Exchange Me!

April 4, 2008  7:00 AM


B00M3R John Bostock Profile: B00M3R

In the first part of this corruption post I spoke of what happens when an Exchange database goes corrupt on you. I also mention it can happen at page level, database level or store level. I mentioned hardware as well which will cause problems.  This post will concentrate on the 1018 error.

The common type as mentioned of database corruption is at the page level. You’ll get heaps of different error messages the can potentially relate to this type of corrupt database. The most common being 1018, now we have all seen the 1018 Jet_errReadVerifyFailure (havent we?) Most of the time this error indicates that the page has the incorrect checksum value or the page number is incorrect. Microsoft Exchange will begin reading the database page by processing the page number; this is so it knows its reading the correct data. If for some reason the number is different from the expected number, then yes you guessed it exchange generates the 1018 error.

Otherwise Microsoft Exchange will calculate a checksum value for the page then verify the calculated value and make sure it matches the stored checksum value. If it does match then the page is assumed to correct and valid otherwise, yes again the 1018 gets generated.

Should I take the 1018 seriously?

The 1018 is often a warning that bad things are on their way. Exchange is trying to tell you that the database has failed once and may go again. Normally they will be non fatal failures; however future failures could be worst and corrupt the store.

So if you haven’t worked it out already the 1018 is associated with an individual page within the database rather than the whole database. The 1018 is normally not fatal and some may take it as of no interest at all because Exchange has been known to generate this error with infrequently used data such as in a deleted items folder or just a plain old blank database.

What do I do with the 1081?

Try and find more about the error before trying to repair, first instinct is to fix but learn more about it first. This way you can try and determine exactly what data was affected and how fatal the failure is, also what’s the likelihood of it happening again.

In the next section we will look further at the 1018 but in the meantime check out some of the links on the 1018 error.

Understanding and analyzing -1018, -1019, and -1022 Exchange database errors

New error correcting code is included in Exchange Server 2003 SP1

Microsoft engineer Mike Lee recorded a great support webcast last year that is also helpful

April 2, 2008  5:39 PM


B00M3R John Bostock Profile: B00M3R

If you’ve been in this industry for many years as most of us have and worked with the different variants of Exchange Server I’m sure you would have come across a corrupt Information Store at some stage. In the upcoming blogs I’ll show you the most common type of database corruption and we’ll talk about what we can do to fix each type.

Most of the time database corruption refers to ….the data in the store becomes corrupt/invalid or unreadable. If the wrong data is written to the database or written to the wrong location or physically damaged after being written.

Now..How does this happen? If the hard disk has many bad sectors or becomes physically damaged, transaction logs get read incorrectly and the update is incorrect. I’ve also had it happen when power failures cause shutdown. Whatever the reason you most understand there are several places corruption can occur?

The page Level. – This is an individual place inside the database where data is stored. Miss read Tran logs or power failures normally cause this and you’ll find this type common. Most corruption issues will be page level corruption.

The Database Level. – This is where the individual pages are OK but the database file is invalid. Like if the file header is damaged or part unreadable. This problem at the database level often means the jet database cannot interact correctly with the associated EDB file.

The Application Level – This refers to the entire store itself the database is relational which means that the databases depend on each other for info. Example Although Exchange 2000 doesn’t have directory service it depends on the Active Directory.

Also you must consider other possibilities too. If Exchange isn’t working correctly then don’t always presume it’s the store or the database is corrupt. Exchange depends on Active Directory, IIS and Windows and of course the hardware. So if one of these is having issues then Exchange will be too. If your server has a memory related problem, then items stored in memory may be corrupt. Therefore, if Exchange sends the system to send the contents of a particular memory block to the database or to a transaction log, then the database or transaction log would become corrupted as a result of the memory problem.

You can see that the way Exchange databases are layered and all the components that depend on each other leaves heaps of room for issues.

February 28, 2008  6:51 AM

No Posts

B00M3R John Bostock Profile: B00M3R

I apologise for the lack of posts on this Blog. I have been off work ill and shall return to action soon and back to blogging.

