Check mail in Exchange 2007

Have you used any version of Exchange yet and do you know its mail-checking feature. When enabled, the message checker component creates log files to record the details of mail activity occurring within the Exchange infrastructure. These log files help check mail with path information, which is necessary because it creates the path through your Exchange system. In addition, mail audit logs from the base of reports such as Promodag Reports or Quest MessageStats.

In Exchange 2000 and Exchange 2003, message tracking is enabled on a server-based basis by including the attributes of an Exchange server into Exchange System Manager. On the General tab there are options to enable message checking and object logging, as well as options to control the number of log files to remember and location of these files. An example of the General tab is shown in Figure 1.

Check mail in Exchange 2007 Picture 1
Figure 1 : Check mail in Exchange 2003

As you can imagine, Exchange 2007 still has mail checking but there are many differences compared to previous versions. First, a notable big difference is that it cannot configure mail checking with the Exchange Management Console (EMC) similar to Exchange 2000 and Exchange System Manager of Exchange 2003. To configure message checking You need to use the Exchange Management Shell (EMS) and in part one of this two-part article we will introduce you. Note also that mail tracking is configured on Exchange 2007 servers configured with the Mailbox, Hub Transport, or Edge Transport. On the other hand, you cannot configure mail checking on Client Access or Unified Messaging servers. One last thing to note in the article is that we will focus on EMS commandlets with the abbreviation cmdlets . Microsoft assigns cmdlets as single-function commands to manipulate Windows PowerShell key objects.

In part two of this article, we will introduce what is inside an Exchange 2007 message tracking log and how to find in the information logs you need.

Once you've deployed the Exchange 2007 Mailbox, Hub Transport or Edge Transport server, you'll want to know how the test is configured and what you can do to change the default settings. See the sections below.

Default settings

First, take a look at the default settings related to checking Exchange 2007 mail. To check these default settings, keep in mind that you can only perform cmdlets under Mailbox, Hub Transport or Edge. Transport servers. With PowerShell cmdlet you can perform a test on objects on a Hub Transport or Edge Transport server using format-list or fl cmdlet format:

Get-TransportServer SERVERNAME |fl

The same process can be performed based on Mailbox server via the cmdlet below:

Get-MailboxServer SERVERNAME |fl

In this article we will focus on implementing cmdlets based on the Hub Transport server. All you need to do is replace TransportServer with MailboxServer if you want to implement cmdlets based on Mailbox servers. If you already have the Mailbox and Hub Transport server combined into a single server, you can use both cmdlets. In addition, we will include the parameter SERVERNAME to remind you where you can specify the server name to configure, although you should not forget that there is no need to apply this if configured for the server. Local.

The result of executing the Get-TransportServer cmdlet will look like Figure 2.

Check mail in Exchange 2007 Picture 2
Figure 2 : Results of the Get-TransportServer cmdlet

What do those things tell us about message checking? Absolutely nothing! You can see in Figure 2, if you implement the Get-TransportServer cmdlet with the options above, some objects make it difficult to identify the test object so you have to pull them out to find. I already know that the object of interest here includes all the message tracking strings within them, so selecting the cmdlet to run is a good solution.

Get-MailboxServer SERVERNAME |fl * messagetracking *

The result of this cmdlet is shown in Figure 3. In fact, you can use a series of 'check' filters to make the job more efficient.

Check mail in Exchange 2007 Picture 3
Figure 3 : Filtered Get-TransportServer cmdlet result

Figure 3 shows us what is different about the mail checking options on the server and what their values ​​are. Let's go straight to each object, check the default settings and how to change them.

Enable / disable checking

Exchange has many changes compared to previous versions, mail checking is enabled by default on the Mailbox, Hub Transport and Edge Transport servers. This is a welcome change, since the message tracking is typically enabled by administrators on most Exchange 2003 servers, we cannot regain the last time of inactivity. on a new server. Here is the cmdlet to disable mail checking that you should know:

Set-TransportServer SERVERNAME - MessageTrackingLogEnabled $ false

Note using the Set-TransportServer cmdlet is preferred over the Get-TransportServer cmdlet. Replace $ false with $ true to reactivate message checking.

