I ran into a case where the built in Exchange 2003 monitoring tools were misfiring on alerts that a box that wasn’t even set to be monitoring. In ESM if you go to Tools, Monitoring & Status, Notifications, you can configure a Server to monitor various Exchange issues and alert on Warning/Error. What do you do if you are getting them from a box that isn’t listed?

Turn up the logging on WMI  on the phantom box and see what is going on.

1.) Launch wmimgmt.msc

2.) Right-click on WMI Control (local) an select Properties, click the “Logging”  tab

3.) Set the “Logging level” to verbose

These logs will go to C:\windows\system32\wbem\logs

Take a look through these in namespace //./root/cimv2/Applications/Exchange . This may lead you to the alerts that are being generated via WMI. Once you see the SMTPEVENT those are the ones to go after and delete.

To Remove

1. Click Start, run, type Wbemtest then type root\cimv2\applications\exchange and click “Connect” button

2. Click on ‘Enum Classes’, click the Recursive radio button, click OK.

3. Scroll down until you see _FilterToConsumerBinding class.  Double-click on it.

4. Click the “Instances” button on the right hand side.

5. Chose/highlighted the subscriptions with the name you saw in the log and click on the delete button.

Good luck hopefully this will help you get to the bottom of it.

If you are one of the people who still are on Exchange 2003 and have E-discovery compliance for your email, this hot fix is for you.

http://support.microsoft.com/Default.aspx/kb/971660

Goodness right. Some mail might not be getting journaled in some specific situations. Yikes! I know that’s not the thing I’d like to say to the judge who probably doesn’t understand technology let alone how journaling works in Exchange 2003. Anyways, apply this to your back end servers as quick as you can. That is the only one that “REQUIRES” it. But best practices states try to keep your CDO.dll file in the same version number, so go ahead and apply this to your front end servers too. If you run a BES server, that should get this updated to so you get the most updated CDO.dll file and is in line with Exchange.

Fresh from the Exchange team, they will now support Exchange 2003 to query against 2008 R2 DCs. This means that if you are on 2003 and plan on going to 2007 or 2010, you can upgrade your DCs to 2008 R2 and then raise your forest/domain levels to the latest and greatest of 2008 R2 after 2003 has been removed from your environment. This actually saved me 1 upgrade I now no longer have to do.

http://msexchangeteam.com/archive/2009/11/30/453327.aspx

A useful little trick when installing/administrating something that has a potential to eat up storage (think file server, logs for a database) is the fear that the drive will fill up in space without you noticing and you’ll have to add new space immediately. What if this process of adding new space requires downtime or has to be approved? What do you do if you missed the drive space filling up over time and now the system is offline? The answer is a dummy file. I create a semi large dummy file that can be deleted in a pinch if the drive filled up to get everything up and running again on my file server. Think of it as some quick breathing room until you can get the situation under control.

fsutil file createnew dummy.file 10737418240

You can run this at the command line to create your blank large empty file. The last parameter is in bytes, that example is for a 10 GB file.

Just try to gather all some useful info and put it all in one place.

That includes the quorum and MSDTC resource.

http://almostdailytech.com/2009/05/27/changing-the-quorum-disk-in-a-cluster/

How to move Exchange Database (this is similar for moving system path files as well)
http://support.microsoft.com/kb/821915

Moving MS Search

http://almostdailytech.com/2009/06/18/moving-the-ms-search-the-easy-way-and-the-hard-way/

General Cluster

http://msmvps.com/blogs/clusterhelp/archive/2005/08/05/moving-a-cluster-to-a-new-san-original-posted-jul-22-2005.aspx

Borrowing this from another blog which everyone should totally read , http://www.markwilson.co.uk/blog/index.php

Now that MS supports some things to be virtualized but not all aspects, it can be quite confusing depending on your configuration what is supported or not. A simple web form will show you the way.

http://www.windowsservercatalog.com/svvp.aspx?svvppage=svvpwizard.htm

So easy to use, easy to understand and it will show specifically what feature is and is not supported. What is supported is a mystery no more!

Original Post

http://blogs.technet.com/mattmcspirit/archive/2009/07/03/the-svvp-wizard.aspx

Recently I’ve gone through the pleasure of having to move the MS Search instance in an Exchange Cluster to a new disk location. There are 3 options. The easy way, the dangerous way, and finally the hard but manual way.