Thanks for you patience.

John Bostock

January 12, 2008  12:11 PM

Recipient Policies What Are They?

B00M3R John Bostock Profile: B00M3R

Recipient Policies What Are They?

Recipient policies are organisation wide objects held in the “Recipient Policies” container – a sub container of Recipients. When you install Exchange the program creates a default policy and you can then create as many policies as you want to after. Although you must keep the default policy and you cannot delete it.

What do they do?

Set a default value for the domain used by Exchange to reference files via IFS. (IFS provides access to the Exchange information store by using Win32 file system APIs)Generates email proxy address. RUS generates and sets email addresses on new mail enabled objects but you define the format for the addresses and the type of proxy address that RUS generates through policy.Controls how the mailbox manager processes mailboxes.

Enables SMTP virtual servers to accept incoming mail. When you make an installation of Exchange the virtual servers will accept email from the domain defined in the default policy, but you add policies to cover additional domains if you require.

The Recipient Update Service (RUS) is responsible for creating and maintaining E-Mail Addresses in your Exchange Organization. The Recipient Update Service creates an Entry (Recipient Update Service (Enterprise Configuration)) for the entire Exchange Organization for modifying objects in the Configuration Container Partition in Active Directory and one RUS for every Exchange enabled Domain in this Forest.

Exchange Install.After install there is one default policy created called “Default Policy” This policy contains Proxy address for the default SMTP domain and one for X.400 – You can add additional Proxy addresses to the default policy or have different Recipient Policies for different users.Note:If you want to remove old or unwanted E-Mail addresses, you must either remove the addresses manually in Active Directory Users and Computers or use an automated process. Or you can use LDIFDE.

December 20, 2007  11:01 AM

Tools That Are Used with Exchange

B00M3R John Bostock Profile: B00M3R

In addition to Microsoft Management Console (MMC) snap-ins, Exchange System Manager, and Active Directory Users and Computers, there are many tools that you can use to manage and troubleshoot a Microsoft Exchange Server 2003 organization. Some of these tools are installed with Microsoft Windows, some with Exchange, and others are at the “Downloads for Exchange 2003” Web site ( The following table lists these tools. However, be aware that not all tools are supported by Mr Gates.

I will talk about these tools as I progress through my Blog.

NOTE: Some tools can cause serious, sometimes irreversible, problems if they are used incorrectly. Before you use tools in your production environment, always become familiar with them on test servers first. Make sure that you read the documentation associated with any tool and become familiar with the risks involved.

