Deploying Exchange Server 2003 Management Pack
The Exchange Management Pack ships with a Configuration Wizard to help you with configuration tasks. The Configuration Wizard provides a convenient way to configure individual servers running Microsoft® Exchange Server 2003 and makes sure that they operate smoothly with Microsoft Operations Manager (MOM) 2005. The wizard generates a configuration file (Configuration.xml) that you can edit to adjust your monitoring solution and then apply with the ExchangeMPConfig.exe command-line tool.
Before you start a new installation or an upgrade, it is recommended that you document the existing configurations, especially if you are upgrading from Exchange 2000 Management Pack. Additional instructions for both new installations and upgrades are later in this chapter.
To deploy the Exchange Management Pack, you must be familiar with the following:
How to install the Exchange Management Pack You can install the Exchange Management Pack on both a new Exchange 2003 environment, and one upgraded from Exchange 2000. You can also upgrade Exchange 2000 Management Pack to the Exchange Management Pack. Knowing the details of both types of installations helps to successfully deploy the management pack.
How to configure the Exchange Management Pack The configuration file used for deployment can be edited manually in a text editor and through a command-line interface. The command-line tool is helpful in complex scenarios and when troubleshooting.
On This Page
Preparing to Deploy the Exchange Management Pack
Securing Your Deployment
Installing the Exchange Management Pack
Configuring the Exchange Management Pack
Preparing to Deploy the Exchange Management Pack
Before you deploy the Exchange Management Pack, you should spend some time evaluating your organization's monitoring requirements and your Exchange organization topology. The planning phase will let you clarify your monitoring goals, understand your performance expectations, define your escalation procedures, and optimize your Exchange Management Pack deployment.
To prepare for deployment, you should follow these steps:
Identify who will receive alerts generated by the Exchange Management Pack.
Create a deployment plan for installing and configuring monitoring and monitored servers.
Note Most environments are configured in such a way that the default monitoring settings in the Exchange Management Pack meet organizational needs. However, sometimes you may want to perform a requirements analysis for monitoring in your environment. This analysis would include creating a performance baseline and determining custom thresholds for rules that MOM agents run on your Exchange servers. For more information about creating a performance baseline, see Exchange Server 2003 Performance and Scalability Guide (https://go.microsoft.com/fwlink/?LinkId=28660).
Identify Who Will Receive Alerts Generated by the Exchange Management Pack
After you identify the messaging functionalities that you want to monitor, and you have calculated your baseline behavior and performance thresholds, you must identify who will be notified in the case of an alert, what method to use to perform the notification, and what level of severity will cause the alert to be triggered.
To simplify administration, you should follow these steps:
Identify the administrators who must be notified in the event of an Exchange problem.
Add each administrator to the MOM Operators security group.
Configure each administrator with the correct paging and messaging schedule.
Add each administrator to the Mail Administrators notification group.
Create a Deployment Plan for Installing and Configuring Monitoring and Monitored Servers
The final planning step is to create a plan for how you will deploy the Exchange Management Pack in your environment. This plan must take into account:
Which servers will be monitored.
Which servers will be monitoring.
Who will be performing the installation.
What permissions are required.
What the schedule will be.
What risks you may experience, and how to reduce them.
For more information about creating a deployment plan, see Microsoft Solutions Framework documentation (https://go.microsoft.com/fwlink/?LinkId=35958).
Securing Your Deployment
Before you install the Exchange Management Pack, you must secure your monitoring environment. You must do this before installation because the Exchange Management Pack will generate alerts for these issues. If you do not secure your environment before the Exchange Management Pack is installed, you will receive alerts when these security configurations are verified.
Securing your environment includes the following:
Running IIS Lockdown
Configuring SSL
Verifying that Message Tracking Log shares are locked down
Verifying that SMTP directories are on an NTFS file system partition
Verifying that SMTP cannot anonymously relay
Running IIS Lockdown
You should run the IIS Lockdown Tool on all front-end servers. This tool searches for security holes and helps you configure Internet-facing servers so that they are less susceptible to malicious attack.
For more information about installing and running the IIS Lockdown Tool, see Microsoft Knowledge Base article 325864, "How To Install and Use the IIS Lockdown Wizard" (https://go.microsoft.com/fwlink/?LinkId=3052&kbid=325864).
The Exchange Management Pack will detect whether the IIS Lockdown Tool has been run and will send you an alert if any security holes normally secured by this tool are detected.
Configuring SSL
To use the front-end server availability monitoring features for Exchange 2003, your front-end server must have SSL configured for all Microsoft Outlook® Web Access, Outlook Mobile Access, and Exchange ActiveSync® virtual directories. To configure SSL, follow these high-level steps on your front-end server:
Set up the certificate
Add the certsrv to your trusted roots
Enable SSL Required on the Outlook Web Access, Outlook Mobile Access, Exchange ActiveSync Web sites
Enable forms-based authentication
For more information about configuring SSL, see the Exchange Server 2003 and Exchange 2000 Server Front-End and Back-End Topology guide (https://go.microsoft.com/fwlink/?LinkId=34216).
Verifying That Message Tracking Log Shares Are Locked Down
When message tracking is enabled, all messages that are handled by SMTP are logged to message tracking log files located on each Exchange server. By default, the message tracking log files are located at c:\program files\exchsrvr\servername.log. This folder is shared so that an administrator can view his or her information from any Exchange System Manager console. You should configure permissions on this share so that the Everyone group is not explicitly granted any permissions. If the Everyone group has been granted permissions to the message tracking log share, you should remove the group. The Exchange Management Pack will detect this configuration and send you an alert if the Everyone group is identified on the share.
Verifying That SMTP Directories Are on an NTFS Partition
Because SMTP messages are not always secure, you should help protect their contents by storing them on an NTFS partition. You can verify that the directory is on an NTFS partition by locating the SMTP directory in Windows Explorer and accessing its properties. The General tab will indicate what file system is being used.
If the SMTP directories are not on an NTFS partition, you should either move them or configure the partition to use NTFS.
To move the SMTP directories, see Microsoft Knowledge Base article 318230, "XCON: How to Change the Exchange 2000 SMTP Mailroot Directory Location" (https://go.microsoft.com/fwlink/?LinkId=3052&kbid=318230).
To configure a partition to use NTFS, see Windows Server™ 2003 Help.
The Exchange Management Pack will detect this configuration and send you an alert if the SMTP directory is not located on an NTFS partition.
Verifying that SMTP Cannot Anonymously Relay
By default, your SMTP virtual servers are configured to only relay messages submitted by authenticated users.
To verify that this has not changed
Start Exchange System Manager and locate the server object on which you want to prevent mail relay.
In the left pane, under the server object, expand Protocols, and then expand SMTP.
In the left pane, right-click the SMTP virtual server on which you want to prevent mail relay, and then click Properties.
In the Properties dialog box, click the Access tab, and then click Relay.
In the Relay Restrictions dialog box, verify the following are true:
Only the list below is selected, and the list box is empty
The Allow all computers which successfully authenticate to relay, regardless of the list above check box is selected.
Click Cancel if you do not want to make any changes.
The Exchange Management Pack will detect this configuration and send you an alert if your SMTP server is configured to allow anonymous relay.
Installing the Exchange Management Pack
If you have MOM 2000 installed and you are monitoring computers running Exchange 2000 Server or Exchange Server 2003, you must upgrade in the following order:
Upgrade your MOM 2000 server to MOM 2005.
Upgrade all agents.
Upgrade the Exchange Management Pack.
For more information about upgrading your MOM environment, see the MOM 2005 documentation.
Before you can install the Exchange Management Pack, you must install a MOM agent on your Exchange server. After the MOM agent installation is completed, and after the Exchange Management Pack is imported to the MOM server, the MOM agent on your Exchange server will automatically download the Exchange Management Pack from the MOM server. The Exchange Management Pack rules running within the MOM agent will detect whether required Exchange Management Pack binaries are installed on the Exchange server. If no Exchange Management Pack binaries are detected by the MOM agent, the agent will install them automatically.
