Monitoring System Availability
The Exchange Management Pack includes rule groups to monitor system availability. These rules can be enabled and disabled according to your requirements. The rules monitor the following components:
Mail Flow Test messages between sending and receiving servers are sent out periodically through scripts. This is one of the fastest ways to monitor availability. If messages can be sent and delivered, this means that the Exchange servers and their components are functioning.
Exchange Services The Exchange Management Pack checks the key services that make up Exchange servers and provides alerts if a failure were to occur.
MAPI A MAPI client, such as Microsoft Office Outlook® 2003, accesses the databases that store Exchange data. This rule group can verify that these operations are successful.
Database The rules in this group let you know when a database is connected and disconnected. Alerts are generated only when the database is disconnected.
Outlook Web Access Errors, logins, and test verifications of functionality are part of the Outlook Web Access rule group. With the rules and scripts included, you can monitor Outlook Web Access.
Outlook Mobile Access Scripts in this rule group synthetically log on as a client to make sure that Outlook Mobile Access functions. Different types of alerts are generated for different failures.
Exchange ActiveSync Scripts in this rule group perform synthetic Exchange ActiveSync® logons and monitor the results to determine the availability of Exchange ActiveSync.
Each component and its capabilities are discussed in the following sections.
Mail Flow
These rules verify mail flow between Exchange servers. The mail flow verification rules function only when the OnePoint service is running as the Local System account. You can use the rules to set up each Exchange 2003 server to send mail to other servers that are running Exchange 2003 and to receive mail from another server. You can also configure it to send mail back to the same server. If the mail flow between servers is interrupted, a notification is sent when an error occurs.
Information from these rules is used to generate Message Traffic reports. The Message Traffic reports provide data gleaned from message tracking logs. Because messages sent between mailboxes that are located on the same server are not logged in the message tracking logs, information about messages sent and received between mailboxes on the same server is not reported in the Message Traffic reports.
This group includes the following event rules:
Receive mail flow messages This rule uses the Exchange 2003 – Mail Flow Receiver script and periodically checks mail flow. It generates an alert if message delivery latency exceeds a specified threshold.
Mail flow script cannot resolve recipient's address This rule generates an alert if a recipient's address cannot be resolved.
An invalid parameter was sent to the Received Mail script This rule generates an alert when a malformed or unacceptable parameter is passed to the script. The alert contains a description of acceptable values.
Mail flow latency exceeded the specified threshold This rule generates an alert when latency threshold is greater than the defined value.
General errors in the mail flow scripts This rule generates an alert when a mail flow script stops running.
Mail flow message not received This rule generates an alert when messages sent by the mail flow verification scripts are not received.
Send mail flow messages This rule is triggered by a timed event and periodically runs a script that sends a message to one Exchange server to verify that mail is being sent without problems.
Clock synchronization problem This rule generates an alert when the system clock on the Exchange servers reports negative latency beyond the defined threshold.
The MOM DTS tool transfers data between the MOM database and a separate database that is offline. This separate database can be used for long-term data retention, for long-term trending, for additional reporting, and for keeping the MOM database well maintained. Data collection from the message tracking logs occurs once each day, and depends on completion of the DTS package. Therefore, there is a delay of approximately one day between activity in the message tracking logs and updated information in the Message Tracking report.
Mailbox Access Account
The Mailbox Access account must be able to log on for mail flow to function correctly. Therefore, it has specific rights to enable mail flow scripts to work. An access control entry (ACE) is added and specifies the following rights:
ADS_RIGHT_READ_CONTROL The right to read data from the security descriptor of the object, not including the data in the system access control list ( SACL).
ADS_RIGHT_DS_READ_PROP The right to read properties of the object. The ObjectType member of an ACE can contain a GUID that identifies a property set or property. If ObjectType does not contain a GUID, the ACE controls the right to read all the object properties.
ADS_RIGHT_DS_LIST_OBJECT The right to list a particular object. If the user is not granted such a right, and the user does not have ADS_RIGHT_ACTRL_DS_LIST set on the object parent, the object is hidden from the user. This right is ignored if the third character of the dSHeuristics property is '0' or is not set.
ADS_RIGHT_ACTRL_DS_LIST The right to list child objects of this object.
Note
For more information about ACE properties, see the Active Directory Service Interfaces (ADSI) enumerations at https://go.microsoft.com/fwlink/?linkid=25449.