Exchange Tools

Tool name Description Run from Install from
Active Directory Account Cleanup Wizard (adclean.exe) Use to find and merge multiple accounts in Active Directory that refer to the same person. Start | All Programs | Microsoft Exchange | Deployment | Active Directory Account Cleanup Wizard Installed
Active Directory Connector Services (adcadmin.msc) Use to replicate Exchange 5.5 directory objects to Active Directory. Start | All Programs | Microsoft Exchange | Active Directory Connector ExchCD
Active Directory Users and Computers(dsa.msc) Use this MMC snap-in to manage mail recipients and other Active Directory objects. Start | All Programs | Microsoft Exchange | Active Directory Users and Computers Installed
Address Rewrite (Exarcfg.exe) Use to rewrite return e-mail addresses on outgoing messages that are routed from non-Exchange mail systems to Exchange and destined outside the organization. Command prompt Link
Active Directory Service Interfaces (ADSI) Edit(adsiedit.msc) Use for low-level editing of Active Directory. <drive>:\Program Files\Support Tools Windows
Application Deployment Wizard(exapppacker.exe) Use to package and deploy Exchange store applications on the Exchange store. Start | All Programs | Exchange SDK | Exchange SDK Development Tools | Application Deployment Wizard Link
Application Security Module Use to access and modify XML content that is provided by the security descriptor. <drive>:\Program Files\Exchange SDK\SDK\Samples\Security Link
ArchiveSink(archivesink_setup.vbs) Use to archive message and log information about messages sent to or received by an Exchange server. Command prompt Link
Authoritative Restore(Authrest.exe) Use to force a restored directory database to replicate to other servers after restoring from a backup. Use this tool only when Microsoft Customer Service and Support asks you to do this. Command promptMust be installed to \exchsrvr\bin Link
Cluster Administrator(cluadmin.exe) Use to configure, control, and monitor clusters. Start | All Programs | Administrative Tools | Cluster Administrator Installed
Disable Certificate Verification(Certchk.exe)Not recommended for production environments. Use in test environments to disable certificate authentication for Microsoft Outlook® Mobile Access. Install and run on the mobile device. Link
DNS Resolver (DNSDiag)(Dnsdiag.exe) Use to troubleshoot Domain Name System (DNS) issues. The tool simulates the Simple Mail Transfer Protocol (SMTP) service’s internal code-path and prints diagnostic messages that indicate how the DNS resolution is proceeding. Command promptMust be installed to <drive>:\windows\system32\inetsrv Link
DSACLS(dsacls.exe) DSACLS is a command-line tool that you can use to query and change permissions and security attributes of Active Directory objects. It is the command-line equivalent of the Security tab in the Windows 2000 Server Active Directory snap-in tools such as Active Directory Users and Computers and Active Directory Sites and Services. For more information about DSACLS, see Microsoft Knowledge Base article 281146, “How to Use Dsacls.exe in Windows Server 2003 and Windows 2000” ( Command prompt Server
Error Code Look-up(Err.exe) Use to determine error values from decimal and hexadecimal error codes in Windows products. Command Prompt Link
Event Viewer(eventvwr.msc) Use this MMC snap-in to view logged events, such as errors and warnings. Start | All Programs | Administrative Tools | Event Viewer Installed
at setup
Exchange 2003 Management Pack(Exchange Management Pack.akm) Use to monitor the performance, availability, and security of Microsoft Exchange Server 2003, alerting you to events that have a direct effect on server availability, while filtering out events that require no action. Microsoft Operations Manager ?
Exchange Explorer(ExchExplorer.exe) Use to explore Exchange store folders, items, and their property values. Create property and content class definitions and configure their schema scope. Start | All Programs | Exchange SDK | Exchange SDK Development Tools | Exchange Explorer Link
Exchange Server Database Utilities(eseutil.exe) Use to perform offline database procedures, such as defragmentation and integrity checking. <drive>:\Program Files\Exchsrvr\bin Installed
Exchange Deployment Tools(exdeploy.chm) Use this guide to review the recommended steps and tools that help you successfully install Exchange Server 2003. Run from Exchange CD ExCD
Exchange Server Migration Wizard(mailmig.exe) Use to migrate user accounts to Exchange 2003. Start | All Programs | Microsoft Exchange | Migration Wizard Installed
Exchange Store Event Sink Wizard(mxeswiz.dll) Use to create a Microsoft Visual Basic® project for a Component Object Model (COM) class of correctly implemented event interfaces, and a module of functions and routines that use event sink support interfaces. Microsoft Visual Basic development system Link
Exchange Store TreeView Control(Extreeview.ocx) Use to display a hierarchical list of node objects that corresponds to folders in the Exchange store. <drive>:\Program Files\Exchange SDK\Tools\ExchExplorer Link