When you install MOM 2005, Setup will detect which version of Exchange is in your environment. By default, computers running Exchange Server 2003 and later will already have Exchange Management Pack binaries installed on them. Earlier versions of Exchange did not include Exchange Management Pack binaries, so MOM 2005 Setup searches for these servers and, if it locates one with an agent already installed, installs these same binaries automatically. Additionally, MOM will continue to query your environment every 15 minutes to determine whether a new Exchange server with a MOM agent was added, and will install Exchange Management Pack binaries on any Exchange server with a MOM agent that it detects.
Installing the Exchange Management Pack requires two additional steps after MOM is installed. First, you must import the Exchange Management Pack. Second, you must install the Configuration Wizard.
Importing the Exchange Management Pack
You can import the Exchange Management Pack from the MOM 2005 Administrator Console, as shown in Figure 3.1.
.gif "Figure 3.1 Importing the Exchange Management Pack")
Figure 3.1 Importing the Exchange Management Pack
To import the Exchange Management Pack
Copy the Exchange Management Pack.akm file from the either the \Tools folder on the MOM 2005 installation compact disk or from the Microsoft Download center to the MOM consolidator server.
Click Start, point to Programs, point to Microsoft Operations Manager 2005, and then click Administrator Console.
In the MOM 2005 Administrator Console, in the Console Root, and then expand Microsoft Operations Manager.
Right–click Management Packs, and then select Import/Export Management Pack. The Management Pack Import/Export Wizard opens.
In the Management Pack Import/Export Wizard, on the Welcome page, click Next.
On the Import or Export Management Packs page, verify that Import Management Packs and/or reports is selected, and then click Next.
On the Select a Folder and Choose Import Type page, click Browse to locate the folder in which you have downloaded the Exchange Management Pack.akm file. Under Type of Import, select Import Management Packs only and then click Next. Note that you can also import reports from this page if you want.
On the Select Management Packs page, verify that the correct files are selected, click Next, and then click Finish. When the installation is finished, verify that the Description pane indicates that the installation was successful, and then click Close.
Create a Topology Diagram of Your Existing Exchange Organization
The ability to create a topology diagram of your existing Exchange organization is a new feature of the Exchange Management Pack on MOM 205. Exchange 2003 Topology features include the following:
Grouping servers by routing groups
Displaying server role (mailbox, front-end, bridgehead)
Displaying health state of each server
Displaying connectors
To generate a topology diagram
Identify the Exchange server that will perform topology discovery. This server will populate the Exchange Diagram. You can use any computer running Exchange 2000 Server or Exchange Server 2003 in the Active Directory® forest.
Click Start, point to Programs, point to Microsoft Operations Manager 2005, and then click Administrator Console.
In the MOM 2005 Administrator Console, locate the Console Root, expand Microsoft Operations Manager\Management Packs, and then click Computer Groups.
In the right pane, right-click Microsoft Exchange Topology Discovery Computers, and then click Properties.
In the Microsoft Exchange Topology Discovery Computers Properties dialog box, click the Included Computers tab.
On the Included Computers tab, click Add, and then add the topology server you identified in Step 1.
Click OK to close any open dialog boxes.
In the MOM 2005 Administrator Console, in the left pane, expand Administration\Computers, and then click All Computers. In the right pane, right-click the computer that you identified as the topology discovery server and then click Properties.
In the Properties dialog box, click the Security tab.
On the Security tab, clear the Prevent agent from proxying for other computers or network devices check box, clear the Use global settings check box, and then click OK.
To view the topology diagram, open the Operator Console. To do this, click Start, point to Programs, point to Microsoft Operations Manager 2005, and then click Operator Console.
In the Microsoft Operations Manager 2005 - Operator Console, in the left pane, click Diagram.
Your topology diagram will be generated, and will be displayed in the center pane after the topology collection process has completed. This may take several minutes.
Installing the Configuration Wizard
The Configuration Wizard can be installed and run from any computer that has Exchange System Manager installed. You must have .NET Framework 1.1 installed for the wizard to work.
To install the Configuration Wizard
From the \Tools folder on the MOM 2005 installation CD, copy ExchangeMPConfig.msi to any computer on the network that is running Exchange System Manager.
Double-click the file from the location to install the Configuration Wizard.
Using the Exchange Management Pack with Exchange Clusters
The Exchange Management Pack can monitor not only individual servers running Exchange 2003, but also clusters of Exchange 2003 servers. Server clusters are automatically detected through scripts and the Exchange Management Pack components. The Exchange Management Pack can discriminate between active and passive servers, and can identify both nodes and the virtual server running on the active node. Logging for clusters can occur both at the individual virtual server level and at the physical node level. For example, disk space usage reports can be generated for each physical disk, and MAPI availability reports can be generated for each virtual server.
Additional configuration is required to monitor Exchange Server in a clustered environment. To deploy the Exchange Management Pack to clustered servers, use the following process:
Install the MOM agent on the physical cluster servers.
Start managing for the virtual cluster.
Installing the MOM Agent
Add the server cluster to the MOM management group by installing the MOM agent on the physical servers within the cluster. For more information, see, "Discovering Computers and Deploying Agents" in the MOM 2005 Deployment Guide.
After the agent is installed on the physical servers, these servers will appear in the MOM Operator Console and report a state of success. The virtual cluster servers will appear in the MOM Operator console within several minutes and report a state of unknown.
Monitoring the Virtual Cluster
After you install the agent on the physical cluster nodes, the virtual cluster servers are added to the Administration\Computers\Windows Server Cluster Computers node in the MOM 2005 Administrator Console. It can take several minutes and possibly up to 30 minutes for the virtual servers to be added to this node. After the virtual cluster servers are added, right-click each server and then click Start Managing. In the MOM Operator Console, the state for these virtual servers should change to success.
To fully monitor server clusters, install the Server Clusters Management Pack for MOM 2005 (https://go.microsoft.com/fwlink/?LinkId=36002).
Using State Monitoring with Exchange Clusters
If you have State Monitoring enabled, and if you have multiple virtual servers hosted on one node, the Service State may not always accurately reflect your current state. For example, if you disable one of the virtual server's resources, such as SMTP, the Service State does not change. This is because the SMTP service is still running and servicing the other virtual server's SMTP resources.
Running Scripts on Exchange Clustered Virtual Servers
All Exchange Management Pack scripts run on all active cluster nodes. Each script identifies the Exchange virtual servers running on that node and then performs its function within each virtual server. If a node is passive, there will be no virtual servers to run the scripts against, so the scripts will stop running.
The following scripts generate events against a passive node:
Check HeapDeCommitFreeBlockThreshold Registry Key
Check 'services to monitor' registry key
Collect Operating System Server Information
Publish ExMP Data
Verify IIS Lockdown was run
Verify required Windows hotfixes
Collecting Service Discovery Data
Service discovery is the process of discovering roles, components, and relationships for managed computers. Each Management Pack collects service discovery data that is specific to the technology that the Management Pack supports. Many features of a Management Pack are not available until after service discovery data is collected for the first time. For example, features that require identifying roles, computer groups, and even target computers for specific rules require service discovery data.
By default, the Exchange Management Pack collects both local and topology-wide service discovery every hour. Local service discovery, which collects local data about each Exchange server running a MOM agent, is performed immediately after the Exchange Management Pack is deployed. However, topology service discovery is run only after a dedicated Exchange server within the Active Directory forest is added to the Microsoft Exchange Topology Discovery Computers computer group. For information about adding a server to this computer group, see the "Create a Topology Diagram of Your Existing Exchange Organization" section earlier in this guide.
Additionally, the reporting component of MOM relies on a nightly DTS job to transfer data from the MOM database to the MOM Reporting database. Therefore, after Exchange Management Pack is deployed, Exchange server reports will not contain any data until the next DTS job has finished running.
