Export (0) Print
Expand All
Expand Minimize

How to Configure the Exchange Management Pack for Microsoft Operations Manager

 

Topic Last Modified: 2010-02-15

This topic describes how to manually configure the Exchange Management Pack on a Microsoft Exchange Server 2003. This includes following steps:

  • Create the Mailbox Access account

  • Create the Agent accounts

  • Configure the Service Verification script

  • Configure the Exchange Traffic Analysis reports

Agent mailboxes are used by the Mailbox Access Account for MAPI logon to Exchange. You must create at least one Agent mailbox and account for each Exchange server. Unlike the Mailbox Access account, the name of the agent account must begin with servernameMOM. The account name may have additional letters or numbers and no spaces after the word "MOM." This is especially true if there are multiple mailbox stores on the Exchange server, and if you have configured monitoring for each store. If you want to monitor multiple mailbox stores on an Exchange server, you must have an account and a mailbox for each mailbox store. We recommend that you use the Exchange Management Pack Configuration Wizard to create and configure these accounts.

noteNote:
We recommend that you to upgrade to Microsoft System Center Operations Manager 2007 R2 to take advantage of the new and improved monitoring features of Exchange 2007. For more information about Microsoft Operations Manager 2007 R2, see the System Center Operations Manager Web site.

You can manually create the Mailbox Access account and mailbox, and then set permissions for this account by using the Exchange Management Pack Configuration Wizard. You can also use the Exchange Management Pack Configuration Wizard to create the Mailbox Access account, and to set all permissions. If you choose to create the account and to manually set permissions, you should create the Mailbox Access account, and then create an Exchange Mailbox for the account.

noteNote:
Earlier documents state that you do not have to have a mailbox for this account. However, this error has corrected in later documents.

In the Delegation Wizard, the Mailbox Access Account must be granted at least Exchange View Only Administrator rights. Make sure that you can log on to the Exchange server by using the Mailbox Access account. Then open Exchange System Manager, and view the property pages for the Exchange server.

To inform the Exchange 2003 Management Pack about the mailbox access account
  1. After you create the Mailbox Access accounts, you must wait until all servers that are running Exchange and that are being monitored by Microsoft Operations Manager receive the event that has the source Exchange MOM and the ID 9986. This indicates that the Management Pack has generated the keys to encrypt the Mailbox Access account credentials. This may take approximately 10-15 minutes.

    You can use the following views in the Microsoft Operations Manager (MOM) Administrative console to watch for these events:

    • Monitor\Public Views\Exchange 2003\Server Configuration

    • Security\Servers Ready For SetCredentialUtility (also called the ExchangeMOMSetCredentialUtility)


    If the Exchange MOM 9986 event has otherwise not occurred, there are several possible reasons why it has not.

    First, make sure that the "Exchange 2003 - Publish ExMP Data" script is scheduled to run.

    This script is called from either of the following rules in the "Microsoft Exchange Server 2003 \Availability Monitoring" processing rule group:

    • Publish data for Agent Mailbox impersonation: This rule is triggered by the occurrence of the Exchange MOM 9987 event. This event is created by the MAPI scripts (for example, MAPI Logon or Mail Flow Verification).

    • Daily Agent Mailbox data generation: This rule is run every 24 hours at 2:00 A.M.

    If the Exchange MOM 9986 event is not found, there are several reasons why it is not:

    • The Availability Monitoring processing rule group is disabled.

    • Any of the rules in the Availability Monitoring processing rule group are disabled.

    • There was a failure in the "Exchange 2003 - Publish ExMP Data" script or in the EMPKP.PubKeyPublisher COM component that is called by this script. If the script or the COM component fails, it will either generate an event that has source Exchange MOM and the ID 10000 or 10001. The event specifies the exact nature of the problem that is encountered. The most common case is "EMPKP.EXE not registered." If the script and the COM component execute successfully, Exchange MOM 9986 is created, and SetCredentialUtility.exe can be run.

  2. On the Microsoft Operations Manager server, log on to all servers that are running Exchange by using an administrator account. (For example, log on as a Domain Administrator.)

  3. Create a list in a text file of all servers that are running Exchange, and that are monitored by Microsoft Operations Manager. For example, use Notepad to create a file that is named c:\ExServerList.txt. In the file, list the server names, and end the list by using a period (.). For example, create a list that resembles the following:
    ServerA
    ServerB
    ServerC.

    noteNote:
    In the case of a cluster of servers that are running Exchange, these should be the names of the physical servers, not of the Exchange virtual servers.
  4. Obtain the credential storage utility SetCredentialUtility.exe (or ExchangeMOMSetCredentialUtility)

  5. Run the following cmdlet:

    SetCredentialUtility.exe -E <filename>
    For example: SetCredentialUtility.exe -E C:\ExServerList.txt
    You are prompted for the domain name (this must a fully qualified name), username, and password for the Mailbox Access Account.