Exchange Stress and Performance Use to test stress and performance.This tool simulates many client sessions by concurrently accessing one or more protocol servers. Command prompt Link
Exchange System Manager(exchange system manager.msc) Use this MMC snap-in to provide a graphical view of an Exchange organization where you can perform many administrative tasks. Start | All Programs | Microsoft Exchange | System Manager Installed
Exchange Workflow Configuration Scripts(wfsetup.vbs; addwfrole.vbs) Use wfsetup.vbs to configure the server for correct workflow functionality.Use addwfrole.vbs to add users to workflow event sink security roles. Command prompt Link
GUIDGen(GUIDGEN.EXE) Use to generate globally unique identifiers (GUIDs). Command prompt Link
Information Store Integrity Checker(isinteg.exe) Use to find and remove errors in the public and private information store databases. Intended for failure recovery situations and not for routine maintenance. Command prompt Exch
Information Store Viewer (MDBVU32)(mdbvu32.exe)Note: The Information Store Viewer has been replaced by the MAPI Editor. Use to view or set details about a user’s message storage files. These files are the private information store, the personal folder file (.pst file), and the offline folder file (.ost file). This tool browses storage, address book, and other MAPI providers by executing MAPI calls specified by a user.The MAPI Editor replaces the current MDBVU32 tool, and provides access to the contents of the Messaging API (MAPI) stores. Command promptGraphical User Interface Link
Internet Information Services (IIS) Manager(iis.msc) Use to configure Outlook Web Access settings. Start | All Programs | Administrative Tools | Internet Information Services (IIS) Manager Add
Inter-Organization Replication(exscfg.exe; exssrv.exe) Use to replicate public folder information (including free/busy information) between Exchange organizations. Can be used between forests. Command prompt Link
Jetstress(JetStress.exe) Use to stress test the Exchange database engine and storage subsystem. Command prompt Link
LDP(ldp.exe) Use to perform Lightweight Directory Access Protocol (LDAP) searches against Active Directory. <drive>:\Program Files\Support Tools Windows
Load Generator(Formerly Load Simulator (LoadSim)) Use as a benchmarking tool to test the response of servers to mail loads. For setup and installation instructions, see Link
Mailbox Merge Wizard (ExMerge)(ExMerge.exe) Use to extract data from mailboxes on an Exchange server, and then merge that data into mailboxes on another Exchange server. Command prompt Link
Managed Exchange TreeView Control (ExchangeTreeViewControl.dll) Use in managed Windows applications to display a hierarchical list of nodes that correspond to a mail or public folder hierarchy. Add, delete, and move folders in the Exchange store. <drive>:\Program Files\Exchange SDK\Tools\ExchTreeViewControl Link
Microsoft Baseline Security Analyzer (MBSA)GUI:(MBSA.exe)Command Line:(mbsacli.exe) Use to scan local or remote systems for common misconfigurations and to verify security best practices. Command prompt Link
Importer for Lotus cc:Mail Archives (ccmarch.exe) Use to import Lotus cc:Mail archive files to folders in an Exchange 2003 mailbox store or to one or more .pst files. Include with the Lotus Applications Migration Tools. Command prompt Link
MTA Check(Mtacheck.exe) Use when MTA will not start, because of corruption or suspected corruption in the MTA database.This tool provides a soft recovery of a corrupted MTA database. Command prompt Link
Network Monitor(netmon.exe) Use to diagnose issues with server connectivity. Start | All Programs Administrative Tools | Network Monitor Add
Programs Windows Components
Performance Monitor(perfmon.msc) Use for establishing a baseline of performance and for troubleshooting performance issues. Start | All Programs | Administrative Tools | Performance Installed
PFMigrate(pfmigrate.wsf) Use to migrate public folders from Exchange 5.5 to Exchange 2003. Can also be used to move the offline address book, Schedule+ Free/Busy folder, and organization forms. Command prompt ExchCD
RPC Ping utility(rpings.exe and rpingc.exe) Use to confirm the RPC connectivity between the computer that is running Microsoft Exchange Server and any of the client workstations on the network. Command prompt Link
SMTP Internet Protocol Restriction and Accept/Deny List Configuration (ExIpsec.dll) Use to programmatically set Internet Protocol (IP) restrictions on an SMTP virtual server. Programmatically add IP addresses on the global accept and deny lists for connection filtering. Running exipsec.exe installs the required DLL so that you can access the COM object from the script you create. Link
Telnet(telnet.exe) Use to troubleshoot Exchange mail flow. Command prompt Installed setup.
WinRoute(winroute.exe) Use to connect to the link state port (TCP/IP 691) on an Exchange server and extract the link state information for an organization. Command prompt Link

