Exchange Management Pack Components

  • Article

 

The discussion about the Exchange Management Pack integration with Microsoft Operations Manager 2005 already presented most of the components of the Exchange Management Pack. There are rules on the MOM database server. These rules are imported into the MOM database by using the MOM 2005 Administrator Console. The MOM Management Server then pushes the appropriate set of rules to each agent, where they then run locally. The database also contains views, reports, alerts, and knowledge base articles on the MOM server, and there are MOM agents on servers that are running Exchange Server 2003. This topic covers these components in more detail.

Rule Groups

Rule Groups are used to organize rules into a logical structure. The structure of the rule groups changed from Exchange 2000 Server to Exchange Server 2003, and the Exchange Management Pack for Exchange 2003 includes additional rule groups. You can also create your own custom rule groups that let you additionally customize your MOM configuration.

The Exchange 2003 Management Pack includes rule groups to organize rules as follows:

  • Availability Monitoring   The rules in this group check Exchange servers for their availability. This includes rules to monitor Exchange services, front-end servers, database connection, MAPI logon, mailboxes, and mail flow.

  • Exchange Event Monitoring   The rules in this group monitor Exchange-specific events written to the event log. This includes rules to monitor the following:

    • Exchange store   The Exchange store hosts the mailboxes and public folders.

    • System attendant   The system attendant includes important modules, such as DSAccess, without which the Exchange server system cannot function.

    • Simple Mail Transfer Protocol (SMTP), Message Transfer Agent (MTA), and message routing   These components are elements of the Exchange 2003 transport engine and must be running on every Exchange 2003 server to guarantee a correctly functioning system.

    • Microsoft Outlook® Web Access, Outlook Mobile Access, and Exchange ActiveSync®   Internet and mobile users can use these components to access mailbox resources through HTTP and HTTP-related protocols.

    • IMAP4 and POP3   These components are important if Internet users access their mailboxes using Microsoft Outlook® Express or another IMAP4 or POP3 conforming client.

    • DSAccess and Active Directory Connector   DSAccess manages communication between Exchange 2003 and Active Directory® directory service. Active Directory Connector (ADC) is an important tool when integrating an Exchange 5.5 organization with Active Directory.

    • Free/busy information   Outlook users can look up other users' free/busy information to determine availability when scheduling meeting requests. Free/busy information is stored in a hidden system folder on the Exchange server.

  • Health Monitoring and Performance Thresholds   The rules in this group include rules to monitor server health, such as rules for server configuration, security settings, and disk space thresholds, and mail queue thresholds. They also let you discover problems in key Exchange components by setting thresholds for alerts.

  • Performance Counter Logging Rules   The rules in this group monitor your Exchange server usage and performance, such as client monitoring, antivirus rules, and public folder store usage. There are also rules to monitor server resource usage, such as CPU, disk, memory, and network usage logging.

  • Report Collection Rules   The rules in this group provide data to MOM reports. These rules include database size, configuration rules, mailbox statistics, and message tracking log analysis, as well as several other rules.

For more information about rules included with the Exchange Management Pack and their capabilities, see System Monitoring with Exchange Management Pack.

Rules

Rules specify how MOM 2005 collects, handles, and responds to information. Rules define the events and threshold conditions for MOM to monitor. When a MOM server receives information from an information source (Microsoft Windows® Management Instrumentation, System Monitor, the event log, and others) that matches a rule, the responses associated to the rule are executed.

Note

The Exchange Management Pack includes many predefined rules, but you can also define your own.

The most common rule types are as follows:

  • Event Rules   Event rules instruct MOM 2005 to generate an alert or run responses when specific events occur. These events can be events that are written to Windows event logs by the Windows components that are being monitored, or they can be events that are generated by MOM. MOM 2005 stores the events and alerts in the MOM database.

  • Alert Rules   Alert rules generate a response when a particular alert is detected. You can configure these rules to identify alert criteria from a specific alert source and generate a response when the alert matches a specified critical value. You can also define which rule group the alert rule applies to.