Configuring the Exchange Management Pack
To maximize the benefits of the Exchange Management Pack, you must first configure it. This section covers the following:
Running the Configuration Wizard
Upgrading from Exchange 2000 Management Pack
Editing the Configuration File
Using the Command-Line Interface
Mailbox Access Account Configuration
Configuring Monitoring Scenarios
Best Practices for Configuration
Running the Configuration Wizard
Besides the graphical Configuration Wizard, the Exchange Management Pack includes a command-line interface for exporting and importing configuration files. You can use this interface for custom deployments, troubleshooting, and when upgrading from Exchange 2000 Management Pack. For in-depth troubleshooting, you can also modify the XML configuration file to specify particular settings. However, the Configuration Wizard is designed to be used in most deployments, and should be your first choice when installing and configuring the Exchange Management Pack.
If you have a version of the Exchange Management Pack installed on your network, read the "Upgrading from Exchange 2000 Management Pack" section before you start the wizard.
Configuration Wizard Requirements
Before you run the Configuration Wizard, make sure you meet the following requirements:
The user running the tool must have at least Exchange full administrator rights on the administrative group or organization that he or she wants to configure, in addition to local administrative rights to each Exchange server, because writing to the registry is required.
Each server to be configured must have Remote Registry Service running.
Configuration Wizard Options
You can run the Configuration Wizard to configure your environment with default settings, or you can customize the wizard to meet specific additional monitoring requirements for your organization. By default, the Configuration Wizard automatically:
Enables message tracking.
Enables service monitoring of the following services:
Microsoft Exchange Information Store
Microsoft Exchange Management
Microsoft Exchange MTA Stacks
Microsoft Exchange System Attendant
Simple Mail Transfer Protocol (SMTP)
World Wide Web Publishing Service
Creates test mailboxes for MAPI logon tests.
Enables server availability monitoring and lets you identify the sending and receiving mail servers for the mail flow test.
You can use the custom option to select the features that you require and then to manually configure them. Use the custom option to:
Identify specific services to monitor.
Configure mailbox availability monitoring to be per-store or per-server (MAPI Logon).
Disable mailbox availability monitoring.
Create and configure the Mailbox Access account and mailbox. This account must meet the following criteria:
Have permissions to read and write to the directory %systemroot%\temp\exmppd.
Have local logon rights on each Exchange server.
Have a Display Name and samAccountName that are identical.
Note For more information about these requirements, see the Best Practices in Configuration section located later in this guide.
Enable message tracking.
Enable and configure mail flow.
Enable front-end server monitoring.
Use the command-line interface.
Save current configuration to XML.
Modify configuration options before applying.
To run the Configuration Wizard
Click Start, point to Programs, point to the Exchange Management Pack, and then click the Exchange Management Pack Configuration Wizard (Figure 3.2).
.gif "Figure 3.2 Running the Configuration Wizard")
Figure 3.2 Running the Configuration Wizard
After you start the Configuration Wizard, you can select from the following configuration options:
Administrative group that contains the Exchange servers that you want to configure.
Each Exchange server that you want to configure.
The configuration type, either Default or Custom. The default option automatically enables message tracking and service monitoring, and creates a test mailbox to monitor server availability. The custom option lets you select the features that you require and then to manually configure them. Use the custom option to select specific services to monitor. By default, the following services are monitored:
Microsoft Exchange Information Store
Microsoft Exchange Management
Microsoft Exchange MTA Stacks
Microsoft Exchange System Attendant
Simple Mail Transfer Protocol (SMTP)
World Wide Web Publishing Service
When you choose the custom option, you can configure mailbox availability monitoring to be per store or per server. Alternatively, you can also disable mailbox availability monitoring (Figure 3.3).
.gif "Figure 3.3 Mailbox availability options in the Configuration Wizard")
Figure 3.3 Mailbox availability options in the Configuration Wizard
In both the custom and default options, you can configure the sending and receiving servers for testing mail flow.
You can also configure the Mailbox Access account, as shown in Figure 3.4.
.gif "Figure 3.4 Mailbox Access account configuration page")
Figure 3.4 Mailbox Access account configuration page
After the configuration options have been selected, the configuration summary (Figure 3.5) is displayed so that you can verify the chosen settings. Make sure that you verify that the test mailboxes and the mailbox for the mailbox access account will be created. You also have the option to save the XML configuration file. For more information about how to save a configuration file, see the section "Checking the Configuration Log File" in Chapter 4, "System Monitoring with the Exchange Management Pack."
.gif "Figure 3.5 Configuration Wizard Summary page")
Figure 3.5 Configuration Wizard Summary page
.gif "Figure 3.2 Running the Configuration Wizard")
.gif "Figure 3.3 Mailbox availability options in the Configuration Wizard")
.gif "Figure 3.4 Mailbox Access account configuration page")
.gif "Figure 3.5 Configuration Wizard Summary page")
Upgrading from Exchange 2000 Management Pack
If you have a version of the Exchange Management Pack installed on your network, read the following section before you start to work with the Configuration Wizard.
Most of the configuration settings that are applied to Exchange 2000 Management Pack also work for the Exchange Management Pack. Upgrading Exchange 2000 servers that are monitored by Exchange 2000 Management Pack to Exchange 2003 and the Exchange Management Pack is straightforward.
Configuring for Monitoring Outlook Web Access, Outlook Mobile Access, and Exchange ActiveSync
To monitor Outlook Web Access, Outlook Mobile Access, and Exchange ActiveSync, you must do additional configuration steps in the Configuration Wizard and, optionally, in the Windows registry. The Configuration Wizard has a Default and a Custom option to enable and configure monitoring for Outlook Web Access, Outlook Mobile Access, and Exchange ActiveSync, as explained in the following sections.
To enable monitoring using the Default option
- In the Configuration Wizard, when you choose the Default configuration option, availability monitoring for Outlook Web Access, Outlook Mobile Access, and Exchange ActiveSync is automatically enabled.
To enable monitoring using the Custom option
In the Configuration Wizard, if you choose the Custom configuration option, and if you select a front-end server to be configured, the screen shown in Figure 3.6 is displayed with the front-end monitoring option enabled.
.gif "Figure 3.6 Custom configuration options in the Configuration Wizard")
Figure 3.6 Custom configuration options in the Configuration Wizard
If you choose Front-end monitoring as one of the properties to be configured, the screen shown in Figure 3.7 is displayed. You have the option to disable or enable front-end monitoring.
.gif "Figure 3.7 Configuration Wizard screen to disable or enable front-end monitoring")
Figure 3.7 Configuration Wizard screen to disable or enable front-end monitoring
.gif "Figure 3.6 Custom configuration options in the Configuration Wizard")
.gif "Figure 3.7 Configuration Wizard screen to disable or enable front-end monitoring")
Availability monitoring for Outlook Web Access, Outlook Mobile Access, and Exchange ActiveSync functions only on Exchange 2003 front-end servers. When you select the Enable Front-End server monitoring check box in the Configuration Wizard, availability monitoring is enabled.
To monitor availability, a synthetic logon process is used, in which a user logging on to a mailbox using a mobility client is simulated. To enable a synthetic logon, there must be a test mailbox with a user account. For the Outlook Web Access logon, the Configuration Wizard automatically picks one of the existing back-end test mailboxes that is used by MAPI logon. This mailbox name is automatically stored in the \\HKLM\Software\Exchange MOM\FEMonitoring\ front-end servername \BEAccount registry value on the front-end server. For more information, see the section "Configuring the Environment for Monitoring Outlook Web Access Front-End Servers" later in this chapter.
The Mailbox Access account mailbox is used for Outlook Mobile Access and Exchange ActiveSync logon.
