Exchange Server Management PackMaybe at some point in the past, messaging environments were overlooked for their importance in the organization. Not only has e-mail surpassed most methods of communication, it's now integrated into business workflows. Without it, you can lose time as you wait on important documentation, lose sales because leads are missed, or lose business because responses aren't received. For any organization running Exchange 2000 or Exchange 2003, some of the most bang for the buck from MOM will come from utilizing the Exchange Server MP to monitor the messaging environment. There are certainly plenty of competitors in this space, but none will go to the level of depth that you can expect to find in this management pack. In fact, this management pack is arguably one of the most in-depth that Microsoft offers. This is probably one of the most complex management packs to set up. Some of the other management packs covered usually require a few adjustments in thresholds or changes in script parameters. The Exchange Server MP, on the other hand, requires that you utilize an additional application to configure the Exchange servers themselves. InstallationThe Exchange Server management pack consists of the following files:
As of this writing, the latest version number is 06.5.7385.0000. After downloading the management pack, extract the contents to a common location, and follow the steps in Chapter 8 to import the management pack. After importing the management pack, check the version number against the version number stated in the Management Pack and Product Connector Catalog. No documentation is included in the management pack. However, the management pack guide can be located online at http://www.microsoft.com/technet/prodtechnol/mom/mom2005/maintain/empformom2005_1.mspx. Like the Active Directory MP, an additional technical reference is also available and located at http://www.microsoft.com/downloads/details.aspx?familyid=&displaylang=en. ConfigurationAny organization that runs Exchange 2000 or Exchange 2003 requires Active Directory. Because the ADMP and the Exchange Server MP are probably some of the noisiest management packs to configure, the ADMP should first be installed, configured, and tuned before starting on the Exchange Server MP. After all, the basis of any healthy Exchange organization is a healthy Active Directory infrastructure. This section covers the changes that should be made before and after the installation of the Exchange MP. This includes use of the Configuration Wizard and other configuration considerations for your Exchange deployment. Optional Server ConfigurationsThe items in this section are listed as optional because if the changes are not made prior to the deployment of the Exchange Server MP, the rules in the management pack will generate alerts that ask for these configuration changes to be made. With that in mind, these can be done before or after the management pack deployment. However, if the goal is to cut down noise out of the box, this should be done beforehand. Configuring IIS LockdownThe IIS Lockdown Wizard should be run against any front-end server. The IIS Lockdown Wizard helps to identify any potential security holes and locks down optional components that may not be required for application. Care should be taken when running this utility because an incorrect configuration may stop other services from running properly. For proper configuration of IIS Lockdown in an Exchange environment, see these Microsoft knowledge base articles:
Configuring SSL SecurityWithout SSL enabled, the client to front-end server communication is not secure. For this reason, we highly recommend that you require SSL. To take this one step further, the ability to access the front-end server without SSL should be disabled. Not to mention, the authentication method to front-end servers is through basic authentication. If you're not securing your front-end servers with SSL, user names and passwords are being sent clear-text. Additional information on configuring SSL can be located in the Front-End and Back-End Topology document at http://www.microsoft.com/technet/prodtechnol/exchange/2003/library/febetop.mspx. Verify Message Tracking LogsIf message tracking is enabled, any message handled by SMTP is automatically stored in a shared folder. This allows any Exchange administrator to view the information through Exchange System Manager (or by navigating to the share directly). If the Everyone group has permissions to this share, it should be removed. The Exchange Server MP will verify and alert if the Everyone group has permission to this share.
Verifying SMTP DirectoriesThe Exchange Server MP will verify whether the SMTP directories are located on NTFS partitions. Because SMTP messages are not always secure, utilizing NTFS security can help secure the files. Other file systems aren't capable of being secured adequately. For that reason, move the SMTP directories to an NTFS partition. Configuration WizardThe Exchange Server management pack requires additional configuration per server in order to monitor them properly. This is simplified using the Configuration Wizard utility. The Configuration Wizard doesn't come with the Exchange Server MP. Instead, it's a separate download located at http://www.microsoft.com/downloads/details.aspx?FamilyId=&displaylang=en. PrerequisitesBefore running the Configuration Wizard, make sure that the following conditions are true:
Using the WizardThe configuration runs in two modes: default and custom. The default mode enables the following:
The custom mode can be used to select all the features mentioned in the preceding list as well as to allow additional monitoring requirements to be defined. For example, the custom mode can be used to monitor availability per store instead of per server or add additional services that should be monitored as a part of the health of the Exchange service. Custom mode can also be used to disable monitored features such as mailbox availability or Front-End monitoring. Both modes allow the customization of mail flow monitoring. This monitoring verifies that e-mail can flow from a designated sending server(s) to a designated receiving server(s).
