Copyright
©1996, Que Corporation. All rights reserved. No part of this book
may be used or reproduced in any form or by any means, or stored in a database
or retrieval system without prior written permission of the publisher except
in the case of brief quotations embodied in critical articles and reviews.
Making copies of any part of this book for any purpose other than your
own personal use is a violation of United States copyright laws. For information,
address Que Corporation, 201 West 103rd Street, Indianapolis,
IN 46290 or at support@mcp .com.
Notice: This material is excerpted from Special Edition Using Microsoft Exchange Server, ISBN: 0-7897-0687-3. The electronic version of this material has not been through the final proof reading stage that the book goes through before being published in printed form. Some errors may exist here that are corrected before the book is published. This material is provided "as is" without any warranty of any kind.
Microsoft Exchange Server is an intricate product that consists of many components, so it is important in any pilot or installation that you set aside enough time for planning and installation. Many tools exist that can help you plan and analyze a Microsoft Exchange Server installation. This chapter familiarizes you with some of the tools Microsoft Exchange provides for diagnosing and troubleshooting various components of Microsoft Exchange your organization.
The tools you learn about in this chapter include:
Tracking Exchange Messages
Tracking a message through a Microsoft Exchange system can be a powerful way of finding link malfunctions. Message tracking can assist support professionals in pinpointing the exact servers or links at fault. It can also be used to determine the quality of service of the Microsoft Exchange system in areas such as performance, round trips between two servers, alternate route setup and usage and reliability issues such as lost mail. Exchange provides tools to follow a message through its journey to verify transmissions at certain points of your organization. Here are some common uses for Exchange message tracking:
All message tracking information is stored by the system attendant on each server when tracking is enabled. The Exchange Server component that actually writes the entries to the log file is the System Attendant.
The location of this log is
Tracking logs are kept for an entire day and a new log is created the next day. Tracking must be enabled on each component through which the message flows occur.
For example, to track a message to a remote site connected via the Internet, you would need to enable MTA tracking on both Exchange sites and the Internet mail connector used at each site.
As explained earlier, Message tracking is a powerful tool to debug any problems with the Exchange System. Following is a discussion of how to enable Message Tracking on various Exchange Components:
Message tracking allows support professionals to view, sort and filter the information collected by each individual server or the messages sent, received and delivered by the server. Here is how you would use the Message tracking tools from the Exchange administrator program (see fig. 26.1).
Open the tracking tools from the Exchange Administrator program.
1. Choose Tools, Track Message from the administrator
program menu. The Connect to Server dialog box appears.
2. Choose a server in your site to connect to. Preferably, connect to a server with either the sender or recipient of the message you want to track in its address list. The Select Message to Track dialog box appears.
3. In the Select Message to Track dialog box, find the message you want to track. You are given the option to search for messages either by sender or recipients. (In this search tool, the sender or recipients must be listed in the address lists available to this Exchange server.)
4. If the recipients you need are not listed in the address book, or if you already have a Message ID to use for tracking, click cancel on this page and proceed to the advanced search page (see fig. 26.2).
Search for message either via sends or recipients (must be visible in the address book)
You can track a particular message identified in step3 above by using the Select Message to Track dialog box. This dialog box allows you to search for a message by either sender or recipient and can display the details of the message :
1. If you want to search for a message by its sender, click the From
button and select a sender from the address book.
2. If you want to search for a message by its recipients, click the
Sent To button and select a recipient (or group of recipients) from
the address book.
3. In the Look Back box, enter the number of previous
days you want to search for messages. Keep in mind that message tracking
must have been enabled on those days for a log to have been created.
4. To connect to a different Exchange server use the Browse
button.
5. When all of your parameters are set, click the Find Now button.
All tracking logs for the number of days selected will be searched sequentially.
The results are displayed in the bottom window (see fig. 26.3).
A successful search display the message matching your criteria in the bottom display window.
6. Select a found message from the list and click Properties
to view further property details about it (see fig. 26.4). Click Close
when you are done viewing the messages details to return to the Select
Message to Track dialog box.
The Message Properties dialog box shows you unique information about the messages your search found.
7. Click OK returns to the Message Tracking Center dialog box.
8. In the Message Tracking Center dialog box, the Message ID field is nowfilled in with the appropriate information from the selected message and
9. the Track button is now available.
Using the Message Tracking Center
The Message Tracking Center windows can trace a message (that are found in the search windows from the previus steps) through its path. It executes searches on all the message logs of the Exchange servers that handled it. This includes from the point it originated on an Exchange server (or entered the network through a connector or gateway) to the point it was delivered (or left the network).
Clicking the Track button in the Message Center dialog box (see fig. 26.5) performs the actual track on the message and fills in the information in the Tracking History box. The Tracking History box displays the steps taken in the process of delivering the message, including the action performed and the Exchange Server involved. A message's Tracking History is the sequence of steps taken to reach a destination.
The Message Tracking Center lets you search for a message in various ways, then trace its route once it is found.
Using the Message Tacking Center:
There are two parts to the Message Tracking Center, the message search utilities that also display message details, and the Tracking tools for those messages.