The first way is the easy way. You basically take the mssearch offline, rename the folder, create a new folder as a mount point, then copy the data into it and start the service. Simple if you are able to keep the same drive location. This has a detailed walkthrough of what I sort of  outlined.

http://support.microsoft.com/kb/938445

The second way I think its much more dangerous to me, since it involes deleting data. Basically if you wanted to simulate that you lost the drive and you need to recreate search you would do the following. Run a script that is listed in this KB that will delete the registry settings in the cluster on that node, stop and start the MS Search, delete the System Attendant and recreate it You will lose any custom settings you have in the System Attendant. Then you basically recreate the System Attedant. Detailed steps can be found here. http://support.microsoft.com/kb/830189/en-us

Wow that seems pretty scary, deleting data and hoping you dont have custom stuff if you don’t actually know it. Seems dangerous to me.
The third way is the manual way. Which is also semi dangerous but at least a controled danger. I take no responsibility for any of these steps. If you really want this done right call MS and open a support case or at least attempt this in a lab first. This is just a good direction with my fuzzy memory from a few months ago. I’m mostly confused by the passive node aspect of it. If I remember I’ll update it.

First you need to have your new drive set up for where the files are going to go. The MS Search needs to be online for this first part otherwise the registry settings on the local machine DO NOT SHOW UP. This is key. You can test this by taking the Search offline and seeing the keys disappear. You may also want to take the search out of the dependencies so it doesn’t take your entire Exchange Virtual Server Offline. You then want to change the following keys after you backup your registry naturally.

1.)Change the ‘SearchDirectory’ string to corresponding new drive location under -

HKLM\Software\Microsoft\Search\1.0\Applications\ExchangeServer_<EVS name> hive

Change the strings ‘FileName’ and ‘LogPath’ & pointe them to the corresponding new drive location.·

HKLM\Software\Microsoft\Search\1.0\Databases\ExchangeServer_<EVS name>

Change the strings ‘ApplicationPath’ and ‘DefaultProjectPath’ & point them to the corresponding new drive location.

HKLM\Software\Microsoft\Search\1.0\GatheringManager\Applications\ExchangeServer_<EVS name>

Change the string ‘ApplicationPath’ and point it to the corresponding new drive location.

HKLM\Software\Microsoft\Search\1.0\Indexer\ExchangeServer_<EVS name>

Finally check through out the hive to make sure nothing is pointing to the old location
HKLM\Software\Microsoft\Search\1.0”

2.) Then take the MSSearch resource offline. (Note if you try to copy the data while it’s online it will sucesffully copy but it wont come on-line).

3.) Then on all physical nodes you need to change this registry setting.

Change the string ‘ApplicationPath’ and pointed it to the corresponding new location.

HKLM\Cluster\Resources\<GUID>of the MSSearch Resource>\Parameters

4.) Then copy the Exchangeserver_<EVS name> directory from old drive as whole to the new drive in the corresponding path. Rename the folder “_old” in the old path for backup purpose.

5.) Bring the resource online.

There aren’t enough Warnings in the world for you before you do this. Please test this in the lab first if possible.

I recently had to change SANs and one of the disks you need to move is the Quorum. It’s relatively straight forward. After you change the Quorum to the new disk (remember the new disk has to be online in the cluster), then you’ll then need to stop the MSDTC resource, copy the MSDTC folder to the new disc, then delete the MSDTC resource. Then just simply re-create it.

Changing Quorum Disks

http://support.microsoft.com/default.aspx?scid=kb;en-us;280353

Recreate the MSDTC Resource

http://support.microsoft.com/kb/301600/

One of the most common things an Exchange administrator will want to do is find out how much mail their environment is sending out or receiving, and who is receving it or sending it, etc. Here are some options to solve the issue.

The ones that cost money

Quest MessageStats (I’ve never actually used it but Quest usually makes some very good tools)

http://www.quest.com/messagestats/microsoft-exchange.aspx

System Center Operations Manager (Using Exchange Management Pack)

http://www.microsoft.com/systemcenter/operationsmanager/en/us/default.aspx

The Ones That Are Free

These use the Message Tracking Logs and LogParser

Exchange 2007

http://msexchangeteam.com/archive/2007/11/12/447515.aspx

http://msexchangeteam.com/archive/2007/11/28/447598.aspx

http://msexchangeteam.com/archive/2008/02/07/448082.aspx

Exchange 2003

http://anewmessagehasarrived.blogspot.com/2008/03/exchange-2003-statistics-with-logparser.html

A category that is near and dear to my heart. I wrestled with a performance problem for quite some time and every week or so I see someone posting a similar problem over in the Exchange forums and there are usually the same base of links and questions that really help someone determine or overcome their performance issues. So I’m going to keep a collection here. If you have things I think I should add please let me know.

