {} |
MsiPackagePath | Relative path to MSI package from MOM installation directory | MPHelper\ExchM\PObj.msi |
This script verifies mail flow from a specified server. The servers are specified by the Configuration Wizard.
Name | Description | Value |
---|---|---|
LatencyThreshold | Alert generated if mail flow message delivery exceeds this threshold (in seconds). | 60 |
MaxNegativeLatency | Clock synchronization problems below this limit are ignored. | 30 |
MaxSafeMissedRuns | Specified number of times script will attempt to receive mail flow message prior to alerting. | 4 |
MAPI logon verification checks the mailbox and server availability by logging on through MAPI.
Name | Description | Value |
---|---|---|
LogPerfData | Enables result logging to a performance counter (0 disables, 1 enables) | 0 |
This script verifies the circular logging settings are either enabled or disabled based on the VerifyThisCircularLoggingState parameter.
Name | Description | Value |
---|---|---|
CheckOnlyBackEndServers | Enables result logging to a performance counter (0 disables, 1 enables) | 1 |
VerifyThisCircularLoggingState | Verifies either enabled or disabled state of circular logging (0 disabled, 1 enabled) | 0 |
If logs aren't truncating, then most likely, backups aren't completing. This script checks the date of the log files against the date of Max_Days_Old value to determine if an alert should be generated.
Name | Description | Value |
---|---|---|
Max_Days_old | Specifies the number of days old that log files should not exceed | 2 |
This script checks whether Message Tracking is enabled. CheckOnlyBackEndServers can be used to limit the scope for which this script checks.
Name | Description | Value |
---|---|---|
CheckOnlyBackEndServers | Specifies whether the script should check only back-end servers (0 disabled, 1 enabled) | 1 |
This script checks the count of messages in the remote SMTP queue.
Name | Description | Value |
---|---|---|
NumberOfMessages | Specifies the threshold for the number of messages in the remote SMTP queue before an alert occurs | 200 |
This script checks Exchange servers for the presence of the hotfixes in the HotfixIDs parameters.
Name | Description | Value |
---|---|---|
HotfixIDs | List of hotfixes (comma delimited) to check for on Exchange servers | Q300972 |
Verifies EAS availability.
Name | Description | Value |
---|---|---|
LogPerfData | Enables result logging to a performance counter (0 disables, 1 enables) | 0 |
Verifies OMA availability.
Name | Description | Value |
---|---|---|
LogPerfData | Enables result logging to a performance counter (0 disables, 1 enables) | 0 |
Verifies OWA availability.
Name | Description | Value |
---|---|---|
LogPerfData | Enables result logging to a performance counter (0 disables, 1 enables) | 0 |
As the description states, this script verifies if SSL should be required. The parameter ListOfServersExcludedFromSSLRequiredAlert (take a breath) can be used to specify a list of servers to be excluded from this check. This list should be comma delimited. Override criteria can be used to achieve the same effect.
Name | Description | Value |
---|---|---|
ListOfServersExcludedFromSSLRequiredAlert | Enables result logging to a performance counter (0 disables, 1 enables) | 1 |
No tasks are available with this management pack.