December 20, 2007  9:40 AM

Build numbers and release dates for Exchange Server

B00M3R John Bostock Profile: B00M3R

How to tell what Exchange version you are using? Many of us know of course but Microsoft have build numbers to indentify exact builds.

To find your build: The easiest way is to open ESM>Administrative Groups>Domain Name>click on the servers folder and to the right you will see all your servers and under Server Version is the version type. Make sure you are running the latest service pack for the version you are using.

Version                                             Build number              Release date
Microsoft Exchange Server  4.0                      4.0.837                   April 1996
Microsoft Exchange Server  4.0 (a)                4.0.993                   August 1996
Microsoft Exchange Server  4.0 SP1               4.0.838                   May 1996
Microsoft Exchange Server  4.0 SP2               4.0.993                   August 1996
Microsoft Exchange Server  4.0 SP3               4.0.994                   November 1996
Microsoft Exchange Server  4.0 SP4               4.0.995                   April 1997
Microsoft Exchange Server  4.0 SP5               4.0.996                   May 1998

Microsoft Exchange Server  5.0                       5.0.1457                  March 1997
Microsoft Exchange Server  5.0 SP1                5.0.1458                  June 1997
Microsoft Exchange Server  5.0 SP2                5.0.1460                  February 1998

Microsoft Exchange Server  5.5                        5.5.1960                  November 1997
Microsoft Exchange Server  5.5 SP1                 5.5.2232                  July 1998
Microsoft Exchange Server  5.5 SP2                 5.5.2448                  December 1998
Microsoft Exchange Server  5.5 SP3                 5.5.2650                  September 1999
Microsoft Exchange Server  5.5 SP4                 5.5.2653                  November 2000

Microsoft Exchange 2000 Server                      6.0.4417                  October 2000
Microsoft Exchange 2000 Server (a)                 6.0.4417                  January 2001
Microsoft Exchange 2000 Server SP1                6.0.4712                  July 2001
Microsoft Exchange 2000 Server SP2                6.0.5762                  December 2001
Microsoft Exchange 2000 Server SP3                6.0.6249                  August 2002
Microsoft Exchange 2000 Server post-SP3       6.0.6487                  September 2003
Microsoft Exchange 2000 Server post-SP3       6.0.6556                  April 2004
Microsoft Exchange 2000 Server post-SP3       6.0.6603                  August 2004

Microsoft Exchange Server  2003                        6.5.6944                  October 2003
Microsoft Exchange Server  2003 SP1                6.5.7226                  May 2004
Microsoft Exchange Server  2003 SP2                6.5.7638                  October 2005

Microsoft Exchange Server  2007                        8.0.685.24 or 8.0.685.25  December 2006
Microsoft Exchange Server  2007 SP1                8.1.0240.006              November 2007

December 16, 2007  10:16 AM

Message tracking event IDs in Exchange Server 2003

B00M3R John Bostock Profile: B00M3R

Here are some of the event IDs that are logged to message tracking log files. You can enable message tracking logs to track or to troubleshoot the flow or status of a message in Exchange Server 2003 as shown in previous blog. You can record information about the sender, the message, and the recipient. If you want to log more detailed information, you can also record the subject line of messages.

By default, the tracking logs are located in the C:\Program Files\Exchsrvr\YourServerName.log folder. Each daily log is named in the yyyymmdd.log format according to the date that the log was created. The file name date is in Coordinated Universal Time (UTC). Here is a list of event ID’s and there meaning. You can import this log file into Excel which makes it easier to read as opening the text file is too busy.

