Using Message Tracking


All versions of Exchange have had a message tracking facility and Exchange 2007 is no exception. The message tracking features have been nicely expanded in Exchange 2007 and give you access to more details of the message tracking log from the graphical user interface as well as the EMS.

If you have not used the message tracking facility before, you are missing out on a powerful diagnostics tool. When message tracking is enabled, each Exchange component that processes or moves a message within an Exchange organization logs an event that will include information about that message to the current server's message tracking logs.

Information is logged about message submission (SUBMIT), message transmission (SEND), message receipt (RECEIVE), distribution list expansion (EXPAND), and local delivery (DELIVER). From these events, you can track the progress of a message as it moves within your organization. You can track the progress of a message right up until the point that it leaves your organization, but you cannot track it once it is outside of your organization.

Introducing Message Tracking Logs

Let's first talk about the message tracking logs themselves. Administrators of earlier versions will recall that they had to enable message tracking for each server in their organization. In Exchange 2007, message tracking is configured for each Hub Transport server (since that is the server role that actually moves messages around). Message tracking is enabled by default and messages are retained for a maximum of 30 days. We can retrieve information about the message tracking log configuration for each server using the EMS cmdlet Get-TransportServer. The following is an example of retrieving the properties relating to message tracking for server HNLEX03. There are quite a few more properties for the transport server, but we are just interested in those relating to message tracking:

 Get-TransportServer "HNLEX03" | fl name,*track* Name                                    : HNLEX03 MessageTrackingLogEnabled               : True MessageTrackingLogMaxAge                : 30.00:00:00 MessageTrackingLogMaxDirectorySize      : 250MB MessageTrackingLogMaxFileSize           : 10MB MessageTrackingLogPath                  : C:\Program Files\Microsoft\ Exchange Server\TransportRoles\Logs\MessageTracking MessageTrackingLogSubjectLoggingEnabled : True 

There are a couple of important pieces of information in the output of Get-TransportServer. Most important is that it is enabled (MessageTrackingLogEnabled = True) by default and that the message tracking logs include subject logging (MessageTrackingLogSubjectLoggingEnabled = True), but also the following is true:

  • Message tracking logs are found in the C:\Program Files\Microsoft\Exchange Server\TransportRoles\Logs\MessageTracking folder.

  • Message tracking logs are retained for 30 days. After 30 days they are automatically deleted.

  • The maximum size of a message tracking log is 10MB

  • The maximum amount of space the message tracking logs can consume is 250MB

For servers with fewer than 500 average users, this is probably sufficient. However, for servers supporting larger numbers of users, you will want to increase the maximum log file size and the maximum amount of space the logs can consume. These can all be changed using the Set-TransportServer cmdlet. The following cmdlet will change the maximum log file size to 25MB, change the maximum directory size to 500MB, and change the tracking log folder to C:\TrackingLogs.

 Set-TransportServer "hnlex03" -MessageTrackingLogPath "C:\TrackingLogs"  -MessageTrackingLogMaxFileSize:25MB -MessageTrackingLogMaxDirectorySize:500MB 

Once you have executed this command, Exchange should automatically start using the new tracking log folder. However, the existing files will not be moved.

If you want to implement these settings for all Hub Transport servers, you can use the Get-TransportServer and Set-TransportServer cmdlets in the same command. The following command will set these settings for all transport servers:

 Get-TransportServer | Set-TransportServer -MessageTrackingLogPath "C:\TrackingLogs" -MessageTrackingLogMaxFileSize:25MB -MessageTrackingLogMaxDirectorySize:500MB 

Tracking a Message

Let's look at the actual message tracking feature. The graphical interface for the message tracking facility is part of the new Exchange Troubleshooting Assistant (shown in Figure 21.11).

