Message Tracking and Logging
How to verify message tracking settings.
To check current message tracking parameters set for an exchange mail server run the following commands. By default message tracking is enabled on exchange mailbox, Hub Transport and Edge Transport servers.
1. Start the Exchange Management Shell
2. Type Get-mailboxserver “servername” |fl *tracking*
3. The resulting output will show current tracking settings.
How to change the default Log file path
By default Exchange stores message tracking log files in the C:\Program files\Microsoft\Exchange Server\TransportRoles\Logs\MessageTracking.
To change this location use the following procedures. “C:\exchange logs” should be replaced with the directory of your choosing.
1. Start the Exchange Management Shell
2. Type Set-TransportServer “servername” –MessgaeTrackingLogPath “C:\Exchange Logs”
Note: The log file path must be local to the server. If the new target directory does not exist, the command will create it.
All log files that were generated in the original directory will not automatically be moved to the new directory.
How to change the default log directory size limits
By default the message tracking log directory is will over write the oldest log files once the maximum directory size of 250MB has been reached. The following procedures will change the max directory size.
1. Start the Exchange Management shell
2. Type Set-TransportServer servername –MessageTrackingLogMaxDirectorySize 1GB
Note: Sizes are factored in bytes (B), Kilobytes (KB) Megabytes (MB) gigabytes (GB) and terabytes (TB)
How to set the Max log file age
By default Exchange will retain message tracking log files for a period of 30 days before overwriting them. The following procedures will change this retention time.
1. Start the Exchange Management shell
2. Type Set-TransportServer servername –MessageTrackingLogMaxAge DD.HH:MM:SS
How to Track messages
Exchange 2007 provides a message tracking tool available through the Exchange Trouble shooting assistant in the Exchange management console as well as through Exchange Command Shell.
Management Shell – Message Tracking
Use the following procedure to track a message in Exchange Management Shell
1. From Hub Transport server (DCA-APP-CSHU01) open the Exchange Management Shell
2. Enter the following command line with the correct parameters.
Get-MessageTrackingLog <SearchFilters>
Filter Table:
Search filter | Corresponding field in the message tracking log |
End | date-time |
EventId | event-id |
InternalMessageId | internal-message-id |
MessageId | message-id |
MessageSubject | message-subject |
Recipients | recipient-address |
Reference | reference |
ResultSize | None. This parameter limits the number of results that are displayed by the search. |
Sender | sender-address |
Start | date-time |
Console - Message Tracking
Use the following procedures to track a message in Exchange Console.
1. Start the Exchange Management Console.
2. In the left hand pane select Toolbox.
3. In the middle pane select Message tracking.
4. With Message tracking highlighted select Open tool from the right hand pane. This will open the Exchange Troubleshooting assistant (Extra).
Within Extra, the following search criteria are provided to track messages.
- i. Recipients.
- ii. Sender.
- iii. Server sent from.
- iv. Event ID
- v. Message ID
- vi. Internal Message ID
- vii. Subject.
- viii. Reference.ix. Start and End dates for the search.
5. Once the search criteria has been defined click next to begin the search.
6. The search results will display the following data fields.
a. Time stamp b. Event ID c. Source d. Source Context e. Message ID f. Message Subject g. Message Sender h. Recipients i. Internal Message j. Client IP | a. Client Hostname b. Server IP c. Server Hostname d. Connector ID e. Recipient status f. Total Byte size g. Recipient count h. Related recipients i. Reference j. Return path k. Message Info |
Message Tracking Example
This section will provide details for resolving a real world message routing issue.
Scenario: Sender Joe.Smith@company.com received NDR when sending to recipient:
Info | Details |
Sender | |
Recipient | |
Date Time Message Delivered | 10/07 12:01am – 2:00AM |
NOTE: This is a Domino to Exchange mail routing scenario. All mail sent from Notes to Exchange targets the following Hub Transport Server (DCA-EM-CSHU01.amat.com)
Exchange Management Shell – Message Tracking
Below is the process for tracking the cause for the NDR for recipient Another.User@company.com
1. From Hub Transport server (HT01) open the Exchange Management Shell.
2. Enter the following command line based on information in table above.
get-messagetrackinglog -Recipients:Another.User@company.com -Start "10/7/2008 12:01:00 AM" -End "10/7/2008 2:00:00 AM"
3. Data will be displayed for the messages that meet the filter criteria.
4. Key in on the eventID column. “Fail” is key indicator. To view the that particular message details enter the following command.