A few FAQ’s
Q1: When a message is generated in the system for the first time, what event is associated with that message in the tracking log?
A1: There are different events for different message submission paths to Exchange Server 2003. For example, for messages that are submitted through the SMTP component, the first event ID in the tracking log is 1019. For messages that are submitted through the Store component, the first event ID in the tracking log is 1027.
Q2: Is there one event ID that covers the creation of all messages and that only appears one time per message?
A2: There is no one event that covers the creation of all messages because messages can be created in various ways by various clients, remote servers, and pickup directory. It would make no sense to use the same event for all these code paths. Or, it would be impossible to use the same event for all these code paths. However, event 1019 is logged when any message enters Inetinfo-side transport processing. The tracking log may frequently contain multiple 1019 events that have the same message ID. For example, this may occur if the server is restarted multiple times during a period when the remote destination for the particular message is down. On each restart, the message is resubmitted, and event 1019 is logged. This is expected behavior.
Q3: Why are there multiple 1020 and 1031 events that are logged for the same message ID?
A3: This is expected behavior. The same message ID can be transferred out multiple times. When the same message ID is transferred out multiple times, events 1020 and 1031 are generated.

Event Number Event Type Description
0 Message transfer in The message was received from a server, a connector, or a gateway.
1 Probe transfer in An X.400 probe was received from a gateway, a link, or a message transfer agent (MTA).
2 Report transfer in A delivery receipt or a non-delivery report (NDR) was received from a server, a connector, or a gateway.
4 Message submission The message was sent by the client.
5 Probe submission An X.400 probe was received from a user.
6 Probe transfer out An X.400 probe was sent to a gateway, a link, or an MTA.
7 Message transfer out The message was sent to a server, a connector, or a gateway.
8 Report transfer out A delivery receipt or an NDR was sent to a server, a connector, or a gateway.
9 Message delivered The message was delivered to a mailbox or a public folder.
10 Report delivered A delivery receipt or an NDR was delivered to a mailbox.
18 StartAssocByMTSUser  
23 ReleaseAssocByMTSUse  
28 Message redirected The message was sent to mailboxes other than the mailboxes of the recipients.
29 Message rerouted The message was routed to an alternative path.
31 Downgrading An X.400 message was downgraded to 1984 format before relay.
33 Report absorption The number of delivery receipts or of NDRs exceeded a threshold and the reports were deleted.
34 Report generation A delivery receipt or an NDR was created.
43 Unroutable report discarded A delivery receipt or an NDR could not be routed and was deleted from the queue.
50 Gateway deleted message The administrator deleted an X.400 message that was queued for a gateway.
51 Gateway deleted probe The administrator deleted an X.400 probe that was queued for a gateway.
52 Gateway deleted report The administrator deleted an X.400 report that was queued for a gateway.
1000 Local delivery The sender and the recipient are on the same server.
1001 Backbone transfer in Mail was received from another MAPI system across a connector or across a gateway.
1002 Backbone transfer out Mail was sent to another MAPI system across a connector or across a gateway.
1003 Gateway transfer out The message was sent through a gateway.
1004 Gateway transfer in The message was received from a gateway.
1005 Gateway report transfer in A delivery receipt or an NDR was received from a gateway.
1006 Gateway report transfer out A delivery receipt or an NDR was sent through a gateway.
1007 Gateway report generation A gateway generated an NDR for a message.
1010 SMTP queued outbound Outgoing mail was queued for delivery by the Internet Mail Service.
1011 SMTP transferred outbound Outgoing mail was transferred to an Internet recipient.
1012 SMTP received inbound Incoming mail was received from by the Internet Mail Service.
1013 SMTP transferred Incoming mail that was received by the Internet Mail Service was transferred to the information store.
1014 SMTP message rerouted An Internet message is being rerouted or forwarded to the correct location.
1015 SMTP report transferred In A delivery receipt or an NDR was received by the Internet Mail Service
1016 SMTP report transferred out A delivery receipt or an NDR was sent to the Internet Mail Service.
1017 SMTP report generated A delivery receipt or an NDR was created.
1018 SMTP report absorbed The receipt or the NDR could not be delivered and was absorbed. (You cannot send an NDR for an NDR.)
1019 SMTP submit message to AQ A new message is submitted to Advanced Queuing.
1020 SMTP begin outbound transfer A message is about to be sent over the wire by SMTP.
1021 SMTP bad mail The message was transferred to the Badmail folder.
1022 SMTP AQ failure A fatal Advanced Queuing error occurred. Information about the failure was written to the Event Manager.
1023 SMTP local delivery A message was successfully delivered by a store drive (logged by Advanced Queue).
1024 SMTP submit message to cat Advanced Queuing submitted a message to the categorizer.
1025 SMTP begin submit message A new message was submitted to Advanced Queuing.
1026 SMTP AQ failed message Advanced Queuing could not process the message. The message caused an NDR to be sent, or the message was put in the Badmail folder.
1027 SMTP submit message to SD A message was submitted to the store driver by the MTA.
1028 SMTP SD local delivery The store driver successfully delivered a message (logged by store driver).
1029 SMTP SD gateway delivery The store driver transferred the message to the MTA.
1030 SMTP NDR all All recipients were sent an NDR.
1031 SMTP end outbound transfer The outgoing message was successfully transferred.
1032 SMTP message scheduled to retry categorization  
1033 SMTP message categorized and queued for routing  
1034 SMTP message routed and queued for remote delivery  
1035 SMTP message scheduled to retry routing  
1036 SMTP message queued for local delivery  
1037 SMTP message scheduled to retry local delivery  
1038 SMTP message routed and queued for gateway delivery  
1039 SMTP message deleted by Intelligent Message Filtering  
1040 SMTP message rejected by Intelligent Message Filtering  
1041 SMTP message archived by Intelligent Message Filtering  
1042 Message redirected to the alternate recipient

