12.3 Best practices for monitoring Exchange with Microsoft Operations Manager

Create test mailbox(es)

The MAPI logon, mail flow, mailbox statistics collection, and public folder statistics collection rules require an agent mailbox on each Exchange server. For Exchange clusters, you only need to create a test mailbox for the Exchange virtual server, not for each physical node. You do not need to (and cannot) create test mailboxes on front end Exchange servers because front end servers do not have mailboxes. The following procedure can be used to create a test mailbox account for each database on each Exchange server.

1. On a domain controller, start the Active Directory Users and Computers.

2. In the left pane, right-click on Users and select New →User to display the New Object – User dialog box.

3. In the Full name and User logon name fields, enter the name as <server >MOM. For example, if the server name is Exc14, then the test mailbox account should be Exc14MOM. If you have multiple database files on a server, you should add more test mailbox accounts with logon name <server >MOM#, where # can be any number or word. You must name the first test mailbox account as <server >MOM. Select Next to display the password information dialog box.

4. Enter information about the test mailbox account password, confirm the new password by retyping it, and select the password options for User cannot change password, Password never expires, and Account is disabled. The account is disabled because the MOM scripts only need the mailbox, not the test account. The scripts use the agent service account to access the mailbox. Select Next to continue.

5. Select the Create an Exchange mailbox check box to automatically create an Exchange mailbox using the alias, Exchange server, and Information Store shown in the Alias, Server, and Mailbox Store fields. For servers with multiple databases, you should create separate test mailbox accounts for each database. Select Next to display a dialog box summarizing the information you entered.

6. Verify that the information is correct and then select Finish to create the Windows test account and associated Exchange mailbox.

Grant mailbox rights to agent service account

The Exchange MOM scripts use the agent service account to access the mailbox. The following procedure can be used to give mailbox rights to the agent service account.

7. On a domain controller, start the Active Directory Users and Computers.

8. In the right pane, right-click the test mailbox account you just created and select Properties. Select the Exchange Advanced tab.

9. Select the Mailbox Rights button.

10. In the Group or user names window, select Add to add users to the list. Add the agent service account and select the Full mailbox access check box. Select OK to grant full mailbox access to the agent service account.

12.3.4 Tailor Microsoft Operations Manager to match your needs

Collecting and storing MOM events and performance data requires network bandwidth and database storage space. Responding to events and alerts requires human bandwidth. It makes no sense to collect more information than needed to manage your environment. You should tailor MOM to match your needs.

Auto-resolve information and success alerts

You should set the Auto resolve information Alerts and Auto resolve success Alerts values to a relatively short timeframe. Success and information alerts are just informational in nature and do not require operator action. Setting these auto-resolve times to 30 minutes will keep the alerts available for a short period in case an operator is interested but will quickly auto-resolve them to minimize the “noise” level for operators. The following procedure can be used to change these values.

1. Start the MOM Administrator Console from the Windows Start menu by selecting All Programs →Microsoft Operations Manager →MOM Administrator Console.

2. In the left pane of the MOM Administrator Console, select Microsoft Operations Manager →Configuration →Global Settings.

3. In the left pane, right-click on Global Settings and select Edit General Settings.

4. On the Database Grooming tab (Figure 12.28), select the value to change and select Edit.

   
   Figure 12.28: Global Settings – Database Grooming Settings

Configure alert resolution states

MOM is preconfigured with the resolution states shown in Figure 12.29. However, you should think about how your operations staff works and change the resolution states to fit your organization. Use the actual names of your support teams and change the SLA escalation times to match the way your organization works. The following procedure can be used to change these preconfigured values.

Figure 12.29: Global Settings – Alert Resolution States

1. Start the MOM Administrator Console from the Windows Start menu by selecting All Programs →Microsoft Operations Manager →MOM Administrator Console.

2. In the left pane of the MOM Administrator Console, select Microsoft Operations Manager →Configuration →Global Settings.

3. In the left pane, right-click on Global Settings and select Edit General Settings.

4. On the Alert Resolution States tab, select the value to change and select Modify.

Configure heartbeat frequency

The MOM agent on the managed server periodically sends a heartbeat message to the MOM server to let MOM know that the monitored server is still running and is connected to the network. By default, the agent sends a heartbeat message every 5 minutes (300 seconds). For Exchange servers, you should decrease the heartbeat frequency to 30 seconds. The following procedure can be used to configure the heartbeat frequency.

1. Start the MOM Administrator Console from the Windows Start menu by selecting All Programs →Microsoft Operations Manager →MOM Administrator Console.

2. In the left pane of the MOM Administrator Console, select Microsoft Operations Manager →Configuration →Global Settings.

3. In the left pane, right-click on Global Settings and select Edit Agent Settings (Figure 12.30).

   
   Figure 12.30: Global Settings – heartbeat

4. Change the heartbeat period to 30 seconds. Select OK.

Enable Service Availability Checking and Reporting

You also should consider if you want to use the following availability reports: Windows Service Availability by Computer, Windows Service Availability by Server, and Windows Service Availability by Service. These are part of the MOM functionality rather than the Exchange Management Pack and provide reports on service availability and computer availability. These generate considerable data. If you do not plan to use these reports, the following procedure can be used to save database disk space:

1. Start the MOM Administrator Console from the Windows Start menu by selecting All Programs →Microsoft Operations Manager →MOM Administrator Console.

2. In the left pane of the MOM Administrator Console, select Microsoft Operations Manager →Configuration →Global Settings.