Once a message has been tracked, two additional buttons become available in the Message Tracking Center dialog. What follows below is a discussion of the first button--this button can search for messages and display message details :
1. The Message Tracking Search Parameters window displays the current
message resulting from the search (blank if none). Click Search
to bring up the Select a Message to Track dialog box (see above).
2. Click Advanced Search to find a message based on different
parameters. The dialog box in figure 26.6 appears.
Search for a message using more advanced parameters.
Selecting Sent by Microsoft Exchange Server from the Advanced
Search dialog box brings up the Select System Message to Track dialog box
(see fig. 26.7), which helps you find messages originating from core Microsoft
Exchange components. Typically these are warning and status messages from
the Exchange server to an administrator.
Search for a message by using more advanced parameters.
3. To search on a different Exchange server, use the Browse
button (see fig. 26.8).
4. Use the From pull-down menu to choose which Exchange component
(Directory, Information Store, System Attendant, Directory Synchronization
Agent) to scan for as the message originator.
Select an Exchange component that could have originated the message.
5. In the Look Back box, enter the number of previous
days you want to search for messages. Keep in mind that message tracking
must have been enabled on those days for a log to have been created.
6. When all of your parameters are set, click the Find Now button.
All tracking logs for the number of days selected will be searched sequentially.
The results are displayed in the bottom window.
7. Click OK to accept the found messages and return to the Message Tracking Center.
Choosing this search option from the Advanced Dialog Box lets you search for a message that originated outside your Exchange organization (see fig. 26.9). You can filter this search by selecting the connector or gateway that a message passed through to enter the system.
Find a message originating outside the organization.
1. If you want to search for a message by its sender, click the From
button and select a sender from the address book. Normally you will not
use option if the sender is not a custom recipient in the address list.
2. If you want to search for a message by its recipients, click the
Sen To button and select a recipient (or group of recipients) from
the address book.
3. Use the Transferred From pull-down menu to select a
connector in you site as the inbound gateway for the message you are searching
for.
4. In the Look Back box, enter the number of previous
days you want to search for messages. Keep in mind that message tracking
must have been enabled on those days for a log to have been created.
5. To connect to a different Exchange server use the Browse
button.
6. When all of your parameters are set, click the Find Now button.
All tracking logs for the number of days selected will be searched sequentially.
The results are displayed in the bottom window.
7. Click OK accept the found messages and return to the message tracking center.
If you know the message ID for a particular message, you can find it by selecting this option. A message ID can be found in various Exchange logs, message queues, and also in the Microsoft Exchange client (see fig. 26.10).
Search for a message by its Exchange Message ID.
1. Click Browse to select an Exchange server on your site on
which to search for the message.
2. Type (or paste if you've copied the message ID from a log file) the
message ID into the Message ID text box.
3. Enter a number of days to Look Back into a log file. Start
Date will display the first day to start looking for a message.
4. Click OK to search for the selected message and return to the Message Tracking Center.
After finding the message that meets your criteria, click Track
from the Message Tracking Center dialog box. Assuming all the necessary
tracking check boxes were activated, the display window will show you the
path of the selected message form the first instant it entered the Exchange
organization, to when it was delivered (or left the organization through
a connector or gateway).
You can view details about the message route by clicking and expanding the message view in the display window.
Additional Exchange Core Component Troubleshooting Tools
Following is a discussion of some of the Core Troublshottong Tools to diagnose problems with MS Exchange. These are: MTACHECK and ISInteg.
MTACheck is a support tool that assists the administrators in diagnosing the MTA queues. ISInteg is a support tool runs on an offline information store and checks consistency of the information store
If the MTA queues become corrupt or unable to process a message, it is possible for the MTA to be unable to start. In these situations, a utility called MTACHECK.EXE which can be found in the \exchsrvr\bin directory can be used to repair the problem.
MTACHECK.EXE will check the consistency of the MTA queues, check the integrity of all objects and if necessary, delete corrupt objects. Under most circumstances the MTACHECK.EXE program will resolve any issues with a problematic MTA.
A message transfer agent uses message queues to store messages. The queues are in essence databases that store messages awaiting delivery to their intended destinations. Occasionally, parts of these databases can become corrupt and cause message transfer errors. MTACHECK scans the queue database for damaged objects, removes, them from the queue, then rebuilds the message queue for correct operation.
MTACHECK can be used primarily in two types of situations:
MTACHECK places removed data in a directory called MTACHECK.OUT. The MTACHECK.OUT directory is created in the path: \EXCHSRVR\MTADATA\MTACHECK.OUT
The data files created in that directory and given the name: DB*.DAT
MTACHECK creates one file for each damaged piece of data removed.
When removing damaged message files from the queue, MTACHECK may remove messages that cannot be recovered.
MTACHECK is run from the Windows NT command line of the Exchange server you want to scan. The executable is located in the directory: driveletter:\EXCHSRVR\BIN\MTACHECK.EXE
First, you must manually stop the Message Transfer Agent Service before running this utility (MTACHECK will remind you if you forget). Then, delete the current contents of the MTACHECK.OUT directory. If it is the first time MTACHECK is run, the MTACHECK.OUT is not yet in existence.