By default, the Exchange Management Pack automatically determines the URL used to monitor the front-end services by using a combination of localhost/network card IP and the virtual server and virtual directory information in the Internet Information Services (IIS) metabase. This URL is the local monitoring URL because the logon request is submitted to the local front-end server, where the logon request is generated.
You also can supply a custom URL to monitor the public URL that is used by your Web and mobile clients. This must be a URL that an end-user can use to log on. This logon request that is submitted to the custom URL can be responded to by any one of the organization's front-end servers that normally respond to requests to the specified URL. The public URL monitoring cannot be directed to monitor a specific server.
To use a custom URL, you will have to configure registry entries on each server where you want the monitoring enabled.
To configure a custom URL for Outlook Web Access
Open Registry Editor and locate the \\HKLM\Software\Exchange MOM\FEMonitoring\ front-end servername \ key and create a registry value (type string) named CustomUrls. Enter the custom URL value as a comma-delimited list in this value. For example:
For single URLs:
For multiple URLs:
Note Do not append the mailbox name in the URL, such as https://www.example.com/exchange/johnsmith, or the synthetic logon will fail.
To configure a custom URL for Outlook Mobile Access
Open Registry Editor and locate the
\\HKLM\Software\Microsoft\Exchange MOM\FEMonitoring\ front-end servername \ key and create a registry value (type string) named CustomOmaUrls. Enter the custom URL value as a comma-delimited list in this registry value. For example,For a single URL:
For multiple URLs:
To configure a custom URL for Exchange ActiveSync
Open Registry Editor and browse to the
\\HKLM\Software\Microsoft\Exchange MOM\FEMonitoring\ front-end servername \ key and create a registry value (type string) named CustomEasUrls. Enter the custom URL value in this registry value. For example:
Configuring the Environment for Monitoring Outlook Web Access Front-End Servers
When you choose to monitor an Outlook Web Access front-end server, you can specify the name of the mailbox to be used for monitoring in the XML configuration file (as shown in the container objects column in Table 2.1). Each time you enable monitoring of a front-end server, the Configuration Wizard searches for an account to use in the following order until a suitable account is found:
Back-end servers that are in the same routing group and were selected in the wizard for monitoring
Back-end servers that are in the same routing group but were not selected in the wizard for monitoring
Back-end servers that are in a different routing group and were selected in the wizard for monitoring
Back-end servers that are in a different routing group but were not selected in the wizard for monitoring
Note The Mailbox Access account is always used to monitor Outlook Mobile Access and Exchange ActiveSync.
Editing the Configuration File
This section describes the configuration file used to configure the Exchange Management Pack.
The configuration file is an XML file that lets users use the Exchange Management Pack Configuration Wizard to control configuration options. It also lets users script the configuration and view a report of the current configuration options.
Table 3.1 lists the container objects in a configuration file.
Table 3.1 Container objects in an the Exchange Management Pack configuration file
Container Object |
Description |
|---|---|
AdministrativeGroup |
This node is a container object for <Servers> elements. It also has an <AdministrativeGroupName> element. The AdministrativeGroupName element contains the name of an administrative group as displayed by Exchange System Manager. There must be exactly one instance of the AdministrativeGroupName element and exactly one instance of the Servers element. Parent: AdministrativeGroups. |
AdministrativeGroups |
This node is a container object for the list of administrative groups discriminated in the configuration. It must contain at least one <AdministrativeGroup> element. Parent: Configuration. |
BackEnd |
This node is a container object for the configuration options that can be set for a back-end Exchange server: <ServerName>, <MonitorMessageTracking>, <ServicesToMonitor>, <MailBoxAccessAccount>, <MDBAvailabilityMonitoring>, and <MailFlowMonitoring>. The ServerName object contains the fully qualified domain name (FQDN) or the NetBIOS name of the server as a string. The MonitorMessageTracking object contains a Boolean value that specifies whether Message Tracking is enabled. The other three objects are container objects for other configuration elements. For an input configuration file, each BackEnd node must contain either zero or one instance of each of these objects. The only exception is the ServerName element. Each BackEnd instance must contain exactly one instance of the ServerName element. For the other elements, not specifying an element means that it will not be configured. An output report must contain exactly one instance of each of these objects. Parent: Servers |
Configuration |
This is the root node for the XML file. It can contain one child object, the <AdministrativeGroups> object, which is a container object for AdministrativeGroup configuration information. There must be at least one AdministrativeGroup object. There can be more than one AdministrativeGroup object. Parent: None |
FrontEnd |
This node is a container element for configuration information for a front-end Exchange server. It must contain exactly one <ServerName> element, which is a string that contains the FQDN of the server. It can also contain <ServicesToMonitor>, <FrontEndAvailabilityMonitoring>, <MailBoxAccessAccount>, and <MonitorMessageTracking> objects (previously defined). Parent: Servers |
MailBoxAccessAccount |
This node contains the account information for the MailBoxAccessAccount for the current server. It contains <username> and <domain> elements, which are strings and contain the user name and domain name of the Mailbox Access account, respectively. This object is used only in the output configuration report. It is ignored when importing a configuration file, and the user is prompted to enter a user name and password for the Mailbox Access account when running the tool from the command line. Parent: BackEnd and FrontEnd |
MailFlowMonitoring |
This node contains four elements: <ExpectMailFrom>, <SendMailToServer>, <SendMailToMailbox>, and <TestMailBox>. ExpectMailFrom and SendMailToServer are repeating string elements. They contain the NetBIOS name of the server they are expecting mail from, or are supposed to send mail to, respectively. SendMailToMailbox is used to specify custom mailboxes (instead of servers) to which the server is supposed to send messages. This element enables customers to use "custom test mailboxes." When using SendMailToMailbox, it is mandatory to add <ServerMailToServer>Custom</SendMailToServer> to the mail flow configuration, otherwise no mail flow message will be sent to the customer mailboxes. There can be multiple instances of all elements. TestMailBox, an optional element that can be used to send/receive mail flow messages, should be specified whenever using customer mailboxes to monitor mail flow. Parent: BackEnd |
MDBAvailabilityMonitoring |
This node contains <MDBToMonitor> objects. The MDBToMonitor object contains the configuration of each MDB. If empty, it means that the configuration will disable MAPI logon availability. Parent: BackEnd |
MDBToMonitor |
This node contains three elements, <StorageGroup>, <MDBName>, and <TestMailBox>, that specify information about an MDB. The first two elements are required and exactly one instance of each element must exist under this node. The TestMailBox element can be present, but it is not required. If it is present, this name is used for the mailbox monitoring account. If not, the default naming scheme is used. Parent: MDBAvailabilityMonitoring |
Servers |
This node is a container object for <BackEnd> and <FrontEnd> objects. FrontEnd and BackEnd objects contain the configuration information for front-end or back-end servers, respectively. There can be multiple instances of the FrontEnd and the BackEnd objects under the server container. No other elements can be in the Servers container object. Parent: AdministrativeGroup |
ServicesToMonitor |
This node contains the services to monitor. It contains the <ServiceName> element, which is a string and contains the system name of the service to monitor; for example, SMTPSVC or MSExchangeIS, not Simple Mail Transfer Protocol or Microsoft Exchange Information Store service. This is a repeating element (). Parent: FrontEnd or BackEnd |
Note The MailBoxAccessAccount elements are ignored when importing the configuration file. They are used only for output reporting.
Sample File Format
This sample configuration file enables custom front-end monitoring.
Note Some of the lines in the following code snippet have been displayed in multiple lines only for better readability. These should be entered in a single line.
<Configuration> <AdministrativeGroups> <AdministrativeGroup> <AdministrativeGroupName>First Administrative Group </AdministrativeGroupName> <Servers> <FrontEnd> <ServerName>MAILSRV</ServerName> <FrontEndAvailabilityMonitoring> <Enabled>true</Enabled> <BackEndAccount>customBEAcct</BackEndAccount> </FrontEndAvailabilityMonitoring> </FrontEnd> </Servers> </AdministrativeGroup> </AdministrativeGroups> </Configuration>
This sample configuration file is the typical configuration for one computer.
