exchange 2003 best practices day-to-day jim mcbee itcs hawaii [email protected]
TRANSCRIPT
Jim McBee – Shameless self promotion
• Consultant, Writer, MCSE, MVP, and MCT – Honolulu, Hawaii
• Principal clients are SAIC, Dell, and Microsoft • Author – Exchange 2003 24Seven (Sybex)• Contributor – Exchange and Outlook
Administrator• Blog – Mostly Exchange –
http://mostlyexchange.blogspot.com
Audience Assumptions
• Level 200 session
• You have at least a few months experience running Exchange 2000 or 2003
• You have worked with Active Directory
• You can install and configure Windows and Exchange
Session’s coverage
• Presentation – About 65 minutes● Daily tasks● Monitoring and health checks● Event logs● “Worst practices’
• Book give away – Drop off your business card or write your name on a slip of paper
• Questions and answers – 10 – 15 minutes• Catch me afterwards also, I’m here all week
“Leave Exchange Alone”
• Single server? No more than 30 minutes work a day on a typical day
• For the most part, Exchange does not require a lot of “direct” or “hands on” management
• Monitoring is more important• Daily tasks consist of mostly checking things and
verifying that the server is operating as expected• Almost all tasks can be performed remotely (not
at the console)
Preparing to Monitor
• The problem with logging is you don’t know you need it until after the fact
• Set larger event log sizes
• Windows auditing
• Exchange diagnostics logging
• Message tracking
• Protocol logging
Recommended Event Log Sizes
• System – 50MB• Security – 50MB• Application – 200MB• See
http://tinyurl.com/syua3
Windows Auditing
• These are for security purposes and not necessarily to tell you anything about Exchange
• Auditing changes to Exchange configuration must be done on domain controllers
Exchange Diagnostics Logging
Message Tracking
• Can be anywhere from a few KB to hundreds of MB per day
• Some third party reporting utilities use these logs
• Purged automatically
Protocol Logging
• Logging for SMTP or HTTP
● Enable on FE/BH servers
• Gives you an “audit trail” of Internet activity
• Logs do not automatically purge
• For sample script, see:● http://tinyurl.com/nztyy
The Big Five - Critical Daily Tasks
• Verify successful backups
• Check available disk space
• Examine the inbound and outbound queues
• Review the event logs
• Confirm message hygiene system’s health
Automate or Manual
• Most of the tasks in this presentation can be automated
• Logic can be placed in scripts that determines if an alert should be raised
• “Missing, but expected” events are just as important
• Knowledge of these tasks is still important
Those Wild And Crazy Event Logs
• Exchange is very good at recording information to the application event logs
• Confirming online maintenance completion is important
• Confirming backup completion
• Be on the lookup for system or application problems
Online maintenance
• Nightly each store has a series of maintenance tasks that ensure efficient database operation
● Purge deleted items and mailboxes● Reorganize unused space● Cleanup of stale indexes
• If online maintenance does not run● Store will continually to grow● Database will become fragmented● Performance will suffer
• If online backup starts on any store in a storage group, online maintenance on the other stores will halt. Do not overlap online maintenance and backups.
Purging Deleted Items and Mailboxes
Database White Space – Event 1221
• Indicates the amount of empty space in the database file
• Space will be reused before database file grows
• No action required unless space is 25% or more of total database file size
• Online backups will back up the entire file (white space and all)
Much Ado About Backups
• Probably the most important daily task you will perform
• Exchange-aware backup programs:● Use a backup API to backup the database “page-by-
page” and verify the integrity of each page● Purge the transaction logs after a “Normal” or an
“Incremental” backup
• Backups should not overlap online maintenance schedule (default 1:00AM – 5:00AM)
Emerging trend in backups
• Backup software backs up data to disk
• Two or three days worth of backups retained on disk
• Backup files then backed up to tape
• Faster Exchange backup and restore
• Usually need the most recent backup
What indicates a successful backup?
• Examine the backup application’s logs
• Review the Application event log for specific events
● Good automated system will check for the absence of these events!
• Look at Database properties of store for date and time of last backup
• Transaction logs will be purged
ESE: Logging/Recovery Event 221
• Indicates completion of backup of an STM or EDB file
• You should see this event once for each backup job for each ESB and STM file
ESE: Logging/Recovery - Event 223
• Starting the backup of a storage group’s transaction logs
• This should be seen for each storage group selected in a backup set
ESE: Logging/Recovery – Event 224
• Indicates storage group’s transaction logs are being purged
• You should see this event once for each storage group selected for backup
Backups will HALT if store corruption is detected
• It’s a feature• This is an event you
DO NOT want to see• If EDB file has page-
level corruption, you get the infamous -1018 error
• STM file does not generate this error
Message Hygiene Checkups
• Message hygiene is the applications, tools, or utilities you use to protect your server from:● Malware (worms, viruses, Trojan Horses)● Spam and phishing
• Are their signs of an outbreak?• Signature and Scanning Engine
● Update signatures every 1 to 2 hours● Update scanning engine technology (if applicable)
weekly
• Does the quarantine need to be reviewed?
Virus Scanning Statistics
Intelligent Message System Statistics
History Repeats Itself
• Availability of historical information can help you ● Project needs in the future● Identify trends
Keep a log of…
• Record disk space usage
• Record store sizes
• Save mailbox space usage report to text file
• Virus statistics
• Archive the Application, System, and Security event logs
• Archive the HTTP and SMTP protocol logs
Sample script
• Exchange MVP Glen Scales mailbox and disk usage report
• http://tinyurl.com/j3cgm
Closed Mailboxes
• MSExchange IS: General – Event ID 8528
• Indicates that a mailbox is full
Worst practices (How to lose your job with Exchange)
• There are a few things that will definitely get you sent to the human resources department.
• Mailbox surfing (reading other user’s mail)• Office automation tasks from the server console
(word processing, doing e-mail, surfing the web)• Running a file-based virus scanner that scans
EDB, STM, LOG, or CHK files or that scans the Queue folders
• Deleting transaction logs manually
Worst practices (cont)
• Applying service packs immediately● Wait 3 – 4 weeks● Read the release notes thoroughly● Make a full backup first
• Applying critical updates immediately● Wait 1 – 2 weeks (unless you need the fix right away)
• Installing Outlook on the server• Not paying attention to available disk space and
letting the server run out of free disk space
Worst practices (cont)
• Avoid “over administration”● Mailbox stores rarely need offline compaction
or offline maintenance of any sort● Excessive reboots (more than once a week)
• If you need to do this, you have a bigger problem
• Don’t make big changes the day before your vacation
Worst practices (cont)
• Not using SSL for Internet clients• Setting up an open SMTP relay• Not calling for help when you get in over
your head• Making significant, unscheduled changes
without notifying the user community• Ignoring critical fixes and updates• Making the same mistakes over and over
again
Book Giveaway
• Has everyone given me something to draw from?
Questions?
• You can always catch me this week if you don’t get your questions answered.
• Thanks for attending!
• My blog is Mostly Exchange – http://mostlyexchange.blogspot.com
• Copies of these slides will be posted at the end of April 2006 on my blog
More information
• “7 Daily Checks to Keep Exchange 2000 Running Smoothly” by Joe Neubauer● http://www.exchangeadmin.com InstantDoc
#26185