    Here is an example of the output from running this utility:

    Please provide the credential of your Mailbox Access Account
    Domain [100 characters max]: DomainA.SiteOne.com
    User [100 characters max]: JohnSmith
    Password [120 characters max]: *************
    Confirm password...
    Password [120 characters max]: *************
    The credential storage utility stores these for use by the Microsoft Operations Manager agents on Exchange servers. 
    

We recommend that you create the Mailbox Access Account by using the Exchange Management Pack Configuration Wizard. If you manually create the Mailbox Access Account, you should also run the Exchange Management Pack Configuration Wizard to correctly apply permissions for this account.

Before the Exchange Management Pack Configuration Wizard, Agent Mailboxes had to be created and configured manually. Usually, these accounts were configured incorrectly. In this case, the scripts that did not require a MAPI logon ran without any problems. However, the scripts that did require a MAPI logon could not collect data. This problem was noticed only when you discovered that some reports could not be run. You received an error message that indicated that no data was collected.

The following rules require the configuration of an agent mailbox account on each server that is running Exchange:

  • Processing Rule Group: Server Availability\MAPI Logon Check and Availability Reporting

  • Rule Name: Check store availability - MAPI logon\

  • Report: Exchange Server Availability

  • Agent Mailboxes used: <servername>MOM<optional suffix>

  • Processing Rule Group: Server Availability\Mail Flow Verification

  • Rule Name: Send mail flow messages

  • Rule Name: Receive mail flow messages

  • Agent Mailbox used: only <servername>MOM

  • Processing Rule Group: Report Collection Rules\Mailbox Statistics Analysis

  • Rule Name: Report Collection Rules - Mailbox Statistics Analysis

  • Reports: Mailbox reports in "Exchange Mailbox and Folder Sizes" folder

  • Agent Mailbox used: only <servername>MOM

  • Processing Rule Group: Report Collection Rules\Public Folder Statistics Analysis

  • Rule Name: Report collection - public folder statistics

  • Reports: Public Folder reports in "Exchange Mailbox and Folder Sizes" folder

  • Agent Mailbox used: only <servername>MOM

noteNote:
Do not create an Agent Mailbox on the Exchange Front End Server.
Create the Agent Accounts
  1. On a computer that has the Exchange System Manager installed, open the Active Directory Users and Computers snap-in (dsa.msc).

  2. Create a user account and a mailbox on each server that is running Exchange and that has the logon name that includes the name of the server that is running Exchange as <servername>MOM. If this is an Exchange cluster, the server name is the name of the Exchange virtual server. For example, if the server name is ExServer1, the test account is ExServer1MOM. You must set a password for this account.

    Select the following during account creation:

    • User cannot change password

    • Password never expires

    • Account is disabled

    noteNote:
    Do not clear the Create an Exchange mailbox check box.
  3. (Optional) If you have multiple database files on a server, you can add more agent mailbox accounts by using the logon name <servername>MOM#, where # is a placeholder for any number or word. The first agent mailbox account must be named <servername>MOM because it is the only mailbox that is used by the mail flow verification and by the mailbox and public folder analyses. Also, the total length of the agent mailbox account name cannot exceed 20 characters.

After the account is created, click Advanced Features on the View menu.

  1. Right-click the new agent mailbox account, click Properties, and then click the Exchange Advanced tab. If this tab is not present, make sure that Advanced Features was selected in the previous step.

  2. Click Mailbox Rights, and then click Add.

  3. Add the Mailbox Access account, and then click OK.

  4. In the Permissions box, grant Full Mailbox Access permissions to the Mailbox Access account.

  5. On the Mailbox Rights tab, select the Self account.

  6. In Permissions, click Associated External Account and then click OK.

  7. Click the Security tab, and then select the Mailbox Access account.

    noteNote:
    It may be necessary to add the Mailbox Access account if it is not listed in the accounts. Select the Mailbox Access account from the list of all accounts.
  8. In the Permissions box, click to select the Receive As and Send As check boxes in the Allow column, and then click OK.

    noteNote:
    The Agent Mailbox cannot be set to be hidden in the global address list (GAL) because you cannot log on to an account in that state.

The Agent (test) mailboxes can also be created by using the Exchange Management Pack Configuration Wizard. However, you are not prompted for the names or the organizational unit in Active Directory to create these accounts. The default location to create these accounts is in the Users organizational unit in the Root domain. If you have multiple mailbox stores that you are monitoring, the Wizard creates Agent (test) mailboxes by using such names as servernameMOM00, servernameMOM01, and servernameMOM03. If you want to create these accounts in another location, or if you want to name the suffix differently, you must manually create these accounts.
The Configuration Wizard grants Full Control permissions over the Agent (test) mailboxes to the Mailbox Access account. The wizard also sets the attribute to Associated External Account.