Note Some of the lines in the following code snippet have been displayed in multiple lines only for better readability. These should be entered in a single line.
<Configuration> <AdministrativeGroups> <AdministrativeGroup> <AdministrativeGroupName>First Administrative Group </AdministrativeGroupName> <Servers> <BackEnd> <ServerName>MAILSRV</ServerName> <MonitorMessageTracking>true</MonitorMessageTracking> <MailBoxAccessAccount> <Username>mbaccess</Username> <Domain>tidev</Domain> </MailBoxAccessAccount> <ServicesToMonitor> <ServiceName>MSExchangeIS</ServiceName> <ServiceName>MSExchangeMGMT</ServiceName> <ServiceName>MSExchangeMTA</ServiceName> <ServiceName>MSExchangeSA</ServiceName> <ServiceName>SMTPSVC</ServiceName> <ServiceName>W3SVC</ServiceName> </ServicesToMonitor> <MDBAvailabilityMonitoring> <MDBToMonitor> <StorageGroup>SG01</StorageGroup> <MDBName>mailboxStore01</MDBName> <TestMailBox>MAILSRVMOM</TestMailBox> </MDBToMonitor> </MDBAvailabilityMonitoring> <MailFlowMonitoring> <SendMailtoServer>OTHERMAILSRV</SendMailtoServer> <SendMailtoServer>MAILSRV</SendMailtoServer> <ExpectMailFrom>OTHERMAILSRV</ExpectMailFrom> <ExpectMailFrom>MAILSRV</ExpectMailFrom> <TestMailBox>MAILSRVMOM</TestMailBox> </MailFlowMonitoring> </BackEnd> </Servers> </AdministrativeGroup> </AdministrativeGroups> </Configuration>
This sample file configures mail flow.
<Configuration> <AdministrativeGroups> <AdministrativeGroup> <AdministrativeGroupName>SouthAmerica</AdministrativeGroupName> <Servers> <BackEnd> <ServerName>BOLIVIA</ServerName> <MailFlowMonitoring> <ExpectMailFrom>COLOMBIA</ExpectMailFrom> <TestMailBox>customAcct01</TestMailBox> </MailFlowMonitoring> </BackEnd> <BackEnd> <ServerName>ARGENTINA</ServerName> <MailFlowMonitoring> <ExpectMailFrom>COLOMBIA</ExpectMailFrom> <TestMailBox>customAcct02</TestMailBox> </MailFlowMonitoring> </BackEnd> </Servers> </AdministrativeGroup> <AdministrativeGroup> <AdministrativeGroupName>Africa</AdministrativeGroupName> <Servers> <BackEnd> <ServerName>KENYA</ServerName> <MailFlowMonitoring> <ExpectMailFrom>COLOMBIA</ExpectMailFrom> <TestMailBox>customAcct03</TestMailBox> </MailFlowMonitoring> </BackEnd> <BackEnd> <ServerName>NIGERIA</ServerName> <MailFlowMonitoring> <ExpectMailFrom>COLOMBIA</ExpectMailFrom> <TestMailBox>customAcct04</TestMailBox> </MailFlowMonitoring> </BackEnd> </Servers> </AdministrativeGroup> <AdministrativeGroup> <AdministrativeGroupName>Oceania</AdministrativeGroupName> <Servers> <BackEnd> <ServerName>AUSTRALIA</ServerName> <MailFlowMonitoring> <ExpectMailFrom>COLOMBIA</ExpectMailFrom> <TestMailBox>customAcct05</TestMailBox> </MailFlowMonitoring> </BackEnd> </Servers> </AdministrativeGroup> <AdministrativeGroup> <AdministrativeGroupName>NorthAmerica</AdministrativeGroupName> <Servers> <BackEnd> <ServerName>MEXICO</ServerName> <MailFlowMonitoring> <ExpectMailFrom>COLOMBIA</ExpectMailFrom> <TestMailBox>customAcct06</TestMailBox> </MailFlowMonitoring> </BackEnd> <BackEnd> <ServerName>CANADA</ServerName> <MailFlowMonitoring> <ExpectMailFrom>COLOMBIA</ExpectMailFrom> <TestMailBox>customAcct07</TestMailBox> </MailFlowMonitoring> </BackEnd> <BackEnd> <ServerName>COLOMBIA</ServerName> <MailFlowMonitoring> <SendMailtoMailbox>customAcct01</SendMailtoMailbox> <SendMailtoMailbox>customAcct02</SendMailtoMailbox> <SendMailtoMailbox>customAcct03</SendMailtoMailbox> <SendMailtoMailbox>customAcct04</SendMailtoMailbox> <SendMailtoMailbox>customAcct06</SendMailtoMailbox> <SendMailtoMailbox>customAcct05</SendMailtoMailbox> <SendMailtoMailbox>customAcct07</SendMailtoMailbox> <SendMailtoServer>Custom</SendMailtoServer> <TestMailBox>customAcct08</TestMailBox> </MailFlowMonitoring> </BackEnd> </Servers> </AdministrativeGroup> </AdministrativeGroups> </Configuration>
Using the Command-Line Interface
Note It is highly recommended that you run the Configuration Wizard first against your current server configuration so that you can export a valid configuration file.
This section describes the command-line version of the Configuration Wizard. The command-line interface provides advanced administrators with greater control over the configuration of the Exchange Management Pack. The name of the executable file is ExchangeMPConfig.exe.
The command-line interface supports two major operations: importing a user-created configuration file, or creating a report in the form of a configuration file that shows the current configuration of a server or administrative group.
When importing a configuration file, the command-line interface supports silent operation and interactive operation. For silent operation, you are not required to enter any information beyond command-line parameters. This mode is useful for scripting. To run in silent mode, you must specify, in addition to the configuration file, both the Mailbox Access account user name and password as parameters on the command line. Silent mode can be used only if the Mailbox Access account was previously created.
In interactive mode, you must specify, at minimum, the configuration file that you want to import. Optionally, you can choose to specify a Mailbox Access account on the command line. If it is not provided, the ExchangeMPConfig.exe tool will prompt for it interactively. You will also be prompted for the Mailbox Access account password. If the Mailbox Access account will be created by the tool, you must also specify the location of its Exchange mailbox (Exchange server, storage group, and mailbox store).
The command-line interface, like the wizard, can be run on any workstation or server as long as it meets the prerequisites.
ExchangeMPConfig.exe Syntax
You can import and export configurations through the ExchangeMPConfig.exe tool.
To import and apply a configuration
Use the following command-line command:
Note This command is shown on multiple lines for better readability; enter them as a single line
ExchangeMPConfig.exe /i <filename> [/u <domain\username>
[/p <password>]]
**/i filename.xml** – Sets configuration on user's servers based on the information in filename.xml.
Optional parameters used with /i are as follows:
**/u username** – the user can use the /u parameter to specify the Mailbox Access account. The user name will be in the DOMAIN\\username format. The tool will validate this.
**/p password** – the user can use the /p parameter to specify the password for the Mailbox Access account. /u is required.
To export a configuration
Use the following command-line command:
Note This command is shown on multiple lines for better readability; enter them as a single line
ExchangeMPConfig.exe /e <filename>
[/s <serverFilter>] [/a <administrativeGroupFilter>]
**/e filename.xml** – Creates a report named filename.xml that contains the configuration information of the selected servers. Filename.xml is the configuration file (configuration.xml) that is used with the /i parameter.
Optional parameters used with /e are as follows:
**/s servername** – specifies the server from which to obtain the configuration file, instead of the default local computer. It can be used in combination with wildcard characters such as \* and ?. Examine the usage output of the tool for more information.
**/a admin group** – specifies the common name of an administrative group from which to obtain the configuration. If this parameter is set, the tool discovers all Exchange servers in the specified domain, obtains the configuration information from each server, and saves it to the configuration file. It can be used in combination with wildcard characters such as \* and ?.