General Questions

1.) What time of day do you experience the performance problem?

2.) How many users are affected? What is in common with these users? (Same network segment? All same Storage Group?)

3.) What mode is there Outlook client in (Online or Cached mode)?

4.) Are you using a desktop search engine (Google Desktop Search, XOBNI, Live Search, etc)?

5.) Do you have an anti virus installed on the Exchange server, is it Exchange aware?

6.) Have you run Exchange Best Practice Analyzer?

7.) Have you run Exchange Performance Troubleshooting Analyzer?

8.) Are there blackberries or ActiveSync devices in the environment and how many?

9.) Has ExMon show any interesting data?

10.) Have you tried running the PAL counters to see if they show you anything different then EXPA and EXTA (I LOVE THIS TOOL)?

Some useful links and docs

Download Exchange Performance Troubleshooting Analyzer

http://www.microsoft.com/downloads/details.aspx?familyid=4BDC1D6B-DE34-4F1C-AEBA-FED1256CAF9A&displaylang=en

How to use Exchange Performance Troubleshooting Analyzer

http://www.msexchange.org/tutorials/Exchange-2003-Performance-Troubleshooting-Analyzer-Tool-v10-ExPTA.html

Performance and Scalability Guide

http://technet.microsoft.com/en-us/library/aa996078(EXCHG.65).aspx

Troubleshooting Exchange Performance (Helps you pinpoint what area might be the problem and shows what counters to measure)

http://technet.microsoft.com/en-us/library/aa997270(EXCHG.65).aspx

Exchange Performance Troubleshooting Basics

http://msexchangeteam.com/archive/2005/09/28/411674.aspx

Exchange Best Practice Analyzer

http://www.microsoft.com/downloads/details.aspx?FamilyID=DBAB201F-4BEE-4943-AC22-E2DDBD258DF3&displaylang=en

Identifying Slow RPC Request Processing

http://technet.microsoft.com/en-us/library/bb124154(EXCHG.65).aspx

Troubleshooting Outlook Dialog Popups Waiting for Exchange Server

http://msexchangeteam.com/archive/2005/05/25/405353.aspx

RPC Cancel Request Dialog Box (Generally if RPC Average Latency is over 100 MS)

http://support.microsoft.com/?id=839862

How to Change Outlook client behavior with Cancel Request dialog box

http://support.microsoft.com/kb/833007/

Client Performance

Maximizing Client Performance

http://technet.microsoft.com/en-us/library/bb124670(EXCHG.65).aspx

Showing Cached Mode vs Online Mode in IOPS (Search for “Effect of Online Mode Clients” Applies to Exchange 2003 as well)
http://technet.microsoft.com/en-us/library/bb738147.aspx

Disk Links

Optimizing Storage for Exchange 2003 (Shows Blackberries use 3.75 IOPS and why you should be aligned on 4 KB disk boundaries a MUST READ)

http://technet.microsoft.com/en-us/library/bb125079(EXCHG.65).aspx

A Few Basic Concepts of Disk Sizing

http://msexchangeteam.com/archive/2004/10/11/240868.aspx

More Thoughts on Disk IO

http://msexchangeteam.com/archive/2004/11/03/251743.aspx

Why you should use DiskPar

http://msexchangeteam.com/archive/2005/08/10/408950.aspx

http://almostdailytech.com/?tag=disk-alignment

Exmon Links

Download ExMon (There is a word doc included, read that)

http://www.microsoft.com/downloads/details.aspx?FamilyId=9A49C22E-E0C7-4B7C-ACEF-729D48AF7BC9&displaylang=en

How to Use ExMon

http://www.msexchange.org/tutorials/Microsoft-Exchange-Server-User-Monitor.html

Introducing ExMon

http://msexchangeteam.com/archive/2005/04/06/403409.aspx

PAL (A Poor mans MOM/SCOM with key counters to measure)

http://almostdailytech.com/tag/pal/