Export (0) Print
Expand All
Expand Minimize

Microsoft Exchange Server Best Practices Analyzer Tool Troubleshooting Connectivity Problems

 

Topic Last Modified: 2005-11-02

By Paul Bowden.

This document provides troubleshooting steps and guidance for investigating connectivity issues reported by the Microsoft® Exchange Server Best Practices Analyzer Tool. In most situations, it is recommended that you install and run the Exchange Server Best Practices Analyzer from a workstation rather than the Exchange server itself. When running the graphical user interface, the Exchange Server Best Practices Analyzer detects the presence of the Active Directory® directory service and provides a list of Exchange servers to scan (this is called the scope). The Exchange Server Best Practices Analyzer then remotely connects to each server in the scope and collects information. When the collection is complete, the data is automatically analyzed.

If the Exchange Server Best Practices Analyzer cannot establish a connection to the server during the collection phase, an error will be reported in the status bar. Depending on the nature of the issue, the Exchange Server Best Practices Analyzer may give up on further attempts to access that server, or it may continue to attempt the next request as defined in the Exchange Server Best Practices Analyzer XML file. The Exchange Server Best Practices Analyzer never retries a failed query; it simply logs it and moves on.

The default scan type for the Exchange Server Best Practices Analyzer is the Health Check. This scan collects server configuration data and displays a list of issues found. After the Health Check starts, the progress of each server is displayed.

ExBPA Server Scanning Progress Screenshot
  • The green check icon indicates that the server responded to requests and that data was collected successfully.

  • The yellow warning icon indicates that the server could be contacted, but not all data was collected successfully. This warning usually indicates that, although the tool could query the registry of the server, other requests such as WMI or metabase queries failed.

  • The red error icon indicates that the server could not be contacted at all.

If the Exchange Server Best Practices Analyzer reports a connectivity problem (that is, a red error icon), it is best to narrow down the issue by using the Connectivity Test scan. You can set the scope so that only the Exchange servers in question is tested.

Screenshot of ExBPA Server Scan Type Drop Down

The following process occurs during the Connectivity Test. For each server in scope, the Exchange Server Best Practices Analyzer does the following:

  1. Reads the data value for the cn attribute of the Exchange server object in Active Directory. This attribute is the Exchange server name that you see in Exchange System Manager. Note that this will always be the short server name and not the fully qualified domain name (FQDN).

  2. Reads the data value for the ncacn_ip_tcp property name of the networkAddress attribute on the Exchange server object in Active Directory. For Exchange 2000 Server and Exchange Server 2003 (including clusters), the data value will be the FQDN of the server. For Exchange Server 5.x, the data value will be the short server name.

  3. Attempts to resolve both the short server name and FQDN using DNS. The resolution is performed using the DNS collector, which is built into the Exchange Server Best Practices Analyzer engine. The DNS server used for the resolution is based on the DNS settings of the workstation where the Exchange Server Best Practices Analyzer runs. If the Exchange Server Best Practices Analyzer cannot resolve the FQDN, it uses the short server name for future requests to this server. Additionally, you will see the following warning in the Full Issues List after the Connectivity Test has completed.

     

    Warning icon yellow triangle and exclamation point

    DNS name resolution failure

  4. Opens the following registry key to read the value of CurrentVersion:

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion

    This registry path is well-known and should exist on every version of Microsoft Windows®. If the Exchange Server Best Practices Analyzer cannot open the key and or read the value, a red error icon is displayed in the server progress bar when running the Connectivity Test. Additionally, you will see the following error in the Critical Issues List after the Connectivity Test completes.

     

    Icon representing error status

    Exchange: Registry could not be accessed

    This issue is fatal to the Exchange Server Best Practices Analyzer. If a server cannot be accessed through the well-known registry path, no further calls for data collection are made to this server.

  5. Makes a WMI call to the Win32_ComputerSystem class to enumerate the computer name, number of processors, and amount of physical memory. This call tests that basic WMI functionality is available. If the Exchange Server Best Practices Analyzer cannot at a minimum find the name of the computer, a yellow warning icon is displayed in the server progress bar when running the Connectivity Test. Additionally, you will see the following error in the Full Issues List after the Connectivity Test completes.

     

    Icon representing error status

    WMI could not be accessed

    noteNote:
    It is typical for servers running Windows NT® 4.0 to fail the WMI test. In this situation, the Exchange Server Best Practices Analyzer shows the yellow warning icon in the server progress bar, but the warning in the Full Issues List will be suppressed.
  6. Uses the performance data helper (pdh) library to read the following performance counter:

    Object: MSExchangeIS

    Counter: RPC Operations/sec

    Reading these counters verifies that the Exchange Server Best Practices Analyzer can sample performance monitor data when the Health/Performance Check scan is used. If the counter cannot be accessed, you will see the following error in the Full Issues List when the Connectivity Test completes.

     

    Icon representing error status

    Performance data could not be accessed

  7. Makes a WMI call to the Exchange_DSAccessDc class to enumerate the list of domain controllers and global catalog servers currently in the DSAccess topology. The FQDN of each Active Directory server is stored in an array for later use (duplicates are filtered).