**/?** – Displays the valid command switches for the command and gives a summary of what each does.
Each parameter must be separated by a space from the value associated with the parameter. For example, /e configuration.xml is valid, but /e:configuration.xml, /e=configuration.xml, and /econfiguration.xml are not valid parameters.
Table 3.2 lists typical command lines that you can use to run ExchangeMPConfig.exe.
Note Some of the commands in the following table have been displayed in multiple lines only for better readability. These should be entered in a single line.
Table 3.2 ExchangeMPConfig.exe command-line examples
Command Line |
Description |
|---|---|
ExchangeMPConfig.exe |
This command runs the wizard in GUI mode. |
ExchangeMPConfig.exe /i configuration.xml |
This command imports the configuration specified in configuration.xml. An error is presented if the local computer does not have the Exchange System Manager tools installed, or the current user does not have permissions to do the required configuration. Because no Mailbox Access account is specified on the command line, when the command executes, you are prompted for the Mailbox Access account user name and password only if required by the configuration. Note The password field is not shown. As you type characters in the password, the command prompt pointer remains at the same location. Output: C:\> ExchangeMPConfig.exe /i configuration.xml Mailbox Access Account Username (Domain\account): <name user entered> Password: Configuration Successful. Output (failure, permissions): C:\> ExchangeMPConfig.exe /i configuration.xml Error: You do not have permissions to perform this operation. Please see %temp%\ConfigurationLog.log for details. Output (failure, management tools not installed): C:\> ExchangeMPConfig.exe /i configuration.xml Error: The Exchange System Management tools are required to run this command. Please install them and try again. Please see %temp%\ ConfigurationLog.log for details. Output (failure, other): C:\> ExchangeMPConfig.exe /i configuration.xml Error: An error has occurred. Please see %temp%\ConfigurationLog.log for information. Output (failure, command line parameters invalid): C:\> ExchangeMPConfig.exe /i configuration.xml Error: The command line you specified is invalid. The invalid parameter was /iconfiguration.xml. Please correct the error and try again. |
ExchangeMPConfig.exe /i configuration.xml /u ExDom\MailAcct |
This command functions the same as ExchangeMPConfig.exe /i configuration.xml, but because the username is provided, you are not prompted to enter a Mailbox Access account interactively. However, you are still prompted for a Mailbox Access account password only if necessary in the configuration. Output: C:\> ExchangeMPConfig.exe /i configuration.xml /u ExchDomain\MailAcct Password: |
ExchangeMPConfig.exe /i configuration.xml /u ExDom\MailAcct /p pass |
This command does the same action as the previous command, but the Mailbox Access account password is provided on the command line. The user is not prompted to interactively enter any information when using these parameters. |
ExchangeMPConfig.exe /e report.xml |
This command generates a configuration file that contains the current configuration information for all Exchange servers. The file format is compliant with the format required for the /i parameter. Output: C:\> ExchangeMPConfig.exe /e report.xml Generating configuration report for the local system. This operation may take several minutes. Output (failure, permissions): C:\> ExchangeMPConfig.exe /e report.xml Error: You do not have permissions to perform this operation. Please see %temp%\ConfigurationLog.log for details. Output (failure, monitoring pack not installed): C:\> ExchangeMPConfig.exe /e report.xml Error: The Exchange Monitoring Pack is not installed on the local system. Please install it and try again. Please see %temp%\ConfigurationLog.log for details. Output (failure, other): C:\> ExchangeMPConfig.exe /e report.xml Error: An error has occurred. Please see %temp%\ConfigurationLog.log for information. Output (failure, command line parameters invalid): C:\> ExchangeMPConfig.exe /econfiguration.xml Error: The command line you specified is invalid. The invalid parameter was /econfiguration.xml. Please correct the error and try again. |
ExchangeMPConfig.exe /e report.xml /s exch1 |
This command generates a configuration file. The system is specified with the /s parameter and the configuration of that system is retrieved instead of the local system. The listed server name can be the NetBIOS or FQDN name for the Exchange computer. Besides the errors listed in the previous command, the Exchange System Management Tools must be installed on the system where the configuration tool runs. If the tools are not on the local system, you will receive an error. Also, if the specified server cannot be contacted, you will receive an error. Only errors that are different from the above are listed here. Output: C:\> ExchangeMPConfig.exe /e report.xml /s exch1 Generating configuration report for exch1. This operation may take several minutes. Output (failure, management tools not installed): C:\> ExchangeMPConfig.exe /e report.xml /s exch1 Error: The Exchange System Management tools are required to run this command. Please install them and try again. Please see %temp%\ConfigurationLog.log for details. Output (failure, server unreachable): C:\> ExchangeMPConfig.exe /e report.xml /s exch1 Error: System exch1 does not exist or cannot be contacted. Please try again later. Please see %temp%\ConfigurationLog.log for details. |
ExchangeMPConfig.exe /e report.xml /a ExAG1 |
This command works similarly to the previous two commands. It generates a configuration file for the domain specified with the /a parameter. All servers running Exchange and the Exchange Management Pack are queried for their current configuration. The administrative group name must be the common name of the administrative group. Output: C:\> ExchangeMPConfig.exe /e report.xml /a ExAG1 Generating configuration report for ExAG1. This operation may take several minutes. Output (failure, server unreachable): C:\> ExchangeMPConfig.exe /e report.xml /a ExAG1 Error: The Administrtive Group ExAG1 cannot be contacted. Please try again later. Please see %temp%\ConfigurationLog.log for details. Output (failure, Exchange 5.5 Admin Group): C:\> ExchangeMPConfig.exe /e report.xml /a ExAG1 Error: The Administrtive Group ExAG1 is an administrative group for a version of exchange not supported by this tool. This tool only supports Exchange 2000 and later administrative groups. Output (failure, other): C:\> ExchangeMPConfig.exe /e report.xml /a ExAG1 Error: An error has occurred. Please see %temp%\ConfigurationLog.log for information. |
ExchangeMPConfig.exe /? |
This command displays the usage information for the executable. Usage information is also displayed if the user does not enter valid command line parameters. |
Configuring Monitoring Scenarios
The Exchange Management Pack for MOM 2005 includes several key monitoring scenarios that are configurable. The following scenarios are covered in this section:
Service Verification Script Configuration
Exchange Traffic Analysis Reports
Mail Flow Verification Scripts Configuration
Disk Capacity Planning
Collecting Operating System Server Information
Configuring Exchange Mail Queue Thresholds
Service Verification Script Configuration
Periodically, the Service Verification Script runs to determine whether particular services are running on your Exchange server. The list of services that are checked are specified in a registry key.
Note You can configure service verification using the Exchange 2003 Management Pack Configuration Wizard (https://go.microsoft.com/fwlink/?LinkId=35942).
Rule Group: Server Availability\Verify Exchange Services.
Rule Name: Service verification. Check services script.
Specify the Exchange-related services to be monitored in the following registry key on each of the managed Exchange servers.
Warning Incorrectly editing the registry can cause serious problems that may require you to reinstall your operating system. Problems resulting from editing the registry incorrectly may not be able to be resolved. Before editing the registry, back up any valuable data.
To create the registry key
Create the following key in Registry Editor.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Exchange MOM
In this key, create the entry Monitored Services as a string.
Fill this string with a comma-delimited list of the services for which you want to receive notification if the services are not running.
Example setting for this entry:
MSExchangeIS, MSExchangeSA, MSExchangeMTA, SMTPSVC, POP3SVC, IMAP4SVC
Note In a cluster configuration, you must add this entry on each cluster node.
Exchange Traffic Analysis Reports Configuration
The Exchange Management Pack includes a timed event rule that collects information from the message tracking logs and analyzes it to assemble the Exchange Traffic Analysis reports, which detail various aspects of the messaging traffic. This event rule analyzes the message tracking log for the previous day.