image from book
Figure 21.11: Exchange Troubleshooting Assistant

You can launch the Exchange Troubleshooting Assistant and run either the Message Tracking or the Mail Flow Tools or you can run them separately from the Toolbox work center. The Message Tracking portion of the Exchange Troubleshooting Assistant is wizard driven. The first screen in the wizard is the Message Tracking Parameters screen, where you can narrow down the criteria of the message for which you are searching (see Figure 21.12).

image from book
Figure 21.12: Specifying the criteria for a particular message

Criteria for searching for a message include the sender, recipient, message ID, and subject. You can narrow the focus of the type of message using the EventID field, which allows you to designate the type of event you are looking for, such as Send, Receive, Submit, Transfer, Expand, DSN, and so on. Finally, you can narrow the focus even further by looking for messages sent only during a specific date and time range.

Once you have specified the criteria you want to use to search for a specific message, click Next and the wizard will search the messages that meet those criteria. Depending on the size of the message tracking logs and the number of servers that the messages will cross, the results might take a minute or two to generate. In a single-server environment, results are generated pretty quickly. A sample output is shown in Figure 21.13.

image from book
Figure 21.13: Viewing the message tracking results

One thing that is a bit annoying about this interface is that the results are not always sorted based on when they occurred. A quick solution to this is to click on the Timestamp column to get it to resort; the events may still not sort correctly if two events occur during the same second. The events you are seeing in Figure 21.3 illustrate that the following actions occurred:

  1. A message was submitted to the information store.

  2. The transport system received the message from the STOREDRIV (store driver).

  3. The message went through the message routing system.

  4. The messages was transmitted via SMTP.

If you click on one of the events in the message tracking results list and then click Next, the Message Tracking Parameters screen reappears with the specific criteria to track that particular message. Figure 21.14 shows a modified Message Tracking Parameters screen from which we could track that specific message. We can do so because this screen now includes the message ID.

image from book
Figure 21.14: Tracking a specific event

Notice at the bottom of the page the EMS command necessary to perform the message tracking using the Get-MessageTrackingLog cmdlet. If you select the EventID check box and include SEND in the criteria, you can look for one part of the message trace. In the following example, we have taken this search criteria and used the EMS to track the specific event in which the message was transmitted from the Hub Transport server to a remote server on the Internet:

 get-messagetrackinglog -Server "HNLEX03" -EventID "SEND" -MessageID "<C27B18ED17ABBB4CBFC6346F93820D1B26C8CA54DA@HNLEX03.volcanosurfboards.com>" -Start  "12/26/2006 9:09:00 AM" -End "12/26/2006 9:29:00 AM" | FL Timestamp               : 12/26/2006 9:19:20 AM ClientIp                : 192.168.254.19 ClientHostname          : HNLEX03 ServerIp                : 66.75.160.20 ServerHostname          : SourceContext           : 08C8F6B8CBFD8A6F ConnectorId             : E2K7 SMTP to Internet Source                  : SMTP EventId                 : SEND InternalMessageId       : 17 MessageId               : <C27B18ED17ABBB4CBFC6346F93820D1B26C8CA54DA@HNLEX03. volcanosurfboards.com> Recipients              : {JMcBee@cta.net} RecipientStatus         : {250 2.1.5 <JMcBee@cta.net> ... Recipient ok} TotalBytes              : 3611 RecipientCount          : 1 RelatedRecipientAddress : Reference               : MessageSubject          : Aloha and testing Sender                  : supatana@somorita.com ReturnPath              : supatana@somorita.com MessageInfo             : 12/26/2006 9:20:00 AM 

Probably the two most relevant properties of this particular event are the ServerIp property and the RecipientStatus property. The ServerIp property tells you the IP address of the remote server to which the message was sent. The RecipientStatus property tells you that the message recipient was accepted by the remote server.

Introducing Protocol and Connectivity Logs

Exchange 2007 provides a lot of options for logging and troubleshooting connectivity problems. Each Hub Transport server can be configured to track all connectivity to and from it and each Send connector or Receive connector can be configured to log inbound or outbound connections. The resulting logs are comma-delimited text files that can be read using any text editor or even imported into a database.