After the Exchange Server Best Practices Analyzer has gone through each Exchange server in the scope, it dumps the names of the Active Directory servers in the array. Note that Active Directory servers are not displayed in the Exchange Server Best Practices Analyzer server progress window, but the status bar shows the current server that is being scanned. The Exchange Server Best Practices Analyzer then attempts to establish whether a connection can be made to the Active Directory servers that Exchange Server communicates with. The Health Check scan uses similar logic to scan the configuration of domain controllers and global catalog servers to ensure that they are properly optimized for Exchange server use. For each Active Directory server, the Exchange Server Best Practices Analyzer does the following:

  • Opens the following registry key to read the value of CurrentVersion:

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion

    This registry path is well-known and should exist on every version of Microsoft Windows. If this registry path fails to open, you will see the following error in the Critical Issues List after the Connectivity Test completes.

     

    Icon representing error status

    AD: Registry could not be accessed

    This issue is fatal to the Exchange Server Best Practices Analyzer. If a server cannot be accessed through the well-known registry path, no further calls for data collection are made to this server.

  • Makes a WMI call to the Win32_ComputerSystem class to enumerate the computer name, number of processors, and amount of physical memory. This call tests that basic WMI functionality is available. If the Exchange Server Best Practices Analyzer cannot at a minimum find the name of the computer, you will see the following error in the Full Issues List once the Connectivity Test completes.

     

    Icon representing error status

    AD: WMI could not be accessed

In larger organizations, the Exchange administrator may not have administrator-level access to the Active Directory servers. In the grand scheme of things, the quality of the Exchange Server Best Practices Analyzer report will not be severely diminished if calls to individual Active Directory servers fail. The main check that the Exchange Server Best Practices Analyzer performs here is to see whether the /3GB switch has been set properly. If the Exchange administrator does not have permissions on Active Directory servers, a different set of credentials (specific to Active Directory access) can be specified before the Exchange Server Best Practices Analyzer scan starts.

If the Exchange Server Best Practices Analyzer reports that a server is unreachable, you should concentrate on understanding why remote registry calls are failing. First of all, after the Connectivity Test has been run, switch to the Run Time Log. This log shows you the exact error message returned by the collector during server processing.

Screenshot of ExBPA Drop Down Showing Run Time Log

If the Run Time Log shows Access Denied or Security Error during the attempt to access the registry, the connectivity issue is related to permissions. In this case, verify that the account that is being used has administrator equivalent access to the server. If administrator-level access has been granted, check the following registry key to ensure that the LOCAL SERVICE account has at least read permissions on this key:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurePipeServers\winreg

If the Run Time Log shows The RPC server is unavailable, check that the Remote Registry service is running on the server.

noteNote:
This service must be running even when the Exchange Server Best Practices Analyzer runs on the server itself.

If the Run Time Log shows The network path cannot be found during the attempt to access the registry, then a general connectivity issue exists. This message can be caused by a number of problems, which the following sections discuss.

From the Exchange Server Best Practices Analyzer workstation, try to ping the server in question to see whether it responds. Try both the short name and FQDN to ensure that name resolution is working properly.

The Exchange Server Best Practices Analyzer requires this service to be started, even when the tool runs directly on the server.

The Exchange Server Best Practices Analyzer uses DCOM to access the server. In addition to the port mapper (135), various high ports must be open. If a hardware firewall is not present, check for software-based firewalls on the server.

The Exchange Server Best Practices Analyzer attempts to contact Exchange servers by using their FQDN. If this name is not set correctly in Active Directory (networkAddress attribute on the Exchange server object), the Exchange Server Best Practices Analyzer may be attempting to contact an invalid server name. Study the error in the Run Time Log to verify that the correct FQDN is reported .

Both the Exchange Server Best Practices Analyzer and Exchange Server require that the File and Print Sharing service to be bound to the primary network interface.

Screenshot of LAN conection Properties

For more information, see Microsoft Knowledge Base articles:

Another method to troubleshoot is to simulate the Exchange Server Best Practices Analyzer's action using RegEdit. From the workstation where the Exchange Server Best Practices Analyzer runs, start RegEdit and then use the Connect Network Registry feature. Remember to type in the FQDN of the server rather than the short server name.

Screenshot of RegEdit Connect Network Regitry

If RegEdit returns an error when it attempts to connect to the server, the Exchange Server Best Practices Analyzer will also have a problem connecting. If the connection can be established, go to the following key to make sure that a permissions issue does not exist:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion

If the Exchange Server Best Practices Analyzer can read the well-known registry path on a server, but is having difficulties accessing WMI classes, run the Connectivity Test and then look at the Run Time Log.

If the Run Time Log shows Access Denied or Security Error during the attempt to collect information through WMI, the connectivity issue is related to permissions. In this case, verify that the account that is being used has administrator equivalent access to the server. Specifically, check the security settings on the WMI Control to verify that the account in use by the Exchange Server Best Practices Analyzer has at least the following permissions:

  • Enable Account

  • Remote Enable

  • Read Security

Screenshot of ExBPA WMI Permissions

If the Run Time Log shows The RPC server is unavailable when the Exchange Server Best Practices Analyzer attempts to access WMI, this error usually means that the hosting service for that class is not started.

For example:

  • Win32_ComputerSystem class = Windows Management service

  • Exchange_DSAccessDc class = Exchange Management service

As with registry access, you can simulate the Exchange Server Best Practices Analyzer’s WMI requests by using a built-in tool. start WinMSD and then use the Remote Computer feature to connect with the FQDN of the computer that runs Exchange Server.

Screenshot of WinMSD Drop Down

If WinMSD returns an error, the Exchange Server Best Practices Analyzer will also fail.

The Scriptomatic tool can also be a great resource for troubleshooting WMI issues. For more information about the Scriptomatic tool and to download it from the Microsoft TechNet Script Center, see Scriptomatic 2.0: Readme.

 
Was this page helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

ADD
Show:
© 2014 Microsoft