December 16, 2007  8:28 AM

Seasons Greetings!!

B00M3R John Bostock Profile: B00M3R

I’d like to wish all those involved in the creation and support of IT Knowledge Exchange a very happy Xmas. Plus those that visit and contribute towards making this site what it is a VERY MERRY XMAS. I shall be working over Xmas in Africa (Zambia) where Mining doesn’t stop (only Xmas day) so Ill be posting as best I can. Good luck to you all and enjoy the break. John

December 14, 2007  7:24 AM

Exchange Message Tracking – A Great Tool!!

B00M3R John Bostock Profile: B00M3R

Exchange has a great feature called message tracking that enables you to track messages. It works for both directions inbound/outbound – it also does internal messages. This function has a low overhead so I leave it enabled so I can get my hands on the info when I want,  although I do have a large amount of emails that pass through my organization on a daily basis so I set log removal to be low.


Here is the scenario. Your Boss calls at the wrong moment as per usual raving about a SUPER important email message that never got delivered. So what do you do? This is when you need to know how to use Message Tracking so let’s have a look at how.

How to Enable

1.       Open ESM go to servers
2.       Right click on the server and choose properties
3.       Select these options “enable subject logging and display” “enable message tracking”
4.       “Remove log files” This option set to 30 days which is long enough. If you have massive traffic consider lower times say 7-10 days.
5.       Also check out the location of the log files. Keep them away from the main store on a separate drive if possible.

Now mine looks slightly different because I do mine through a server policy as I have multiple Exchange servers. Although greyed out you can see the ticks and where I store them.

Now let’s look at Tracking Messages.

Once tracking has been running for a while you will have collected some information, then we can track messages. Let’s look at how

1.       Open ESM and then go to tools
2.       Scroll down to Message Tracking Center
3.       Choose the server you want to track the message from. This of course will be the server that the user has his or her mailbox on, depending on whether you want to track inbound or outbound messages.

At this point we can search even though nothing else is configured. But this will result in heaps of results up to a max of 1000 every message since midnight will be processed. Best case – use the other fields to narrow the search results. Once the system finds the message you can double click it which will show what exchange did with the message.

Tracking log files will be stored (by default) in a folder located at x:\Program Files\Exchsrvr\servername.log, where x is the volume you have installed Exchange Server onto. Inside this folder you will find a text file for each day that logs are being retained for. You can open these files and work from them if you want, but I would recommend doing it in Excel as the files are tab-delimited and very hard to sort through otherwise.  