Rule Group: Microsoft Exchange Server 2003\Report Collection Rules\Message Tracking Log Analysis\Event Rules
Rule Name: Report Collection - Message Tracking Log Data
Reports: Reports in the "Exchange 2003 Traffic Analysis" reports
To produce the Exchange 2003 Traffic Analysis report, message tracking must be enabled on the monitored servers. By default, the Configuration Wizard will enable this. If message tracking becomes disabled, these reports can no longer be generated.
To enable message tracking
Click Start, point to Programs, point to Microsoft Exchange, and then click System Manager.
In the left pane, locate the server for which you want to enable message tracking. Right-click the server name, and then click Properties.
To record the subject of any message sent to, from, or through the server, on the General tab, select the Enable subject logging and display check box.
To log information about the sender, the time the message was sent or received, the message size and priority, or the message recipients, select the Enable message tracking check box.
To change the directory in which the log file is stored, click Change, and enter the new directory name in which the Message Tracking Log Files will be stored.
Click OK to save your changes and close the Properties dialog box.
If you let log files accumulate on the server, they can consume a large section of disk space and affect performance. You should remove log files periodically; however, make sure that you leave log files on the server long enough for you to review files if a problem occurs with your message flow. As an additional step, you can move the log files to a server that can handle the size requirements.
To specify how long log files remain on a server
Click Start, point to Programs, point to Microsoft Exchange, and then click System Manager.
In the left pane, locate the server for which you want to configure log file settings. Right-click the server name, and then click Properties.
On the General tab, select the Remove log files check box.
In Remove log files older than (days), type the number of days that you want a file to be saved in the Exchsrvr\<servername>.log directory before it is removed.
Note In some cases, Exchange is not able to resolve the sender for a piece of mail from the message tracking log event 1031 "Not available" used to track sent mail. Two Exchange traffic analysis reports: "SMTP Out - Top 100 Senders by Count" and "SMTP Out - Top 100 Senders by Size" show that the sender is not available.
This inability to resolve the sender occurs when the mail was sent to a distribution list that is configured as "Do not send delivery reports" on the Exchange Advanced tab of the Distribution List properties dialog box. (In this case, Active Directory attributes reportToOriginator and reportToOwner are both false.)
Additionally, if "Send delivery reports to group owner" is selected for a distribution list, all mail sent to this distribution list has the owner of the list appearing as the sender in the message tracking log. The default for distribution lists is "Send delivery reports to message originator," and, in this case, Exchange will report the real sender in the message tracking log.
How to Customize Configuration for Mail Flow Verification Scripts
These scripts periodically send mail and verify that the mail has been received. You must configure the sending and receiving servers to know where to send mail and from where to expect mail.
Note Before customizing these scripts, you should first configure mail flow verification by using the Exchange Management Pack Configuration Wizard. This wizard is located in the \Tools folder of the MOM 2005 installation CD or on the Exchange 2003: Management Pack Configuration Wizard Web site (https://go.microsoft.com/fwlink/?LinkId=35942).
Rule Group: Availability Monitoring\Verify Mail Flow\Event Rules
Rule Name: Send mail flow messages
Rule Name: Receive mail flow messages
The mail flow verification script uses the mailbox access account (named <servername>MOM) created in the previous procedure. For each server participating in the mail flow verification (as senders, receivers, or both), follow these configuration steps.
Note Any rule that you customize should ideally have its own rule group. This makes sure that the rule is not overwritten when you upgrade the Exchange Management Pack.
To configure the mail flow verification script execution interval
Configure the time interval to send/receive mail according to your Exchange installation (the default is 15 minutes):
From the MOM 2005 Administrator Console, expand Microsoft Operations Manager\Management Packs\Rule Groups\Microsoft Exchange Server\Microsoft Exchange Server 2003.
In the left pane, expand Availability Monitoring, and then expand Verify Mail Flow.
In the Verify Mail Flow rule group, click Event Rules.
In the right pane, right-click Send Mail Flow Messages, and then click Properties.
In the Event Rule Properties dialog box, click the Data Provider tab.
On the Data Provider tab, in the Provider name box, click Schedule every 15 minutes synchronize at 00:04, and then click OK.
Repeat these steps for the Receive mail flow messages event rule. Select Schedule every 15 minutes synchronize at 00:09.
Configure the number of failed attempts to receive mail before generating an alert (the default is four attempts):
In the Verify Mail Flow\Event Rules rule group, right-click Receive mail flow messages, and then click Properties.
In the Event Rule Properties dialog box, click the Responses tab.
On the Responses tab, click Exchange 2003 - Mail flow receiver, and then click Edit.
In the Launch a Script dialog box, double-click MaxSafeMissedRuns. In the Value box, enter a value greater than or equal to 1 and then click OK to close all dialog boxes.
Although it is not necessary, you can configure the <servername>MOM mailboxes so that they only receive mail from the other test mailboxes that are expected to send mail to them.
To configure < servername >MOM mailboxes to only receive mail from intended sources
Click Start, point to Programs, point to Administrative Tools, and then click Active Directory Users and Computers.
In the left pane, expand the domain and then expand the organizational unit that contains the user account that you want to modify.
In the right pane, double-click the mailbox-enabled user you want to modify.
On the Exchange General tab, click Delivery Restrictions.
In the Delivery Restrictions dialog box, under Message restrictions, select Only from, and then click Add.
In the Select Recipient dialog box, under Name, select the recipients whose e-mail the mailbox-enabled user can receive, and then click Add. Repeat this step for each recipient.
Note Test mailboxes not used in mail flow verification—specifically those named with any additional suffix (for example, <servername>MOM1)—can be similarly configured to not accept any mail by following the same steps and leaving blank the "Only from" list in Step 5.
Disk Capacity Planning
You can conduct disk capacity planning by using views of the disk space used. The data for these views comes from the Logical Disk performance monitor counters. Disk capacity planning is only necessary in Microsoft Windows® 2000 Server (including service packs). These counters are permanently enabled in Windows Server 2003.
To enable disk capacity planning
At the command prompt, type diskperf –y to enable counters on all monitored Exchange servers.
Restart the server for this change to take effect.
Collecting Operating System Server Information
No configuration is required for this rule.
Rule Group: Server Utilization Logging: Reporting and Views\Report Collection Scripts\Windows Server Configuration
Rule Name: Report Collection – Windows Server Configuration Information
Report: Exchange Server Configuration
Configuring Exchange Mail Queue Thresholds
Depending on the amount of mail traffic through your Exchange deployment, you may want to adjust the following rules in the Mail Queue Thresholds rule group. Adjusting the rules makes sure that they are sensitive to large queues but do not issue an alert from typical fluctuations.
Exchange 2003: SMTP: Categorizer Queue > 50
Exchange 2003: SMTP: Local Queue > 50
Exchange 2003: SMTP: Local Retry Queue > 50
Exchange 2003: SMTP: Messages Pending Routing > 50
Exchange 2003: SMTP: Messages in SMTP Queue Directory > 500
Exchange 2003: SMTP: Remote Queue > 500
Exchange 2003: SMTP: Remote Retry Queue > 500
Exchange Information Store service Queue of Messages to MTA > 50
Information Store Queue of Messages from MTA > 25
Information Store Transport Temp Table Entries > 600
MTA Queue Length per Connection > 50
MTA Work Queue > 50
Mailbox Store: Receive Queue > 25
Mailbox Store: Send Queue > 25
Other performance counter threshold rules in the Exchange Management Pack do not have to be adjusted. To select appropriate Exchange mail queue thresholds, create a performance baseline for your environment that records the queue fluctuations over an extended time period (for example, a week) and watch the typical fluctuations. The queue threshold can then be set to be just over these fluctuations.
Note In general, it is a best practice to make a copy of the rules that have to be modified. Then, make changes in the copy instead of changing the rules directly in the Exchange Management Pack.