Location record

We now know that message tracking is enabled by default, so where are the log files stored. As with Exchange 2000 and 2003, the default message tracking logs are stored in the Program Filesexchsrvr {servername} .log directory as shown in Figure 1. With Exchange 2007, the default directory is set quite deep compared to the previous one: Program FilesMicrosoftExchange ServerTransportRolesLogsMessageTracking .

Should the location of these files be changed, this can be done using the following cmdlet:

Set-TransportServer SERVERNAME -MessageTrackingLogPath LOGPATH

For example, if you want to change the test log file directory to D: Tracking Logs on the server E2K7, you should follow the following cmdlet:

Set-TransportServer E2K7 –MessageTrackingLogPath 'D: Tracking Logs'

One useful thing we find here is that if the checked log file folder does not exist before running the cmdlet, it will be created when running the cmdlet.

These are remarkable parts for changing the notification check folder:

1. After changing the location of the log files, existing records will still leave their previous locations; New records will be created in the new location.
2. The new location cannot be a UNC path as it is in the Exchange 2007 server.

Although there are many situations that can allow you to perform settings automatically but make sure it is correct, it should be set on the created folder before transferring the logs. Administrator accounts need Full Control , System needs Full Control , Network Service needs Read , Write , Delete Subfolders and Files .

Largest directory size and record

Although the old message tracking log files were deleted after a certain number of days have been previously configured, the entire directory with the message check log files is an object with a default size of 250MB. In other words, if the total number of these test log files inside the log file directory exceeds the 250MB limit, the oldest logs in it will be deleted.

As you might expect, this 250MB limit is configured via PowerShell cmdlets. For example, the following cmdlet set the maximum folder size to 500MB on server E2K7:

Set-TransportServer E2K7 –MessageTrackingLogMaxDirectorySize 500MB

You must note that, to denote MB, the MB unit identifier must be entered after the value of 500. It can also be specified by B , KB , GB and TB to make the set values becomes easier and more detailed.

What are the individual message tracking log files? By default, each log file can have a maximum size of 10MB before a new log file is created. Compare with Exchange 2003, where log files must be created daily. In addition, this setting can be changed via PowerShell cmdlets. The following example cmdlet sets the 5MB log file size on server E2K7.

Set-TransportServer E2K7 –MessageTrackingLogMaxFileSize 5MB

On the folder size, it can also specify the tape file size values ​​B, KB, GB, TB.

Time limit for the maximum log file

As you can see in Figure 1, Exchange 2003 message tracking log files can be retained after a certain number of days, which is very useful when you are asked to fix them when you do not receive them. sent a few days ago. In Exchange 2007, mail check logs have a time limit of 30 days.

You can change this setting, the cmdlet to proceed as follows:

Set-TransportServer SERVERNAME -MessageTrackingLogMaxAge DD.HH: MM: SS

As you can guess from the above cmdlet, it is possible to set a time limit down to the date, hour, minute and second. For example, to set the maximum date of the record to 15 days on the server E2K7, the following cmdlet will do this:

Set-TransportServer E2K7 –MessageTrackingLogMaxAge 15:00: 00:00

The object recording

Finally, we explore the message tracking object logging area, which gives you the ability to display the subject lines of messages when checking for messages in the system. If you have already used Exchange 2003, you can see that logging the object here is disabled by default. However, with Exchange 2007, it is enabled by default, this is a significant change and most organizations have used it. However, changing this default is one of the things to consider if your organization has a security policy for it.

To disable the writing of the mail test object on the server, the following cmdlet will do that:

Set-TransportServer SERVERNAME - MessageTrackingLogSubjectLoggingEnabled $ false

Replace $ false with $ true to allow re-writing the test object.

Conclude

It is difficult to imagine the life of an administrator without mail checking, so it is no surprise to me what Exchange 2007 offers to check mail is enabled by default. As I mentioned in the first part of the article, Exchange 2007 mail checking is only configured via PowerShell cmdlets, so it is useful to understand the above list of cmdlets when you configure it. it. In part two, we will look at the content of a specific file and how to check the messages.