The Message Tracking Logs contain lots of information about the message flow. The administrator can extract this information to determine mail flow characteristics. For example the administrator may want to determine how much time it took for Exchange 2007 to deliver a message, referred to as End2End Message Delivery Latency. When a Hub server receives a message, it records the 'original arrival time' if this hasn't been recorded yet. When a Hub server delivers a message (through Store Driver) it generates the DELIVER event which also contains the 'original arrival time'. The difference between the 'original arrival time' and the timestamp of the event gives you the End2End Message Delivery Latency. Another question Message Tracking Logs can answer is how long it took for a message to be sent out from a server (the time between the message entering the Hub or Edge server and it leaving the same server); which it is referred as Server Latency.

For End2End Message Delivery Latency, there are issues with the 'original arrival time' as it gets set to the client submit time in Exchange 2007 RTM. Issues with this value are:

  1. The time of the Windows client might not be synchronized (which is what gets stamped)
  2. Deferred message (as the client time gets recorded when the user presses 'Send')
  3. Outlook cached mode (as the client time gets recorded when the user presses 'Send')

In most of these cases the End2End Message Delivery Latency turns out worse than it actually is but nevertheless, the results are helpful to understand mail flow.

This blog describes a tool, called MSGAnalyzer.exe, which can be used to determine both End2End Message Delivery Latency and Server Latency.

The download link for the tool is at the end of this post below.

MSGAnalyzer.exe

This program has two functions. First, it can be used to calculate End2End Message Delivery Latency in organization (In organization means message is submitted by a mailbox in organization and the same message is delivered to a mailbox in organization). Second it can be used to calculate Server Latency. Server latency means the time interval between the message entering the server and the message leaving the server.

How to Use:

Depending on the amount of log to be processed, the tool can consume a significant amount of CPU and memory. Therefore it is better to copy the Message Tracking Logs to a system that can be used to perform the analysis instead of running it on a production Hub server.

Usage:

MSGAnalyzer [-?|-h] [-Path:path] [-E2ELatency[:filename]] [-ServerLantency[:filename]]

-?|-h Print this message

-Path:path Specify message tracking log file path. If no path specified, current directory is used.

- E2ELatency [:filename] Execute End2End Message Delivery Latency analyze and write output into filename. If no filename specified, e2elatency.dat is the output file.

-ServerLatency[:filename] Execute Server Latency analyze and write output into filename. If no filename specified, serverlatency.dat is the output file.

Result file:

The result file for E2E Message Delivery Latency calculation is a data file which contains sorted latency with corresponding number of messages with this latency. This file can be used to generate graph to visualize pattern of latency.

A simple End2End Message Delivery Latency graph generated by Excel.

The result file for server latency calculation is a data file which contains sorted latency with corresponding number of messages with this latency. This file can be used to generate graph to visualize pattern of server latency.

Note:

  • Messages coming from outside of organization can not be calculated E2E Message Delivery Latency because of lacking information about the starting point.
  • For E2E Message Delivery Latency calculation, you should analyze message tracking logs from Hub Server.
  • For server latency calculation, log files from both Hub and Edge servers can be used

Finally, you can get the tool here:

MSGAnalyzer.exe tool

- Jiang Zhu