Microsoft Exchange Server 2003 – Logs

Introduction to Exchange Server 2003 Logs

Logs really will help you troubleshoot virtually any Exchange 2003 problem.  The idea of this page is to open your eyes to the numerous types of Exchange logs and where to find them.

Topics for Exchange Server 2003 Logs


Types of Logs in Exchange 2003

Microsoft are not perfect.  However, I have always felt that from Windows 3.11 onwards Microsoft provide lots of troubleshooting information by way of logs.  The reason that Exchange 2003 has so many logs is that it has so many components.  There are database logs for the mailstore, Windows 2003 application logs, protocol logs e.g. SMTP, performance logs, and virus logs.  Unfortunately there is not central location to view all the logs, so you have to explore the \exchsrvr folder, Event Viewer and even the root of the C:\ or D:\ drive.

Event Viewer: Application Log

When ever there is an email problem, I try and train myself to look in the Event Viewer earlier, rather than later in the troubleshooting cycle.  So in the case of Exchange 2003, begin with the Application Log.  People often say ‘finding the problem is like looking for a needle in a haystack’.  My reply is: ‘ master Event Viewer’s Filter ‘.  Click on the View Menu, Filter and select one of these from the Event Source box.

  • MSExchangeAL – Addressing Email
  • MSExchangeIS – IIS Access
  • MSExchangeSA – Active Directory related
  • MSExchangeTransport – SMTP Routing
  • POP3Svc

Guy Recommends:  SolarWinds’ Log & Event Management ToolSolarwinds Log and Event Management Tool

LEM will alert you to problems such as when a key application on a particular server is unavailable.  It can also detect when services have stopped, or if there is a network latency problem.  Perhaps this log and event management tool’s most interesting ability is to take corrective action, for example by restarting services, or isolating the source of a maleware attack.

Yet perhaps the killer reason why people use LEM is for its compliance capability, with a little help from you, it will ensure that your organization complies with industry standards such as CISP or FERPA.  LEM is a really smart application that can make correlations between data in different logs, then use its built-in logic to take corrective action, to restart services, or thwart potential security breaches – give LEM a whirl.

Download your FREE trial of SolarWinds Log & Event Management tool.

Event Viewer: System Log

Apply the same technique that I described for the Application log.  Key menu: Filter source:

  • SMTPSVC – SMTP Service
  • ClusSvc – Cluster Service
  • W3SVC – IIS
  • MSExchangeIS Mailbox Store

Setup.log and Exchange Server Setup Progress.log

Exchange even has two setup logs to help you troubleshoot install programs.  These files are created in the root of the drive where the Exchange 2003 binaries are installed.  For example look in C:\ or D:\.   These files give valuable reasons why setup failed.  Could not extend the schema, or problems overwriting priv1.edb in the MDBDATA folder.  I once used the progress log to solve a replication problem when migrating from Exchange 5.5.

Summary of Exchange Server 2003 Logs

When you are troubleshooting Exchange 2003, collect the evidence by going first to the event logs.  Explore the numerous places and types of logs that Exchange has to offer.  Find out where to turn the logs on and learn how to interpret the output data.

See Also