Tuesday, April 22, 2014

Logs location for DAG Troubleshooting Exchange 2010

For troubleshooting DAG issue, Please collect the following logs from the location

(   Need to run on either of the server
(  a)   Please run EXBPA from the “Exchange Management Console” > Tools > EXBPA    
 Send me the reports in the default XML format using Option “Export report”.

How to run EXBPA, pls refer site for reference.


    Need to collect logs from both Nodes
  (a)   Event Viewer > Application and Service Logs > Microsoft-Exchange-Troubleshooters/Operational


  (b)   Event Viewer > Application and Service Logs > MSExchange Management


  (c)   Event Viewer > Application and Service Logs > Microsoft > Exchange > HighAvailability

  (d)   Event Viewer > Application and Service Logs > Microsoft > Exchange > MailboxDatabaseFailureItems


  (e)    Event Viewer > Application and Service Logs > Microsoft > Exchange > Troubleshooters

  (f)   Event Viewer > Application and Service Logs > Microsoft > Exchange > Troubleshooters

    If possible, Please collect and save logs in CSV format and upload to FTP location under “Exchange Logs” Folder.




Exchange 2010, from Exchange Management Shell

Get-MailboxDatabase | fl Name,EdbFilePath,LogFolderPath

and from Windows Explorer
C:\Program Files\Microsoft\Exchange Server\V14\Mailbox\"nameofDatabase"


From the Exchange Command Shell
(Get-WinEvent -LogName Microsoft-Exchange-ManagedAvailability/* | % {[XML]$_.toXml()}).event.userData.eventXml| ?{$_.ActionID -like "*ForceReboot*"} | ft RequesterName

Above command will search for the "Microsoft-Exchange-ManagedAvailability" for a value like "force Reboot"


Increase diagnostic logging for Transport Server
Message tracking log
SMTP send/receive logs



Few Message tracking logs from msexchangeguru.com


Some of the Message Tracking cmdlets I use often:
To find Send Emails:
Get-MessageTrackingLog -resultsize unlimited -Start “06/01/2014 4:30:00 PM” -End “06/04/2014 5:17:00 PM” |where-object {$_.Recipients -like “*@contoso.com” -AND $_.EventId -eq “Send”} | where {$_.recipients -like “*@ contoso.com”} | Select @{Name=’Recipients';Expression={[string]::join(“;”, ($_.Recipients))}}, Sender, EventId, Timestamp, Source, MessageSubject | Export-CSV “C:EmailAddress_Statistics_Send.csv”
Get-MessageTrackingLog -resultsize unlimited -Start “12/02/2014 4:20:00 PM” -End “12/02/2014 07:30:00 PM” |where-object {$_.EventId -eq “Send”} | Select @{Name=’Recipients';Expression={[string]::join(“;”, ($_.Recipients))}}, Sender, EventId, Timestamp, Source, MessageSubject | Export-CSV “C: Dec2_Email_Statistics_Send.csv”
Get-Messagetrackinglog -Resultsize Unlimited | Where {$_.Sender -match “@contoso.com”} -EventID “Send” -Start “12/02/2014 4:20:00 PM” -End “12/02/2014 07:30:00 PM” | Select @{Name=’Recipients';Expression={[string]::join(“;”, ($_.Recipients))}}, Sender, EventId, Timestamp, Source, MessageSubject | Export-CSV “C: Dec2_Email_Statistics.csv”
To find Received Emails:
Get-MessageTrackingLog -resultsize unlimited -Start “12/02/2014 4:20:00 PM” -End “12/02/2014 07:30:00 PM” |where-object {$_.Recipients -like “*@ contoso.com” -AND $_.EventId -eq “RECEIVE”} | where {$_.recipients -like “*@contoso.com”} | Select @{Name=’Recipients';Expression={[string]::join(“;”, ($_.Recipients))}}, Sender, EventId, Timestamp, Source, MessageSubject | Export-CSV “C:EmailAddress_Statistics_Receive.csv”
Get-MessageTrackingLog -resultsize unlimited -Start “12/02/2014 4:20:00 PM” -End “12/02/2014 07:30:00 PM” |where-object {$_.EventId -eq “RECEIVE”} | Select @{Name=’Recipients';Expression={[string]::join(“;”, ($_.Recipients))}}, Sender, EventId, Timestamp, Source, MessageSubject | Export-CSV “C: Dec2_Email_Statistics_Receive.csv”
Get-MessageTrackingLog -resultsize unlimited |where {$_.MessageSubject -like “Win a Lottery”} >> “C:UsersusernameDesktopoutput.txt”
Get-MessageTrackingLog -resultsize unlimited -Start “6/3/2013 12:29:00 PM” -End “6/6/2013 12:39:00 PM” |where {$_.MessageSubject -like “Update your Social Security Number”} >> “C:UsersusernameDesktopoutput.txt”
Get-MessageTrackingLog -Server HUBServerName -resultsize unlimited |where-object {$_.Recipients -like “*@contoso.com” -AND $_.EventId -eq “Send”} | where {$_.recipients -like “*@contoso.com”} | ft EventId,Timestamp,Sender,recipients,MessageSubject,@{label=”size”;Expression={$_.Totalbytes/1mb}} >>c: @contoso_emails.csv
Get-Messagetrackinglog -Server HubServerName -resultsize unlimited -Sender “User@contoso.com” -EventID “SEND” -Start “5/10/2012 12:29:00 PM” -End “6/4/2012 12:39:00 PM” |ft Timestamp, Source, EventID, Recipients, MessageSubject, RecipientStatus, @{label=”size”;Expression={$_.Totalbytes/1mb}}
Get-Messagetrackinglog -Server HubServerName -resultsize unlimited -Start “12/01/2012 12:29:00 PM” -End “12/06/2012 12:39:00 PM” |where {$_.MessageSubject -like “Click Here to be SOX Compliant”} |ft Timestamp, Source, EventID, Recipients, MessageSubject, RecipientStatus, @{label=”size”;Expression={$_.Totalbytes/1mb}}
Domain based search: To find all emails from a specific domain in Exchange server
Get-MessageTrackingLog -Server hub1 -resultsize unlimited -Start “2/24/2013 12:29:00 AM” -End “2/26/2013 12:29:00 PM” |where-object {$_.Sender -match “contoso.com” -AND $_.EventId -eq “Receive”} | ft EventId,Timestamp,Sender,recipients,MessageSubject,@{label=”size”;Expression={$_.Totalbytes/1mb}}
Get-MessageTrackingLog -resultsize unlimited -Start “9/10/2014 12:29:00 PM” -End “9/12/2014 12:39:00 PM” |where {$_.MessageSubject -like “Pay off your Mortgage”} |fl Recipients, MessageSubject, Sender, ReturnPath, EventID
Get-Messagetrackinglog -Recipients:user@contoso.com -EventID “RECEIVE” -Start “05/25/2014 4:30:00 PM” -End “05/30/2014 5:17:00 PM”
Get-Messagetrackinglog -Recipients:user@contoso.com -EventID “RECEIVE” -Start “05/25/2014 4:30:00 PM” -End “05/30/2014 5:17:00 PM” | Select @{Name=’Recipients';Expression={[string]::join(“;”, ($_.Recipients))}}, Sender, EventId, Timestamp, Source, MessageSubject | Export-CSV “C:EmailAddress_Statistics_forUser.csv”

No comments:

Post a Comment