  • Performance Rules*   *Performance rules collect performance data. You can view this information by using the MOM Administrator Console. MOM stores performance data in the MOM database. These rules generate an alert when some measured value, such as CPU usage, exceeds a defined threshold. You can define multiple threshold values, with a separate alert severity level for each value. Use your performance baseline to identify appropriate threshold values for your environment.

Alerts

An alert occurs when a MOM agent detects an event or measured value that matches the event or threshold that is defined in a rule. An alert notifies the administrator about the event that triggered the alert. The alert can trigger an e-mail message to be sent or a script to be run.

Defining Alert Severity Levels

Each rule in MOM 2005 that generates an alert assigns an alert level that indicates the severity of the event that triggers the alert. You can use the alert severity level to determine the importance of the indicated condition. By default, the more-severe alerts are set to page administrators immediately. Alert severity levels for MOM are described in the following table.

Severity level General description Paged by default

Service Unavailable

Indicates that a service is no longer running or responding to client requests.

Yes

Security Issue

Indicates that a breach in security is likely to have occurred.

Yes

Critical Error

Indicates errors and events that require immediate attention.

Yes

Error

Indicates an error that requires attention soon.

Defined per rule

Warning

Indicates that an event has occurred that is suspect and is likely to cause an error or critical error soon. Paging is not required, and all related services are currently reachable. But the warning should be investigated and the cause of it determined.

No

Information

Provides information about an expected or required event.

No

Success

Provides notification that a particular operation succeeded.

No

Knowledge Base

The Exchange Management Pack contains a knowledge base with technical information that can help in troubleshooting. The knowledge base information is available on the Product Knowledge Base tab when displaying alert details in the MOM Operator console. This information indicates the meaning and importance of the alerts that are generated by a rule. You can also obtain detailed suggestions about resolutions and links to up-to-date information about the Web. The knowledge base contains predefined information from Microsoft, to which you can add information that is specific to your organization.

The Knowledge Base is a key feature of the Exchange Management Pack, and empowers your front-line operators to be able to quickly resolve issues. Resolving issues quickly results in faster resolution and fewer escalations, saving your company time and money.

Views and Reports

The Exchange Management Pack includes several views and reports to help you quickly identify Exchange issues. With these views and reports, you can analyze and graph performance data to understand usage trends, do accurate load balancing, and manage system capacity.

In Exchange Management Pack for Exchange Server 2003, all data that is used for reports is stored and read from the data warehouse. As scripts collect data from each data source, this information is stored in the Microsoft SQL Server™ data warehouse. The process is as follows:

  1. Agents on each Exchange server run scripts that read data from multiple data sources, such as the Event Logs.

  2. Agents write the data to the operational database on the MOM management server.

  3. Each day, a Data Transformation Services (DTS) job automatically transfers data from the operational database on the MOM management server to the data warehouse.

  4. Data is read from the data warehouse and displayed in reports.

Because reports only read data from the data warehouse, there is a delay between when an event occurs and when the event is recorded in a report.

Exchange reports cover the following:

  • Health Monitoring and Operations Reports

    You can use the monitoring and operations reports to analyze database sizes, disk usage, mailboxes, server availability, and the configuration of Exchange servers. For example, you can list database sizes for Exchange servers, where database size (in megabytes) is presented for each server, storage group, and database. The reports in this category are as follows:

    • Exchange Disk Usage   This report provides data about servers that are running Exchange based on disk performance counters, presenting daily averages for each counter.

    • Exchange Server Availability   This report provides the percentage of server availability for Exchange servers during a specified time period and also lists the categories of failure types that could lead to a server being unavailable.

    • Exchange Server Configuration   This report provides configuration information including computer and operating systems configuration and local disk information.

    • Exchange 2003 Outlook Client Monitoring   This report gives you the results of analysis data collected by Exchange 2003 servers monitoring Outlook 2003 clients for the end user's experience in terms of response times and errors.

    • Exchange Mailboxes   This report shows the distribution of mailboxes across storage groups and databases for Exchange servers.

    • Database Size   This report provides the size of each database on your monitored server.

    • Number of Mailboxes per Database/Storage Group/Server   This report provides the total number of mailboxes defined on each mailbox store, within each storage group, and across a server.

