Daily Monitoring Tasks
You need to monitor
critical Exchange Server 2003 server services on a daily basis to ensure
they are running properly. Daily monitoring should identify problems
before they have an impact on your users. Monitoring also helps you to
identify trends that indicate future problems and allow you to plan for
future growth. Both Windows Server 2003 and Exchange Server 2003 provide
utilities, such as Event Viewer, System Monitor, and Exchange System
Manager, that monitor and analyze server components and Exchange Server
2003 server performance.
Maintenance tasks that you should perform on a daily basis include the following:
Monitor Event Viewer for error and warning events.
Check connector status and Exchange Server 2003 server status.
Use Queue Viewer to view the message load on your Exchange Server 2003 servers.
Review the logs generated by Event Viewer, the Performance console, virtual servers, and your antivirus product.
Check the available disk space on volumes that store Exchange Server 2003 logs and databases.
Monitor the required services for Exchange Server 2003 and Windows Server 2003.
Use the Windows Performance console to monitor Windows Server 2003 server and Exchange Server 2003 server performance.
Use Cluster Administrator to monitor failovers.
Use Active Directory Sites And Services to verify replication.
Use Exchange System Manager to examine Exchange Server 2003 store statistics.
Checking Logs
Much of the monitoring you
perform on a daily basis is based on logs generated by the various
logging tools, such as Event Viewer. Before looking at the specific
tools, review some of the general guidelines for checking logs.
If you know what log
content is typical in your environment, you can identify potential
errors or anomalies to which you must respond immediately. In addition
to checking event logs, performance logs, antivirus logs, and protocol
logs daily, you should also archive logs so you can review them to
obtain historical data and to identify trends that will require future
action.
Event Viewer logs provide
you with information about service failures, Active Directory
replication errors, and warnings when system resources such as virtual
memory or available disk space are running low. You should review
Windows event logs daily because both Exchange Server 2003 and Windows
Server 2003 report warning and error conditions to event logs. For
example, if a volume has 10 percent or less disk space available,
Windows Server 2003 reports this as “Event ID 2013: The disk is at or
near capacity. You may be required to delete some files.”
You can use system
management utilities, such as the Performance console, to monitor the
performance and capacity of your Exchange Server 2003 servers. You
should configure these utilities to issue alerts when performance and
capacity measurements fall outside normal operating parameters. You can,
for instance, enable an alert if there is excessive memory paging or
processor use. You also need to capture performance data to establish a
performance baseline, and use the baseline for comparison against daily
monitoring results in order to identify trends.
Caution
You
can also configure the Performance Logs And Alerts tool to alert you
when the usage of a physical disk or logical disk volume reaches a
predefined percentage of total capacity. However, Microsoft recommends
that you do not enable disk counters unless you have a very good reason
for doing so. Disk counters use a significant amount of resource and can
degrade performance. They are disabled by default and must be enabled
using the Diskperf.exe utility. This having been said, some experienced
administrators do enable these counters, believing that the performance
loss is more than counterbalanced by the ability to continuously and
automatically monitor disk usage. |
Antivirus
logs tell you when the last virus scan was performed, what was scanned,
and what the results were. Review this information to ensure that the
antivirus product is working correctly. If your log file indicates that a
virus exists that cannot be removed, search the Web site of your
antivirus vendor for a possible solution. In this case, you should also
review the frequency with which you download virus signature files and
security updates.
Simple Mail Transport
Protocol (SMTP), Network News Transfer Protocol (NNTP), and Hypertext
Transfer Protocol (HTTP) virtual servers generate logging information
that tracks the commands the virtual server receives from client
computers. You can, for example, view the client computer’s IP address
and domain name, the date and time of the message, and the number of
bytes, for each message sent. You should use these log files to identify
unusual activities, such as messages with suspicious attachments. If
you identify unusual activity, you should review your security settings
to prevent undesirable mail from being delivered to your server.
Monitoring Services and Resources
Exchange Server
2003 server performance degradation can result from service failures,
insufficient system resources, network performance problems, and server
performance problems. If you are using clustering, then cluster problems
can also degrade performance. You need to monitor your servers, your
network services, and your network daily to ensure that Exchange Server
2003 is performing as expected. If you are using clusters, then you also
need to use the Cluster Administrator tool on a regular basis. Because
clusters provide failover support, it is sometimes not immediately
obvious when a cluster node fails.
Network Performance
If the network is slow, then your Exchange organization is slow. You
can verify the performance by using Network Monitor to capture, display,
and analyze network traffic. You can also use Network Monitor to locate
client-to-server connection problems, to find a computer that makes a
disproportionate number of work requests, and to identify unauthorized
users on your network.
