Introduction to Exchange Server 2003 Diagnostic Logs
Diagnostic Logging – Exchange 2003’s ultimate tool for troubleshooting email problems. Once you set Diagnostic logging, then you can collect extra information about any of the Exchange 2003 services, for example, MSExchangeTransport, SMTP.
Topics for Exchange Server 2003 Diagnostic Logs
You can collect even more data by increasing the level of diagnostic logging. However this comes with a health warning, excessive logging will slow down your server, so always remember to reset to Minimum, once you have finished troubleshooting.
- How to get extra information about email services
- Instructions on how to find Diagnostic Logging
- Diagnostics Logging Tab
- Exchange Services to Log
- Increasing SMTP Logging to Debug level 7
Keep in mind the link between Exchange System Manager, which turns on the Diagnostic logging, and the Application log which displays the resulting information. Once the Exchange 2003 server has chance to generate information, open the Application log and sift through the event ID numbers for information about the cause of the email problem. It’s a good idea to help the process along by sending test messages.
To turn on Diagnostic logging, launch the Exchange System Manager. Here are instructions to set a Medium or Maximum level logging.
- Open the Exchange System Manager
- * Drill Down To Administrative Groups
- * First Administrative Group
- Find your Server e.g. Paris
- Properties, Diagnostic Logging Tab
- (None), Minimum, Medium, Maximum
* Depends on how you set the Display options
Encouraging computers to sleep when they’re not in use is a great idea – until you are away from your desk and need a file on that remote sleeping machine!
WOL also has business uses for example, rousing machines so that they can have update patches applied. My real reason for recommending you download this free tool is because it’s so much fun sending those ‘Magic Packets’. Give WOL a try – it’s free.
Each Exchange 2003 service is capable of recording extra information. Select the service, for example : MSExchangeTransport, then Select the Category. Finally move the radio button along the bottom menu and select your Logging Level: Minimum, Medium or Maximum.
Once you have collected enough information in the Application Log, remember to reset the logging level to None. If you do not turn off the Logging the Exchange 2003 server performance will deteriorate rapidly.
What to look for in the
|MSExchangeAL – Address Lists||Example ID 8026, network problem, or LDAP configuration|
|MSExchangeIS – Exchange Information Store||Example ID 9518, trying to start a store which is offline|
|MSExchangeMTA – Message delivery||Example ID 9411, disk is full MTA needs 10 MB free space|
|MSExchangeSA – Active Directory related (System Attendant)||Example ID 9543. Permissions error|
|MSExchangeTransport – SMTP Routing.||Example, ID 4000, possible cause DNS with incorrect MX record|
|MSExchangeActiveSynchNotify – ActiveSynch.|
Windows 2003 provides numerous opportunities to increase logging by adjusting settings in the registry. Many registry objects have a Diagnostics sub folder. In this instance we can employ Regedit to increase SMTP logging on the MSExchangeTransport.
The scenario: Despite your best efforts, the email is still not getting through. To collect more data you launch Regedit, then increase the SMTP logging to debug level 7.
Start your Registry Editor: Start (Menu), Run, Regedit (type), Enter.
Drill down to this registry key :
Set the value to 7.
Here is another area to edit: Message Categorizer Logging to Debug Level 7
Drill down to:
Set the value to 7.
LEM will alert you to problems such as when a key application on a particular server is unavailable. It can also detect when services have stopped, or if there is a network latency problem. Perhaps this log and event management tool’s most interesting ability is to take corrective action, for example by restarting services, or isolating the source of a maleware attack.
Yet perhaps the killer reason why people use LEM is for its compliance capability, with a little help from you, it will ensure that your organization complies with industry standards such as CISP or FERPA. LEM is a really smart application that can make correlations between data in different logs, then use its built-in logic to take corrective action, to restart services, or thwart potential security breaches – give LEM a whirl.
When you are troubleshooting email delivery, if at first you cannot solve the problem, then collect more evidence by turning on Diagnostic logging. When you have finished remember to turn off Diagnostic logging otherwise, your server will seem sluggish. Incidentally, Diagnostic logging is a technique that you learn once, then apply to numerous Windows 2003 services, for example DNS.
- Exchange 2007 SMTP Connectors
- Exchange 2010 SMTP Connectors
- SMTP Raw Commands
- SMTP Logs
- Exchange Logs
- Free SolarWinds Exchange Monitor
- Diagnostic Logging
- Free Kiwi Syslog Analyzer
- Troubleshooting Tips