This ACE is added directly to the locations that are listed in the following table.
Mailbox Access account ACE locations
| LDAP object | Inherited in the LDAP tree? | ViewStoreStatus |
|---|---|---|
Configuration container |
No |
No |
Exchange organization |
No |
No |
Address lists container |
Yes |
No |
Addressing container |
Yes |
No |
Admin groups container |
No |
No |
Selected admin group container |
Yes |
Yes |
Global settings container |
Yes |
No |
Recipients policies container |
Yes |
No |
System policies container |
Yes |
No |
ViewStoreStatus is a specific Exchange property that enables the account to view database information. The security ID (SID) of the Mailbox Access account is added to the msExchAdmins property so that it appears on the Delegation Wizard. The value specified in this property is the pair SID + ",30".
For each test mailbox, the Mailbox Access account has the following rights:
Delete mailbox storage
Read permissions
Full mailbox access
Exchange Services
The Exchange Services rule group has rules that use a timed rule that runs a script to periodically determine whether key Exchange services are running. The Configuration Wizard identifies the services to monitor by default, although you can customize this list. If a service stops, and the severity level is Error or higher, a notification is triggered. Additionally, the State View in the Operator Console will reflect that the service has stopped on your server. After the service is detected as restarted, the state view will reflect that the server is back up.
MAPI
The MAPI rule group checks whether a MAPI client can log on to an Exchange database. Implementation of this rule group enables verification of both the Exchange database and Active Directory availability. This data is used for the Exchange server availability report. The rules in this group require the MOM agent action account to run as the Local System account. Notification is sent when the severity level is Critical Error or higher.
Database
Two event rules and an alert rule make up the Database rules group. The rules determine which Exchange databases are not connected. An alert is generated when a database fails to connect or is disconnected. When the severity level is Error or higher, a notification is sent.
Outlook Web Access
These rules verify the availability of Outlook Web Access on a front-end Exchange server. These rules perform synthetic Outlook Web Access logons and check the results to determine the availability of Outlook Web Access. A notification is sent when the severity level is Error or higher.
This group includes the following event rules:
Outlook Web Access logon failure: Webexception Synthetic Outlook Web Access logon attempt failed because of an exception. This rule generates an alert when a MOM event ID 20003 occurs.
Outlook Web Access logon failure: (HTTP error 401) Unauthorized This rule generates an alert when MOM event 20015 occurs. The logon failure is caused by a rejected user name and password combination.
General error during synthetic OWA logon This rule generates an alert when services or components on which the synthetic logon object relies are not running, are having problems, or refuse connection.
Outlook Web Access logon failure: (HTTP error 400) Bad Request This rule generates an alert when MOM event 20014 occurs. The logon failure is caused because the server does not understand the request because of malformed syntax. This is frequently caused by interrupted communications.
Outlook Web Access logon failure: (HTTP error 404) Server not found This rule generates an alert when MOM event 20017 occurs. When a connection cannot be established to the Outlook Web Access server, an alert is generated.
Outlook Web Access logon failure: Authentication error. Logon request was redirected back to logon page An alert is generated when a logon attempt fails because of an authentication error. The credentials for Mailbox Access account may be incorrect or changed after initial deployment.
Outlook Web Access logon failure: (HTTP error 504) Service Unavailable An alert is generated when MOM event 20013 occurs. This event signifies that the server cannot handle the request because of temporary overloading or maintenance of the server.
Outlook Web Access logon failure: (HTTP error 407) Proxy Authorization Required An alert is generated when MOM event 20018 occurs. This event signifies that a proxy is required. If a proxy server is installed, it might not be relaying connections correctly.
Outlook Web Access logon failure: (HTTP error 408) Request Time Out When a client request times out waiting for a response, an alert is generated. This rule generates an alert when MOM event 20019 occurs.
Outlook Web Access logon failure: (HTTP error 403) Access forbidden An alert is generated when MOM event 20016 occurs. This event signifies that too many users are connected to the server.
Outlook Web Access logon failure: General HTTP error When the Outlook Web Access server returns an error during a logon try, this rule uses the related MOM event 20011 to generate an alert.
Unexpected error during synthetic Outlook Web Access logon When an error occurs during a logon try that is not addressed by a specific error type, MOM event 19999 is written to the log. This rule generates an alert when the event occurs.