Note
The
version of Network Monitor supplied with Windows Server 2003 captures
only network traffic into and out of the machine on which it is
installed. If you want to capture frames that are sent between remote
computers, then you must use the Network Monitor component that ships
with Microsoft Systems Management Server (SMS). |
Server Performance
If Windows 2003 is not performing properly, then an Exchange Server
2003 server experiences performance problems. You can obtain information
about programs and processes running on your computer by using Task
Manager. You can use Task Manager, for example, to identify a process
that consumes too much CPU or memory resource and to view pagefile and
memory usage. This information helps you determine whether applications
running on your Exchange Server 2003 server should be moved to another
server or upgraded, or whether you must tune system resources or perform
system upgrades.
The
Performance console contains two utilities: System Manager and
Performance Logs And Alerts. Both utilities monitor performance
counters. You can monitor hardware counters and Exchange counters to
determine whether performance bottlenecks exist, to identify trends, and
to plan for upgrades.
Windows Services
Incorrect configuration of Windows services also degrades Exchange
Server 2003 server performance. The first indication you get about this
problem is typically through Event Viewer. If you receive such an
indication, you may need to verify or modify the configuration of the
relevant service.
You should monitor
Active Directory performance daily because Active Directory
configuration has an immediate impact upon the performance of an
Exchange organization. Monitoring Active Directory indicators lets you
identify trends before actual problems occur. For example, a slow
response during the authentication of client computers or the slow
appearance of newly configured objects in Exchange Server 2003 indicates
problems with the Active Directory directory service. You can use the
Active Directory Sites And Services console to review your Active
Directory configuration.
You also need to monitor
Domain Name System (DNS) indicators regularly. Exchange Server 2003
depends on DNS for name resolution. If you see DNS errors in Event
Viewer, or if you experience communication problems between your
Exchange Server 2003 servers, then you should review your DNS settings.
You can use the DNS Management console to ensure that address records
exist for your domain controllers and global catalog servers, and that
Host (A) and Mail Exchanger (MX) records exist for your Exchange Server
2003 servers.
The Internet Information
Services (IIS) service provides access to Exchange Server 2003 servers
through HTTP. You should monitor the IIS performance indicators daily.
If performance problems are detected, you should review your default Web
site configuration.
Cluster Resources
You should use Cluster Administrator daily to monitor Exchange Server
2003 server clusters for failovers. Such monitoring is particularly
important in an active/active cluster during a failover to ensure that
enough resources are available to provide your users with the same level
of performance that they experienced before the failover.
When you deploy Exchange
Server 2003 server clusters, you should monitor virtual memory counters
daily to determine when an Exchange virtual server must be restarted due
to memory fragmentation. When the Microsoft Exchange Information Store
(IS) service logs Event ID 9582, this can indicate that memory has
become excessively fragmented.
Exchange Store Statistics
Exchange
Server 2003 servers need free disk space to store and manipulate user
databases and transaction logs and to run maintenance utilities. If you
monitor Exchange store statistics daily, you can determine when free
disk space is running low and take the appropriate action. You may need
to add extra resources, but sometimes running a full backup and
truncating the transaction log files will solve the problem. Event ID
1113 in the application event log indicates that an Exchange Server 2003
server is short of disk space.
You should use
Windows Explorer daily to check the available free space. You can
compare the available disk space on each of the Exchange Server 2003
server disk volumes with the expected rate of growth that you predict
for your databases and transaction log files to determine when you will
need additional disk resources. If you decide to enable the disk
counters, you can also use System Monitor to check disk usage.
You also need to
ensure that sufficient free disk space exists to run maintenance
utilities by viewing the statistics for each of the Exchange databases
and comparing these statistics with the available free space. As a
general rule, available free disk space on a single drive must be equal
to or greater than 110 percent of the size of the largest database.
Using Exchange System
Manager, you can obtain additional information about the Exchange
stores. Expanding a mailbox or public folder store lets you view the
logged-on users. This functionality is useful if you need to perform
maintenance and have to request connected users to close their
mailboxes.
You can also use
Exchange System Manager to view the size of individual mailboxes and
identify the users who are consuming the most resources. You can obtain
indexing statistics by viewing the index state, number of documents
indexed, index size, last build time, index name, and index location.
Finally, you can determine the size of individual public folders, the
last time a folder was accessed, and the last time a replica was
received. Figure 1 shows access and logon statistics for a public folder store.
If
you suggest removing a public folder to free disk resources, there will
inevitably be someone who objects. Knowing the last time the folder was
accessed can provide powerful support to your argument. |