Command-Line FeaturesIf multiple Exchange servers require configuration, working through a wizard may make configuration a little time-consuming. To get around this, use ExchangeMPConfig.exe to import or export configurations from server to server. This utility is located in the %programfiles%\Exchange Management Pack\ Configuration Utility directory.
ExchangeMPConfig.exe supports the following switches:
Exchange Topology DataTo display Exchange data in a topology view, the Microsoft Exchange Topology Discovery Computers Computer Group must be updated to include any Exchange server (2000 or 2003) in the Active Directory forest. The Computer Group uses static membership only. Simply add the computer to the Included Computers tab. This computer will run the ExchangeTopology Discovery Script. ComponentsThis management pack consists of the following:
All Computer Groups (except for the Microsoft Exchange Topology Discovery Computers) associate agent membership through formula evaluations. ScriptsThis section lists all Exchange Server MP scripts that have parameters that can be defined. Some of the scripts for Exchange Server 2003 are duplicates of the Exchange 2000 Server scripts and for that reason have been left out of this list. Refer to the 2000 version in this list to see the available parameters. When viewing this list, you should gain a deeper understanding of how these scripts work to help manage the Exchange environment. Exchange Topology DiscoveryThis script is used by the computers that are members of the Microsoft Exchange Topology Discovery Computers to gather topology information that is displayed in the Exchange topology view.
Exchange 2000 — Check local disks free spaceThis script checks the free space on all drives (as well as Log and Queue drives separately) by percentage and megabytes available and generates alerts based on warning or error level thresholds.
Exchange 2000 — Check mailbox store statusThe Check mailbox store status script checks to see if a mailbox store is online.
Exchange 2000 — Check service(s) stateThe Check services state script checks to see if specified services are running. The list of services is specified by the Configuration Wizard.
Exchange 2000 — Check service(s) state front-endThis performs the same action as the Check services state script.
Exchange 2000 — Collect Mailbox StatisticsThis script collects mailbox statistics up to the specified number in MaxEntries.
Exchange 2000 — Collect Message Tracking Log StatisticsThe script collects message tracking log statistics up to the specified number in MaxEntries.
Exchange 2000 — Collect Public Folder StatisticsThis script collects mailbox statistics up to the specified number in MaxEntries.
Exchange 2000 — Install Exchange Helper ObjectsThe script installs the Exchange Help Object on Exchange servers.
Exchange 2000 — Mail flow receiverThis script verifies mail flow from a specified server. The servers are specified by the Configuration Wizard.
Exchange 2000 — MAPI logon verificationMAPI logon verification checks the mailbox and server availability by logging on through MAPI.
Exchange 2000 — Verify Circular Logging settingsThis script verifies the circular logging settings are either enabled or disabled based on the VerifyThisCircularLoggingState parameter.
Exchange 2000 — Verify Log Files Are Being Truncated (By Age Modified)If logs aren't truncating, then most likely, backups aren't completing. This script checks the date of the log files against the date of Max_Days_Old value to determine if an alert should be generated.
Exchange 2000 — Verify Message Tracking Is EnabledThis script checks whether Message Tracking is enabled. CheckOnlyBackEndServers can be used to limit the scope for which this script checks.
Exchange 2000 — Verify Remote Simple Mail Transfer Protocol QueuesThis script checks the count of messages in the remote SMTP queue.
Exchange 2000 — Verify Required Windows hotfixesThis script checks Exchange servers for the presence of the hotfixes in the HotfixIDs parameters.
Exchange 2003 — EAS logon verificationVerifies EAS availability.
Exchange 2003 — OMA logon verification
Exchange 2003 — OWA logon verificationVerifies OWA availability.
Exchange 2003 — Verify if SSL should be requiredAs the description states, this script verifies if SSL should be required. The parameter ListOfServersExcludedFromSSLRequiredAlert (take a breath) can be used to specify a list of servers to be excluded from this check. This list should be comma delimited. Override criteria can be used to achieve the same effect.
|