Periodically, the Service Verification script runs to determine whether a list of services is running. These services are specified in a registry subkey on the Exchange server. In this case, you must specify the Exchange related services to be monitored in the registry on each managed Exchange server.

CautionCaution:
Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall your operating system. Microsoft cannot guarantee that these problems can be solved. Modify the registry at your own risk.
Specify the Exchange related services to be monitored in the registry subkey on the managed Exchange servers
  1. You must create the following subkey in registry editor:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Exchange MOM

  2. In this subkey, create a Monitored Services entry as a string value. Fill this string with a comma delimited list of the services for which you want to receive notification if the services are not running.
    Example settings for this entry include the following:

    • MSExchangeIS

    • MSExchangeSA

    • MSExchangeMTA

    • SMTPSVC

    • POP3SVC

    • IMAP4SVC.

noteNote:
In a cluster configuration, you must add this entry on each cluster node.

The Exchange 2003 Management Pack includes a timed event rule that collects information from the message tracking logs, and analyzes it to assemble the Exchange Traffic Analysis reports. The Exchange Traffic Analysis reports detail various aspects of the messaging traffic. This event rule analyzes the message tracking log for the previous day.

To produce the Exchange Traffic Analysis report, you must configure the monitored Exchange 2003 servers to enable message.

Enable message tracking
  1. Log on to the computer that is running Microsoft Operations Manager by using an account that has domain administrator permissions.

  2. Click Start, point to Programs, point to Microsoft Exchange, and then click System Manager.

  3. In the console tree, double-click Server, right-click a server name, and then click Properties.

  4. To record the subject of any message sent to, from, or through the server, click to select the Enable subject logging and display check box on the General tab.

  5. To log information about the sender, the time that the message was sent or received, the message size and priority, or the message recipients, click to select the Enable message tracking check box.

  6. To change the directory in which the log file is stored, click Change, and then enter the name of the new directory in which the Message Tracking Log Files will be stored.

  7. Repeat these steps for each Exchange server.

These scripts periodically send mail, and verify that the mail has been received. You must configure the sending and receiving servers to know where to send mail and from where to expect mail.
The mail flow verification script uses the Mailbox Access account that was created in the "Enable message tracking" procedure and that is named servernameMOM.

Follow these configuration steps for each server that is participating in the mail flow verification, either as senders, as receivers, or as both.

Configure a mail flow verification script
  1. Configure the time interval to send/receive mail according to your Exchange installation (the default setting is 15 minutes). To do this, follow these steps:

    1. Log on to the MOM server by using an account that has domain Administrator permissions.

    2. Open the MOM Admin console.

    3. Locate Rules - Microsoft Exchange Server 2003 - Availability Monitoring.

    4. Expand Verify Mail Flow, click Event Processing Rules, and then click Send Mail Flow Messages.

    5. In Send Mail Flow Messages, click Properties.

    6. Click the Data Provider tab.

    7. On the Provider Name menu, select Scheduled every 5 minutes synchronize at 00:00
      Note   The default settings (every 15 minutes, synchronized at 00:09) provide a high level of monitoring that does not interfere with other scripts, such as MAPI logon. If you want to change the frequency that this script runs, it is important to select one of the existing providers. You should never create a new provider unless you are doing this when you create a completely new rule.

  2. Repeat steps 1c through 1g for the "Receive mail flow messages" event processing rule. Select a timed event that has the same frequency. To do this, follow these steps:

    1. In the current processing rule group folder, right-click the event processing rule that is named Receive mail flow messages, and then click Properties.

    2. Click the Responses tab.

    3. Select Exchange 2003 - Mail flow receiver, and then click Edit.

    4. In the Launch Script dialog box, double-click the MaxSafeMissedRuns parameter, and then enter a value of 1.

    5. Click OK in all the remaining dialog boxes.

  3. Configure the registry to specify the server that will send or receive mail.

    Caution   Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall your operating system. Microsoft cannot guarantee that these problems can be solved. Modify the registry at your own risk.

    1. On each server (or virtual server) that is running Exchange, create the following registry subkey:
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Exchange MOMMail Flow\<Servername>
      If this server is in a clustered configuration, Servername represents the Exchange virtual server. Create this same subkey (and the values in steps 3b and 3c) on each physical node of the cluster.

    2. Under the new subkey, create a string value that is named SendTo, and then set its data to a comma-delimited list that contains the server names to which mail will be sent. If the server will not be sending mail, leave this registry value empty.

    3. Under the same key, create a string value that is named ExpectedFrom, and set its data to a comma-delimited list that contains the server names from which mail will be sent. If the server will not be receiving mail from other servers, leave this registry value empty.

 
Was this page helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

ADD
Show:
© 2014 Microsoft