Configuring Connectivity Logging

Each Hub Transport server can be configured with connectivity logging. The connectivity log contains a record of all communications a particular Hub Transport server handled. This includes inbound and outbound SMTP communication as well as MAPI connections from Mailbox servers. Figure 21.15 shows a sample connectivity log. Connectivity log files all start with CONNECTLOG followed by the current date.

image from book
Figure 21.15: Sample connectivity log

In this log, you can see the outbound sessions and you can see the MAPI sessions to and from the Mailbox server (named hnlex03.volcanosurfboards.com in this log file). One column of interest in this log file is the direction column. There are four different characters that you may see in the direction column that indicate connections or direction of message flow. They are as follows:

+

Indicates a connection is being established either to a remote SMTP system or to a mailbox server.

-

Indicates a connection has been completed or disconnected.

>

A message is being sent outbound to a remote SMTP system.

<

A message is being received from a remote SMTP system.

Another interesting column to know about is the session-id column. The session ID is a globally unique identifier that will be the same for an entire SMTP session (it is blank for MAPI sessions). The cool thing about this is that the session ID corresponds to the session column in the Send and Receive logs.

Connectivity logging is disabled by default and must be enabled for any Hub Transport server on which you want to view the logs. To enable connectivity logging, you use the Set-TransportServer cmdlet. The following is an example for setting connectivity logging on server HNLEX03:

 Set-TransportServer "HNLEX03" -ConnectivityLogEnabled $True 

You could use the Get-TransportServer and Set-TransportServer cmdlets to enable connectivity on all Hub Transport servers as shown here:

 GetTransportServer | Set-TransportServer "HNLEX03" -ConnectivityLogEnabled $True 

As with message tracking logs, the logs are retained for 30 days, the maximum size of the log file directory is 250MB, and a maximum log file size is 10MB. The log files are found in the C:\Program Files\Microsoft\Exchange Server\TransportRoles\Logs\Connectivity folder.

You can view the connectivity log configuration using the Get-TransportServer cmdlet. The following is an example:

 Get-TransportServer hnlex03 | FL Name,*connectivity* Name                            : HNLEX03 ConnectivityLogEnabled          : True ConnectivityLogMaxAge           : 30.00:00:00 ConnectivityLogMaxDirectorySize : 250MB ConnectivityLogMaxFileSize      : 10MB ConnectivityLogPath             : C:\Program Files\Microsoft\Exchange Server\ TransportRoles\Logs\Connectivity 

You update or change this information using the Set-TransportServer cmdlet.

Configuring Send and Receive Logging

One big improvement with Exchange 2007 is the ability to narrow the scope of protocol logging to an individual connector only. With Exchange 2000/2003, if you were troubleshooting an SMTP connectivity problem, you enabled protocol logging for the SMTP virtual server. The protocol logs would contain all inbound and outbound SMTP information for all connectors that used that SMTP virtual server.

In Exchange 2007, each Hub Transport server has Send and Receive protocol logs, but these are enabled for each Send and Receive connector, not for the entire Hub Transport server. Let's start by looking at the properties of the Send and Receive logs using the Get-TransportServer cmdlet. By now, you are going to be familiar with the properties of these logs since they are almost identical to the properties of the connectivity and message tracking logs.

 C:\>Get-TransportServer "HNLEX03" | FL Name,*sendprotocol*,*receiveprotocol*,*intraorg* Name                               : HNLEX03 SendProtocolLogMaxAge              : 30.00:00:00 SendProtocolLogMaxDirectorySize    : 250MB SendProtocolLogMaxFileSize         : 10MB SendProtocolLogPath                : C:\Program Files\ Microsoft\Exchange Server \TransportRoles\Logs\ProtocolLog\SmtpSend ReceiveProtocolLogMaxAge           : 30.00:00:00 ReceiveProtocolLogMaxDirectorySize : 250MB ReceiveProtocolLogMaxFileSize      : 10MB ReceiveProtocolLogPath             : C:\Program Files\ Microsoft\Exchange Server\TransportRoles\Logs\ProtocolLog\SmtpReceive IntraOrgConnectorProtocolLoggingLevel : None 

These logs are kept for a maximum of 30 days, the maximum log file size is 10MB, and the maximum size of the log file directory is 250MB. The logs are found in separate directories in the C:\Program Files\Microsoft\Exchange Server\TransportRoles\Logs\ProtocolLog folder.