To change the thresholds for the mail queue performance rules with State-Monitoring enabled
In the MOM 2005 Administrator Console, locate Microsoft Operations Manager\Management Packs\Rule Groups\Microsoft Exchange Server\Microsoft Exchange Server 2003\Health Monitoring and Performance Thresholds\Mail Queue Thresholds\Performance rules.
In the right pane, right-click the rule, and then click Properties.
In the Properties dialog box, click the Threshold tab, and then modify the Threshold value to reflect your preferred threshold
Best Practices in Configuration
This section discusses best practice scenarios when configuring the Exchange Management Pack.
Custom and standard mailboxes Custom mailboxes are test mailboxes that do not follow the standard naming convention of server_nameMOM***, where server_name is the name of your Exchange server, and * is an incremental number used for unique identification within that server. The Configuration Wizard cannot be used to create custom mailboxes, although it can be used to recognize them. You can also use the command-line utility to correctly configure these accounts after they have been manually created in Active Directory and after the xml configuration file has been manually configured. The mail flow scripts generate event 9561 if no appropriate mailbox (either custom or standard) is detected by the script. If both custom mailboxes and standard mailboxes exist, the scripts will use the custom mailboxes. Either the standard mailboxes can be used for mail flow verification, or a custom mailbox can be used, but not both. To use the standard mailboxes, remove any custom mailboxes before installation. You can remove the custom configuration by running the Configuration Wizard and disabling the mail flow test in addition to the mailbox availability monitoring. This process will remove all registry entries and let you reconfigure monitoring to use the standard mailboxes.
Event log replication in a cluster configuration In a cluster configuration, disable event log replication to prevent duplicate alerts from the physical cluster nodes. For more information about this configuration, see the Microsoft Knowledge Base article 224969, "HOW TO: Configure Event Log Replication in Windows 2000 Cluster Servers" (https://go.microsoft.com/fwlink/?linkid=3052&kbid=224969).
Making changes to the Management Pack It should not be necessary to significantly change the configuration rules and scripts in the Exchange Management Pack. However, if you have to do this, the best practice is to make copies of rules, change them outside the Microsoft Exchange Server 2003 rule group, and disable the original rules. Record the rules you have disabled because re-importing the Management Pack causes your changes to be overwritten by the new management pack.
Using a mailbox access account that is defined in your Exchange server's resource domain instead of one defined in your user domain By default, the Configuration Wizard creates the mailboxes and user accounts that you use for mail flow tests in the same domain as the Exchange server that you are monitoring. If you have to use an account that is defined in a domain other than the domain in which your Exchange server is installed, see the "Configuring MAPI Logon Verification Tests Across Domains" section later in this guide.
The Mailbox Access Account requires permissions to read and write to the %systemroot%\temp\exmppd directory This directory is where temporary MAPI logon profiles are created. To verify that your account has appropriate permissions, log on to the server as the Mailbox Access Account and create a test file in this directory.
The Mailbox Access Account requires local logon rights on each Exchange server These rights are required for the MAPI Logon and Mail Flow tests. The Configuration Wizard automatically grants the necessary rights.
Do not explicitly change the Default Access Permissions If you have manually added an account to Default Access Permissions, the System account will not be granted Default Access Permissions and you will not receive event ID 9986 on the MOM server after installing the agent on your Exchange server. You will then receive subsequent errors indicating a permissions issue. For more information, see Microsoft Knowledge Base article 274696, "Actions such as search and drag and drop do not work because the default access permissions have been changed in the Dcomcnfg.exe tool" (https://go.microsoft.com/fwlink/?LinkId=3052&kbid=274696).
Do not configure "Send As" and "Receive As" permissions on the Organization object to "Deny" If your organization has "Send As" and "Receive As" permissions configured as "deny" at the organization level, the mailbox access account will not be able to log on to your Exchange server. This configuration causes MAPI Logon verification tests to fail.
Verify that a domain controller is accessible to the monitoring server MAPI logon verification tests will fail if the monitoring server cannot access a domain controller, or if the domain controller does not respond in a timely manner.
Verify that the Mailbox Access Account Display Name and samAccountName are identical If they are not identical, ambiguous name resolution will fail, which causes the Mail Flow script to fail to run and MAPI_E_AMBIGUOUS_RECIP errors to be logged.
Verify that all backend servers have an agent installed If any of the backend servers that your front end server communicates with do not have an agent installed, the Configuration Wizard will return an error on your front-end server.
**Verify that SSL is configured on all applicable virtual directors on the Exchange 2003 front-end server **SSL is required for the front-end server, Outlook Web Access, Outlook Mobile Access, and Exchange ActiveSync availability scripts to function correctly.
**Use the Net Time command to synchronize system clocks **Timing synchronization issues between servers can cause inaccurate Mailflow latency report results. The format for this command is:
net time \\server_fully_qualified_domain-name /set /y
The Agent Service Account and the Agent Action account must be running as Local System By default, these accounts run as Local System. If you configure either of these accounts to run as an account other than Local System, several Exchange Management Pack scripts will fail. For a list of script dependencies, see Appendix A.
Additional Views of Performance Counters
The location of views and rules has changed in the Exchange Management Pack for Exchange 2003. Exchange 2000 views are located at Microsoft Exchange Server\Exchange 2000 and Exchange 2003 views are located at Microsoft Exchange Server\Exchange 2003.
If you use the Exchange Management Pack for Exchange 2000, the Report Collection Events view will display all report collection events for both versions of Exchange.
Rule Groups You can view performance counters in the Microsoft Exchange Server 2003\Report Collection Rules\Mailbox Statistics Analysis and Microsoft Exchange Server 2003\Report Collection Rules\Public Folder Statistics Analysis rule groups.
The mailbox and public folder analyses send the results to the corresponding reports as performance counters with an object named McExchDG. Over time, hundreds of counters can accumulate, which can delay getting a view of all performance counters on a server. Views exist for most Exchange 2003 performance counters in the Management Pack. Generally, it is a good practice to create additional views for other frequently used performance counters instead of obtaining the list of all performance counters for a particular server.
Full-text indexing and CPU measurements Total CPU measurements might not indicate a CPU resource bottleneck because full-text indexing consumes all CPU resources that are otherwise unused. If you use full-text indexing, you may want to disable the %CPU rules located in Microsoft Exchange Server 2003\Performance Counter Logging Rules\Server Resource Utilization\CPU Usage Logging to prevent false alerts of high CPU usage.
Service availability reports Consider whether you want to use the following service availability reports: "Windows NT/2000: Service Availability by Computer," "Windows NT/2000: Service Availability by Server," and "Windows NT/2000: Service Availability by Service." The data for these reports can consume lots of space in the MOM data warehouse. If they are not required, disable collecting the service availability events by going to Administration\Global Settings, accessing the properties of the Agents object, clicking the Service Monitoring tab, and then clearing the Enable service monitoring check box.
**MAPI logon check functionality **This relates to the Availability and State Monitoring\MAPI Logon Check and Availability Reporting rule group (MAPI Logon Check in Exchange 2000) and Check mailbox store availability–MAPI logon test.
The MAPI logon check functionality generates data for the Exchange Server Availability report. This is done by the Exchange 2003 - MAPI logon verification script that records events every time there is a successful logon to the Exchange store. This event has the source Exchange MOM and is number 9980. Because these events are recorded every five minutes, they can amount to a significant fraction of all events in the Microsoft Operations Manager database. To use the MAPI logon check functionality only for monitoring and not for reporting, you can request that the script not record these success events by changing the value of the parameter LogPerfData for this script. The values for this parameter are:
0 = record success events
1 = record performance data instead of success events
-1 = record neither success events nor performance data
When the value is non-zero, there is no data for the Exchange Service Availability report, and it is empty. When this parameter is 1, the counter named Exchange MP\MAPI Logon Status is populated with the value of the event number that would have been created otherwise (for example, 9980, 9981, and so on).