**Outlook Web Access A logon failure: (HTTP error 500) Server returned an unknown error ** An alert is generated when a MOM event 20012 occurs. This event signifies that Outlook Web Access has returned an error, related to either ASP.NET, Kerberos or to general server malfunction.
Synthetic Outlook Web Access logon This rule is a timed event that runs every 15 minutes and uses the Exchange 2003 - Outlook Web Access logon verification script. The script logs on to the front-end Outlook Web Access server and verifies that it is functional. This test requires Exchange Server 2003 Service Pack 1 (SP1).
Outlook Mobile Access
These rules verify the availability of Outlook Mobile Access on a front-end Exchange 2003 server. These rules perform synthetic Outlook Mobile Access logons and monitor the results to determine Outlook Mobile Access availability. A notification is sent when the severity level is Error or higher.
This group includes the following event rules:
Outlook Mobile Access logon failure: ASP.net errors An alert is generated when MOM event 22008 occurs. This event signifies that ASP.NET or the Exchange server is configured incorrectly.
Outlook Mobile Access logon failure: OMA configuration errors An alert is generated when MOM event 22007 occurs. This event signifies that there is a configuration problem with Outlook Mobile Access and that the IIS metabase might have been corrupted.
**Outlook Mobile Access logon failure: Mailbox hosted on an Exchange Server version earlier than 2003 ** An alert is generated when MOM event 22002 occurs. This event signifies that the logon script tried to log on to an Exchange server running a version of Exchange before Exchange 2003.
Outlook Mobile Access logon failure: Unable to connect An alert is generated when MOM event 22001 occurs. This event signifies that a connection cannot be established to the back-end Exchange mailbox.
Outlook Mobile Access logon failure: Network problem An alert is generated when MOM event 22005 occurs. This event signifies that network problems are preventing Outlook Mobile Access operations.
Synthetic Outlook Mobile Access logon This time event rule runs every 15 minutes and launches the Exchange 2003 - OMA logon verification script. This script verifies front-end server availability through synthetic Outlook Mobile Access logon. This test requires Exchange Server 2003 SP1
**Outlook Mobile Access logon failure: Wireless access is not enabled for the account ** An alert is generated when MOM event 22004 occurs. This event signifies that the account is not enabled to use Outlook Mobile Access.
General error during synthetic Outlook Mobile Access logon An alert is generated when MOM events 20907 and 20908 occur. These events signify that the underlying components and services on which the synthetic logon relies are not operational.
Outlook Mobile Access logon failure: Unexpected errors An alert is generated when MOM event 22010 occurs. This event signifies that an unexpected error or exception has occurred when Outlook Mobile Access is processing the logon request.
**Outlook Mobile Access logon failure: Device type not supported (Web.config file is modified) **An alert is generated when MOM event 22009 occurs. This event signifies that the device is unsupported. A possible cause is that the Web.config file has been modified.
Outlook Mobile Access logon failure: Invalid password or mailbox not created An alert is generated when MOM event 2003 occurs. This event signifies that the entered password is incorrect, or that the account is not created.
Exchange ActiveSync
The rules in the Exchange ActiveSync front-end Availability group verify the availability of Exchange ActiveSync on a front-end Exchange 2003 server. These rules perform synthetic Exchange ActiveSync logons and check the results to determine the availability of Exchange ActiveSync. A notification is sent when the severity level is Error or higher.
This group includes the following event rules:
EAS logon failure: Forbidden This rule generates an error when the Mailbox Access account is not enabled for Exchange ActiveSync, or when Exchange ActiveSync is disabled. The alert is generated when the logon scripts cannot log on.
Synthetic EAS logon This rule runs a script every 15 minutes to perform synthetic Exchange ActiveSync logons. The other rules in this rule group rely on the script for event data. This test requires Exchange Server 2003 SP1.
**EAS logon failure: Internal Server Error ** This rule generates an alert when the logon scripts cannot successfully log on because of a server error.
EAS logon failure: Bad Request This rule generates an error when the Exchange ActiveSync logon function is not receiving acceptable parameters.
**EAS logon failure: General Error ** The Exchange ActiveSync synthetic logon scripts rely on underlying components to function. This script generates an error when a component is unavailable.
EAS logon failure: Server Busy This rule generates an alert when synthetic logon fails because of a busy or overloaded server. This alert is also generated when the Active Directory domain controller cannot return data to the logon scripts because it is overloaded.