3. In the left pane, right-click on Global Settings and select Edit Agent Settings (Figure 12.31).

   
   Figure 12.31: Global Settings – Service availability checking and reporting

4. On the Service Availability tab, clear the Enable service availability checking and reporting check box.

Enable logical disk counters

The data for the disk capacity rules come from the logical disk performance monitor counters. You must enable these counters on each monitored Exchange servers using the following procedure.

1. From a Windows command prompt, enter diskperf –Y.

2. Reboot the server.

Enable Message Tracking Logs for traffic analysis reports

The Report Collection – Message Tracking Log Data rule periodically collects, logs, and analyzes data from the Exchange message tracking logs. The traffic analysis reports use the collected data to produce reports detailing various aspects of the messaging traffic. To gather the data for these reports you must enable message tracking logs on each Exchange server using the following procedure.

1. Start ESM from the Windows Start menu by selecting All Programs →Microsoft Exchange →System Manager.

2. In the ESM left pane, select Administrative Groups →First Administrative Group →Servers.

3. Right-click on your server and select Properties. Select the General tab (Figure 12.32).

   
   Figure 12.32: Exchange Server Properties – message tracking

4. Select the Enable message tracking check box to enable message tracking for the server. Exchange will log the sender, the time the message was sent or received, the message size, the message priority, and message recipients for each message that travels through this server.

5. Select OK.

Set mail queue threshold values

The predefined thresholds should be adequate as a starting point for most performance-based rules. However, the mail queue thresholds will vary greatly depending on your traffic patterns. To determine the appropriate values for your environment, you should watch the queue length over a period. After gathering historical data, the following procedure can be used to set mail queue threshold values that are appropriate for your environment.

1. Start the MOM Administrator Console from the Windows Start menu by selecting All Programs →Microsoft Operations Manager →MOM Administrator Console.

2. In the left pane of the MOM Administrator Console, select Microsoft Operations Manager →Rules Processing Rule Groups →Microsoft Exchange Server 2003 →Health Monitoring and Performance Thresholds →Mail Queue Thresholds →Performance Processing Rules.

3. In the right pane, right-click the queue threshold rule you want to change and select Properties. Select the Threshold tab (Figure 12.33).

   
   Figure 12.33: Mail Queue Thresholds

4. Enter the new threshold value and select OK.

5. Repeat steps 3 and 4 as necessary to change threshold values for other queues.

12.3.5 Configure mail flow verification and services to monitor

Identify services to monitor on each Exchange server

The Service Verification Script periodically checks to determine whether Exchange services (e.g., MSExchangeIS, MSExchangeSA, MSExchangeMTA) are running. The management pack stores the list of services in a registry key, and before Service Pack 1, you had to use Regedit to enter the list of services. Microsoft included a new configuration utility in MOM Service Pack 1 that simplifies the customization of certain Exchange Management Pack features, including automating the process for designating the Exchange services to monitor. From the MOM server, this utility sets the Exchange-related registry keys on every Exchange server.

The following procedure can be used to specify the key services to monitor-on each Exchange server.

1. Start the Exchange MP Configuration Utility from the Windows Start menu by selecting All Programs →Exchange 2000 MP Configuration Utility.

2. Select All Servers in the left pane.

3. In the right pane, right-click on the server you want to monitor and select Properties to display the Management Pack Settings dialog box (Figure 12.34).

   
   Figure 12.34: Configuration Utility – Monitored services

4. In the Monitored Services window, select the check boxes for the services you want to monitor. Select OK.

Identify mail flow verification servers

The mail flow verification scripts periodically send mail between the test mailbox accounts and verify that the mail has been received. You must configure the sending and receiving servers to know where to send mail and from where to expect mail. The management pack stores this information in registry keys, and the configuration utility included in Service Pack 1 automates this process and eliminates the need to make manual registry modifications.

The following procedure can be used to specify the sending and receiving servers.

1. Start the Exchange MP Configuration Utility. Select All Servers in the left pane.

2. In the right pane, right-click on the appropriate server and select Properties to display the Management Pack Settings dialog box.

3. In the Send mail to window (see Figure 12.34), select the check box for the servers to which this server will send mail.

4. In the Expect mail from (select only one) window, select the check box for the server that will send mail to this server. Select OK.

Configure time interval for mail flow verification

Use the following procedure to configure the time interval for the mail flow verification tests for each sending and receiving Exchange.

1. Start the MOM Administrator Console from the Windows Start menu by selecting All Programs →Microsoft Operations Manager →MOM Administrator Console.

2. In the left pane of the MOM Administrator Console, select Microsoft Operations Manager →Rules →Processing Rule Groups →Microsoft Exchange Server 2003 →Availability Monitoring →Verify Mail Flow →Event Processing Rules.

3. Data Provider tab In the right pane, right-click the Send mail flow messages event processing rule and select Properties. Select the Data Provider tab (Figure 12.35).

   
   Figure 12.35: Mail flow – send mail flow messages

4. Select the desired provider with the type Timed Event and synchronize the provider. If necessary, create and synchronize a new provider. Select OK to configure the Send mail flow messages script.

5. In the right pane, right-click the Receive mail flow messages event processing rule and select Properties. Select the Data Provider tab (Figure 12.36).

   
   Figure 12.36: Mail flow – Receive mail flow messages

6. Select a timed event with the same frequency as the one selected for Send mail flow messages but synchronize at a different time.

7. Responses tab Select the Responses tab.

8. Select Exchange 2003 – Mail flow receiver and select Edit to display the Launch a Script dialog box.

9. Double-click the MAXSafeMissedRuns parameter (Figure 12.37), and enter the number of failed attempts to receive mail before generating an alert. The default is four attempts. Select OK.

   
   Figure 12.37: Mail flow – MAXSafeMissed Runs