The one thing that you may notice is that there is not a parameter for enabling or disabling the Send and Receive logs. This is because the actual logging is enabled and disabled on a per-connector basis. For example, we have created a Send connector that delivers mail to the Internet called E2K7 SMTP to Internet; on the General property page (shown in Figure 21.16) of that connector, we can enable logging in the Protocol Logging Level drop-down list.

image from book
Figure 21.16: Enabling protocol logging for a Send connector

There are two choices for protocol logging on both Send and Receive connectors. The choices are None and Verbose. You can also set the logging level for Send and Receive connectors using the Set-SendConnector and Set-ReceiveConnector cmdlets. Let's first look at an example where the E2K7 SMTP to Internet Send connector has logging enabled:

 Get-SendConnector "E2K7 SMTP to Internet" | FL Name,*log* Name                 : E2K7 SMTP to Internet ProtocolLoggingLevel : None 

You can use the Set-SendConnector cmdlet to enable this connector to supporting logging.

 Set-SendConnector "E2K7 SMTP to Internet" -ProtocolLoggingLevel Verbose 

The same format of logging can be used to enable protocol logging for a Receive connector. One thing you do have to watch out for is whether you have more than one source server configured for the Send connector. When you configure a Send connector, you can configure more than one Hub Transport server to be a source server for the connector. This is done on the Source Server property page of the connector, shown in Figure 21.17.

image from book
Figure 21.17: Defining source servers for a Send connector

If you have more than one source server defined, an outbound SMTP message may be processed by any of them. This means that if you are troubleshooting a particular outbound message, you will need to check the Send protocol logs on all of these servers.

Another important point to note when reviewing protocol logs and debugging connectivity problems is that not all communication is logged to the Send protocol logs. All Hub Transport servers have a Send connector that is automatically created but is not visible. This implicit Send connector is used for internal delivery of e-mail between Hub Transport servers, Edge Transport servers, and Exchange 2003 servers. If you want the Hub Transport servers to log internal connectivity, you need to enable this on each Hub Transport server. This is the IntraOrgConnectorProtocolLoggingLevel property found on the Hub Transport server's properties page. Here is an example of enabling this type of logging for Hub Transport server HNLEX03:

 Set-TransportServer "HNLEX03" -IntraOrgConnectorProtocolLoggingLevel Verbose 

Alternatively, if you want to enable intra-organization logging for all Hub Transport servers, you could use this cmdlet:

 Get-TransportServer | Set-TransportServer -IntraOrgConnectorProtocolLoggingLevel Verbose 

While the intra-organization logging may be useful for troubleshooting, you might not want to keep this type of logging enabled all the time. If you need to globally disable intra-organization logging, here is a command that should do the trick:

 Get-TransportServer | Set-TransportServer -IntraOrgConnectorProtocolLoggingLevel None 

Now that you know how to enable and disable Send and Receive protocol logs, let's take a look at an actual log file. The text would not fit nicely here in the book, so Figure 21.18 shows an example of a Send protocol log.

image from book
Figure 21.18: Sample Send protocol log

A lot of the space in both the Send and Receive logs is taken up by the date-time, connector-id, session-id, and



Mastering Microsoft Exchange Server 2007
Mastering Microsoft Exchange Server 2007 SP1
ISBN: 0470417331
EAN: 2147483647
Year: 2004
Pages: 198
Authors: Jim McBee

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net