Ok so we have a great way of searching and finding out what has happened with an email. Now that’s it but we can advance things a bit by utilizing third party tools and REALLY bringing Message Tracking ALIVE.

Check out these links for advanced use of Message Tracking. If you search the web you will find various software, some users have created scripts to work with these logs – Just make sure you test them and not in your live enviroment 🙂

Exchange Log Analyzer    Promodag Now This is great software


December 13, 2007  11:54 AM

Uninstall Exchange Server 2003

B00M3R John Bostock Profile: B00M3R

Firstly I need to apologize for the delay between posts, I have been attending to some business which kept me away and will acknowledge next time should I expect a large gap again.I’m going to get straight into the correct way to uninstall Exchange 2003 from a server. I have a systems Administrator who has this task in hand and I’ve done this for him and others.
Let’s do it!

You must ensure you meet the prerequisites before you attempt this and they are as follows:

  • If you have Exchange Full Administrator permissions at the administrative group level, you can uninstall Exchange Server 2003, provided that you have permissions for the administrative group to which the server belongs.

  • If there are any mailboxes assigned to a storage group on a server, you cannot uninstall Exchange Server 2003 from that server. In this case, you must either move or delete the mailboxes before you can uninstall Exchange.

  • You cannot uninstall Exchange Server 2003 from a server if it is the only server in your organization running the Recipient Update Service. Instead, you must first use Exchange System Manager to enable the Recipient Update Service on another server.

  • You cannot uninstall Exchange Server 2003 from a server if it is the only server in a mixed administrative group that is running Site Replication Service (SRS). Instead, you must first enable SRS on another Exchange server.

  • You cannot uninstall Exchange Server 2003 from a server if it is a bridgehead server for a connector and there are other Exchange servers in your organization. Instead, you must first designate a new bridgehead server.

  • You cannot uninstall Exchange Server 2003 from a server if it is the routing master and there are other Exchange servers in your organization. Instead, you must first designate a new routing master.

Now before you remove the server from a production environment that has multiple servers in the administrative group, understand that you need to know all the servers roles that are held by this machine. Make sure you move your roles to other machines. Example: If the server is listed as a bridgehead server on a connector you will have to move this before uninstall will work. Failure to do this could cause many things including the following:

  • Mail flow may stop if the server is a bridgehead server.

  • Mail flow will be totally screwed if the server is the routing group master.

  • Outlook issue and OWA issues so confirm and check before attempting the uninstall.

Before you remove Exchange 2003, you must disconnect all mailbox-enabled users from the mailboxes on the Exchange server. It is not possible to remove an Exchange Server when it has mounted mailboxes. If you are getting this error check out the following One or more users currently use this mailbox store. These users must be moved to a different mailbox store or be mail disabled before deleting this store”A good way to try to find these missing users is to use Active Directory Users and Computers. Here’s what to do:

1. Run ADUC.(Active Directory Users and computers – come on!)

2. Right-click your domain at the top, and choose Find.

3. Click the Advanced tab, and then choose User from the Field button.

4. From the list of attributes displayed, choose Exchange Home Server.

5. Set the Condition field to Ends With and then type your Exchange server name into the Value field. Click Add to add this value.

6. Now click the Find button, and hopefully you’ll see the troublesome user listed in the results window.

You should then be able to remove the Exchange attributes from these user accounts and proceed with the un install.

To uninstall Exchange Server 2003

1. Log on to the server from which you want to uninstall Exchange.
2. Click Start, point to Control Panel, and then click Add or Remove Programs.
3. In Add or Remove Programs, select Microsoft Exchange, and then click Change/Remove.
4. On the Welcome to the Microsoft Exchange Installation Wizard page, click Next.
5. On the Component Selection page, in the Action column, use the drop-down arrows to select Remove, and then click Next.

Follow the bouncing ball and Exchange should uninstall.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: