I want to explain my methods and thought process for dealing with Exchange 2003 problems. Troubleshooting Event IDs is like solving a 'Who dunit murder'. You apply the standard
formula of collecting the evidence, rounding up the suspects and delivering your verdict. There are two beliefs that help me through difficult cases;
a) someone has had this problem before
b) I will find
that reference and repair my Exchange server.
Guy Recommends: SolarWinds Engineer's Toolset v10
The Engineer's Toolset v10 provides a
comprehensive console of utilities for troubleshooting computer problems. Guy says
it helps me monitor what's occurring on the network, and the tools
teaches me more about how the system literally operates.
There are so many good gadgets, it's like having free rein of a
sweetshop. Thankfully the utilities are displayed logically: monitoring, discovery, diagnostic, and Cisco tools.
Download your copy of the Engineer's Toolset v 10
The best place to look for clues is in the Application Log. One useful trick is to filter on Event Source. In the case of Exchange 2003, here are useful Event Sources: ESE, MSExchangeIS
(Store) and MSExchangeSA (System Attendant).
Once you have located the suspicious Event ID search for references in TechNet. For Example Event 9582. This returns about 25 entries, which I then filter on the Location column so that I
can see which articles feature Exchange 2003.
Soon you will be an expert. All you have to do is detect the crucial entry in the Event Viewer and then search for the event ID number in TechNet. TechNet always presents the answer using
the same formula:
Applies to (Exchange 2003)
Symptoms - Store stops. Event ID is the same as mine = 9582. Event type is Error, again mine matches TechNet.
Cause - Someone has opened over 50 messages in Outlook.
Resolution - Close Outlook, or restart the Store (Dismount then Mount the affected Store). Further action check to see if a program or virus is automatically opening all these messages.
Kiwi Syslog Server - Free Utility to
Analyze Your Network Messages
Syslog messages are full of information for troubleshooting network problems.
When something goes wrong then
surely there will be an error message in the syslog datagram - if only we can find
that record and interpret the event. What will help to capture and analyze such
network messages is the Kiwi Syslog Server.
There is a different TechNet reference for Event ID 9582, Event Type WARNING. Remember, my error was Event Type Error. So, I always try and pay attention to detail and make sure I have a
genuine match between my problem and the reference article.
Naturally, there is the ultimate proof, did the suggested solution cure your error? If not then extend your search to Google instead of TechNet. The internet is full of independent forums
and sites like this with extra insights into Exchange 2003 problems.
What is important is learning a troubleshooting method that you can apply to any Exchange 2003 problem. Think of this page not so much as me giving you a fish to feed for a day, but teaching you fishing so that you will be self sufficient.
Learn how to find settings in the Exchange System Manager. Advice configuring your Exchange Server. Tips on how to get the most from your Exchange 2003 server.
Over 50 printer friendly pages Word and PDF format
.
Guy Recommends: GFi EventsManager
Let GFI EventsManager do the dirty work! Have
event logs monitored automatically and get warned about critical events!
Download a copy
here