get-messagetrackinglog –eventID “Fail” -Recipients:Another.User@company.com -Start "10/7/2008 12:01:00 AM" -End "10/7/2008 2:00:00 AM"
5. This will narrow down the search criteria to failed messages. Now view the message in Format-List view to display the message details.
get-messagetrackinglog –eventID “Fail” -Recipients:Another.User@company.com -Start "10/7/2008 12:01:00 AM" -End "10/7/2008 2:00:00 AM" | format-list.
6. The message status states the RecipientStatus of 550 5.1.4 ambiguous address. Now this can be a result of duplicate email adddresses or duplicate “legacyExchangeDN” addresses.
7. To verify, perform a number of searches for duplicates within the console to determine the problem.
a. To locate duplicate email addresses run the following command:
i. Get-Recipient –id Another.User@company.com .
ii. This command only came up with one recipient using that “email Address”. So duplicate email address is not the cause of the problem. Next step is to discover whether or not there are duplicate legacyExchangeDNs.
b. To locate duplicate legacyExchangeDNs.
Get-user –id “Another.User@company.com”
ii. This command comes up with two users. Now to compare legacyExchangeDNs. Run the format-list option for each user to get the “RecipientType” in order to display and inspect the “legacyExchangeDN” value.
Note: Another indicator of duplicate legacyExchangeDns is duplicate “Alias” attributes (aka mailNickname).
iii. If “RecipientType” value equals “MailUser”. Then run the following command.
get-mailUser –id “Another.User@company.com” | fl
iv. Inspect the legacyExchangeDN for each user. In this case (although not shown) each user had the same LegacyExchangeDN value. This was due to the HR contractor to perm employee conversion process.
v. To resolve the mail routing issue for legacyExchangeDN duplicates. The incorrect account must be mail disabled (stripping of Exchange Attributes).
Exchange Console– Message Tracking
Below is the process for tracking the cause for the NDR for recipient Another.User@company.com
Use the following procedures to track a message in Exchange Console.
1. Start the Exchange Management Console.
2. In the left hand pane select Toolbox.
3. In the middle pane select Message tracking.
a. Enter the following parameters for:
b. Recipients.
c. Start and End dates for the search.
4. Press “Next”
5. The next screen will disply the filtered list based on your pararmeters.
6. Notice the “EventID” which indicates a FAIL. The same information is available within this screen as it is within the command shell.
7. Note the Recipient Status column. This will provide the delivery issue.
8. This particular error indicates that there are duplicate email addresses or legacyExchangeDN duplicates. The easiest method to discover the root cause is through the command shell. Below is the command shell process used to resolve this particular recipient delivery issue.
9. To verify, perform a number of searches for duplicates within the console to determine the problem.
a. To locate duplicate email addresses run the following command:
i. Get-Recipient –id Another.User@company.com .
ii. This command only came up with one recipient using that “email Address”. So duplicate email address is not the cause of the problem. Next step is to discover whether or not there are duplicate legacyExchangeDNs.
b. To locate duplicate legacyExchangeDNs.
Get-user –id “Anja_Niederbremer@amat.com”
ii. This command comes up with two users. Now to compare legacyExchangeDNs. Run the format-list option for each user to get the “RecipientType” in order to display and inspect the “legacyExchangeDN” value.
Note: Another indicator of duplicate legacyExchangeDns is duplicate “Alias” attributes (aka mailNickname).
iii. If “RecipientType” value equals “MailUser”. Then run the following command.
get-mailUser –id “Anaj_Niederbremer” | fl .
iv. Inspect the legacyExchangeDN for each user. In this case (although not shown) each user had the same LegacyExchangeDN value. This was due to the HR contractor to perm employee conversion process.
v. To resolve the mail routing issue for legacyExchangeDN duplicates. The incorrect account must be mail disabled (stripping of Exchange Attributes). Once stripped only one account will contain that legacyExchangeDN and therefore fix the mail delivery issue.
No comments:
Post a Comment