Microsoft Exchange Server 2003 - Logs

Introduction to Exchange Server 2003 Logs

Logs really will help you troubleshoot virtually any Exchange 2003 problem.  The idea of this page is to open your eyes to the numerous types of Exchange logs and where to find them.

Topics for Exchange Server 2003 Logs

• Types of Logs in Exchange 2003
• Application Log
• System Log
• Summary

 ♠

Types of Logs in Exchange 2003

Microsoft are not perfect.  However, I have always felt that from Windows 3.11 onwards Microsoft provide lots of troubleshooting information by way of logs.  The reason that Exchange 2003 has so many logs is that it has so many components.  There are database logs for the mailstore, Windows 2003 application logs, protocol logs e.g. SMTP, performance logs, and virus logs.  Unfortunately there is not central location to view all the logs, so you have to explore the \exchsrvr folder, Event Viewer and even the root of the C:\ or D:\ drive.

• Event Viewer - Classic place to start troubleshooting any computer problem
• Diagnostic Logging - If you need more information about Exchange Services
• SMTP 4 Types -  W3C Extended, ODBC, Microsoft IIS and NCSA
• SMTP raw logging of commands, e.g. Helo, ehlo, DATA and RCPT
• Setup.log and Exchange Server Setup Progress.log
• Message Tracking
• Transaction Logs (Circular Logging)
• DNS Log - Check DNS for name resolution errors which could result in  connectivity problems

Guy Recommends: SolarWinds Engineer's Toolset v10

The Engineer's Toolset v10 provides a comprehensive console of utilities for troubleshooting computer problems.  Guy says it helps me monitor what's occurring on the network, and the tools teaches me more about how the system literally operates.

There are so many good gadgets, it's like having free rein of a sweetshop. Thankfully the utilities are displayed logically: monitoring, discovery, diagnostic, and Cisco tools.  Download your copy of the Engineer's Toolset v 10

Event Viewer: Application Log

When ever there is an email problem, I try and train myself to look in the Event Viewer earlier, rather than later in the troubleshooting cycle.  So in the case of Exchange 2003, begin with the Application Log.  People often say 'finding the problem is like looking for a needle in a haystack'.  My reply is: ' master Event Viewer's Filter '.  Click on the View Menu, Filter and select one of these from the Event Source box.

• MSExchangeAL - Addressing Email
• MSExchangeIS - IIS Access
• MSExchangeSA - Active Directory related
• MSExchangeTransport - SMTP Routing
• POP3Svc

Event Viewer: System Log

Apply the same technique that I described for the Application log.  Key menu: Filter source:

• SMTPSVC - SMTP Service
• ClusSvc - Cluster Service
• W3SVC - IIS
• MSExchangeIS Mailbox Store

Setup.log and Exchange Server Setup Progress.log

Exchange even has two setup logs to help you troubleshoot install programs.  These files are created in the root of the drive where the Exchange 2003 binaries are installed.  For example look in C:\ or D:\.   These files give valuable reasons why setup failed.  Could not extend the schema, or problems overwriting priv1.edb in the MDBDATA folder.  I once used the progress log to solve a replication problem when migrating from Exchange 5.5.

Kiwi Syslog Server - Free Utility to Analyze Your Network Messages

Syslog messages are full of information for troubleshooting network problems.  When something goes wrong then surely there will be an error message in the syslog datagram - if only we can find that record and interpret the event.  What will help to capture and analyze such network messages is the Kiwi Syslog Server.

Free Download of Kiwi Syslog Server

Summary of Exchange Server 2003 Logs

When you are troubleshooting Exchange 2003, collect the evidence by going first to the event logs.  Explore the numerous places and types of logs that Exchange has to offer.  Find out where to turn the logs on and learn how to interpret the output data.

 .