Using Message Tracking

Message tracking is a useful administrative tool; it allows you to see where a particular message is within your system, including when (or whether) it transited a bridgehead or connector server on its way to the outside world. Of course, message tracking can also help you keep an eye on mail traffic to or from specific users. In particular, because Exchange 2000 allows you to track messages by sender, recipient, subject line, date, time, or any combination, you can usually find what you’re looking for in short order.

Setting Up Message Tracking: A Quick Review

Message tracking is turned off by default, but any good Exchange administrator’s guide has complete instructions on how to turn it on and configure it. It’s worth a quick review here, though. Each server’s system attendant service tracks whether message tracking is enabled for that server. If it is, then each time the store processes a message for routing or delivery, an entry is generated in the current day’s tracking log, named using the format yyyymmdd.log. Tracking logs are stored in the Exchsrvr\ServerName.log directory. Each server automatically exports its tracking logs folder to a share named ServerName.log, which is how the Message Tracking Center can be used to track a message across multiple servers. By default, this share has permissions that grant Everyone read access on the logs. If you wish, you can set more restrictive permissions with two caveats. First, if you disable and re-enable message tracking, you’ll need to reset the permissions. Second, when you install Exchange in a cluster, Setup grants the Everyone pseudo-group Full Control permission—you’ll definitely want to change that. If you do, be sure to reset the permissions after failing the cluster from one node to another. During a failover, the Exchange resource digital link library (DLL) reapplies the default permissions.

The biggest problem most administrators have with message tracking is simple: they forget to enable it on some servers. For an accurate picture of message flow, you have to turn tracking on for all the servers that handle messages, including bridgeheads, mailbox servers, and connector servers. The second major problem is forgetting that the initial setting for the logging component causes it to purge log data after seven days. You can change this setting, but if you do, be forewarned that each message tracking log entry takes about 2 KB of disk space and that space usage can add up quickly on servers with high message volumes.

Tracking a Specific Message

You use the Message Tracking Center (under the Tools node in Exchange System Manager) to look for specific messages. Open the Message Tracking Center node, then right-click it and select the Track Message command. When the Message Tracking Center dialog box opens, you can search for messages by sender or recipient name, e-mail address, server name, the message subject, the name of a particular server, or the date and time when the message was processed. See Figure 9-3 for an example search. There’s nothing magic about using the message tracking interface: plug in the search criteria, click Find Now, and see whether any results appear. Notice that the search results don’t give you any way to read the message, but once you’ve located the messages you’re interested in you can search for them using the other tools described in this chapter.

Figure 9.3: You can search for messages by a variety of fields.