The MTACHECK.OUT directory is automatically created when MTACHECK.EXE is run.
Use the following procedure to run MTACHECK on an Exchange server:
1. Stop the Message Transfer Agent service.
2. Remove or delete the contents of the MTACHECK.OUT directory.
3. Run MTACHECK.EXE from the Windows NT command line.
4. Analyze the results and restart the MTA service when appropriate.
Optional switches
Use these switches to modify the MTACHECK execution.
MTACHECK /v /f MTACHECK.LOG is an example of a command that uses both of these switches. It enables the verbose status display, and it stores that display in a file called MTACHECK.LOG.
The ISINTEG utility performs diagnostic and repair functions on the Exchange Information Store databases. This is a function similar to that performed by the MTACHECK utility.
Situations that would warrant use of this utility are
There are three main modes of operation for the ISINTEG:
ISINSTEG is run from the Windows NT command line of the Exchange server you want to scan. The executable is located in the directory:
Optional Switches
Use these switches to modify the ISINTEG execution.
| Switch | Description |
| -? | Displays this options list |
| -pri | Runs diagnostics on the private information store; by default, this is the test that will run |
| -pub | Runs diagnostics on the public information store |
| -fix | Runs diagnostics and corrects any errors that it can (also called Check & Correct) |
| -verbose | Displays more detailed diagnostic information |
| -l (filename) | Stores log information under a different file name; by default, INISTEG.PRI and INISTEG.PUB are the log files |
| -test testname,... | Runs a specific ISINTEG test; all available test can be viewed with the -? switch. |
Using Diagnostic Logging
Diagnostic logging is a tool that lets you zero in on messaging problems that plague you system. These logging settings are set in the Diagnostic Logging property page for each component. Diagnostics are logged into the Windows NT event logs, which can then be viewed with the NT Event Viewer.
The following Exchange components have a diagnostic logging property page for their pertinent system services:
The Diagnostic Logging property page for each Exchange server shows a unified list of that server's logging settings.
Categories are the various functions of each Exchange service. You specify various levels of logging on a per-category basis. Different categories within a service (or subcomponent of that service) can be logged separately to track a problem to a specific function.
Some services (for example the Information store) also have subcomponents. Subcomponents are logging subdivisions beneath each Exchange service. Each Subcomponents also has a set of categories that can be logged individually.
For example, the Information Store service (MSExchangeIS) has three subcomponents. Each subcomponent(System, Public, and Private) pertains to roles of that service. Each subcomponent also has a set of categories pertaining to its specific functioning. The three first categories of the Public subcomponent are
You would set a logging level for each category depending on the type of problem you are encountering.
Each Exchange component enables you to set various levels of logging. These levels determine what type and how critical an event must be before it is recorded. Every logging level includes events from the level above it. The following are the logging levels available for all Exchange components:
| None (level 0) | Log only critical events or error events. By default, this is set for every Exchange component |
| Minimum (level 1) | Log only very-high-level events. |
| Medium (level 2) | Log important sequences of events. |
| Maximum (level 5) | Log everything. This will log the complete operation of the service and even include certain lines of code from a service. Use only when you have narrowed the problem down to a couple of categories. |
*The level numbers pertain to what Windows NT defines the event to be.
Your decision to change logging levels should be based on tracking down a problem to a particular service and category. If you have a suspicion that a certain component is the culprit for a certain error, then start increasing logging levels gradually for a fewer number of categories.
For example, say that you are not properly receiving Internet mail anymore, yet all other type of messaging data is delivered without any problems. This would naturally suggest that you should increase the logging levels on all the categories of the Internet Mail Connector and not initially on the MTA or Information store. Then you proceed to narrow down the list of categories and increase the logging levels as you get closer to the source of the problem.
Use the high logging levels (maximum and medium) sparingly and only when you have narrowed down the problem to a few categories. These settings generate a large amount of events and tend to fill logging space quickly.
Using Windows NT Event Viewer
Anyone familiar with Windows NT administration will attest to the helpfulness of the Event Viewer. Whenever there is a problem on a server, this is always a good first way to look for it. This tool is invaluable for churning through the various Events generated by Microsoft Exchange's system services.
For review, an event is any notable incident within Windows NT operating environment. Critical events will trigger an immediate on-screen notification to the administrator. However, the more run-of-the-mill events are only logged. These need not necessarily be errors, just occurrence worth recording. Windows NT log three main types of events:
Which events are actually logged is determined by the logging levels set for each Exchange component.
Please refer to you Windows NT documentation for an in-depth explanation of the Event View. Also it will teach you the best way to use that tool to interpret the Events generated by Exchange's and other program's services
From Here...
This chapter familiarizes you with some of the tools Microsoft Exchange provides for diagnosing and troubleshooting various components of Microsoft Exchange in your organization.
For more information, read the following chapters:
For technical support for our books and software contact support@mcp.com
Copyright ©1996, Que Corporation