    • Mailbox and Public Folder Size and Count   This report provides the total number of mailboxes and public folders defined across all stores, and how much disk space each is occupying in your storage subsystem.

    • Mail Traffic Analysis   This report identifies the top 100 e-mail senders and receivers for each domain.

    • Client Monitoring   This report identifies the average latency observed by clients per server, and reports the number and percentage of failed remote procedure calls (RPCs) per server.

    • Exchange Database Sizes   This report shows the total database size on each server, in addition to the individual components of the database. For example, if a database contains both a mailbox store and a public folder store, this report shows the size of each.

  • **Protocol Usage Reports   **The protocol usage reports obtain data about usage and activity levels for the mail protocols that are used by Exchange, such as POP3, IMAP4, and SMTP. You can also obtain usage and activity level reports for Exchange components, such as Microsoft Exchange Information Store service, mailbox store, public folder store, MTA, and Outlook Web Access. These reports use key performance counters for operations conducted in a specific time period. The reports include data for Exchange 2000 servers only when the Exchange 2000 Management Pack for Microsoft Operations Manager is installed.

  • **Traffic Analysis Reports   **The traffic analysis reports summarize Exchange mail traffic patterns by message count and size for both Recipient and Sender domains. For example, the report Mail Delivered: Top 100 Sender Domains by Message Size provides a list of the top 100 sender domains sorted by message size during a specific time period, as reported in the Exchange message tracking logs. The reports include data for Exchange 2000 servers only when the Exchange 2000 Management Pack for Microsoft Operations Manager is installed.

  • **Exchange Capacity Planning Reports   **By analyzing your daily client logons and messages sent and received, in addition to work queues, the capacity planning reports show the Exchange server resource usage and help you plan for current and future capacity requirements.

  • **Exchange Mailbox and Folder Sizes Reports   **You can use these reports to monitor the size of Exchange mailboxes and folders and to determine your highest growth areas. The reports in this category include top 100 mailboxes by size and message count, and top 100 public folders by size and message count.

  • **Exchange Performance Analysis Report   **The Queue Sizes report summarizes Exchange performance counters and helps you analyze queue performance.

State Monitoring:

The Exchange Management Pack for Exchange 2003 includes State Monitoring. State Monitoring provides a real time view of the condition of your servers and applications. It verifies that critical services are available and that they are providing end users with expected performance by evaluating several features. These features include the following:

  • MAPI logon test

  • Mail flow test

  • Queues

  • Exchange services

  • Databases (mounted or not)

  • Front-end servers logon test

    • Outlook Web Access

    • Outlook Mobile Access

    • Exchange ActiveSync

State Monitoring continuously monitors your servers and will automatically detect when an alert or error condition is resolved. Therefore, you do not have to manually resolve alerts in MOM.

To view the state of your organization

  1. Open the MOM Operator Console. To do this, click Start, point to Programs, point to Microsoft Operations Manager 2005, and then click Operator Console.

  2. In the MOM 2005 Operator Console, in the left pane, click State.

  3. In the right pane, view state details and tasks that you can perform. Click a task to cause the task to run on the computer selected in the State right pane.

Topology View

The Exchange Management Pack for Exchange 2003 includes the Topology View. The Topology View lets you use the Operator Console to quickly view the state of your environment in a graphical format. This view lets you quickly identify servers that have issues that require attention, and lets you go into each server's properties to effectively triage the servers that you must attend to first. Servers and their status are presented in a format that can be exported into Microsoft Visio®.

For example, if your environment includes 20 servers in multiple routing groups, the Topology View will identify these servers, show the routing group boundaries, and include a graphic on each server indicating whether the server is healthy or not. As soon as a server is found to have a problem, the green check mark on the Topology View will change to a red X. To learn more about the server, you can point to it with your mouse to see properties including the number of mailboxes on the server. If you have multiple servers indicating a problem, you can determine which server is likely affecting more people by the number of mailboxes on that server. You can then double-click the server in Topology View to determine exactly what is wrong with that server and how to resolve the problem. After you resolve the problem, the red X in Topology View automatically turns into a green check mark the next time that the rule runs.