Collecting Performance logs on Exchange server
What is performance Monitor?
Performance Monitoring is one of the dark arts which administrators are rarely given the time to master. Performance Monitor on a Windows Server, in particular once Exchange Server is installed,
gives us the capability to collect enormous amounts of data; ensuring that any understanding of how our particular Exchange Server is performing is invariably lost beneath a sea of pretty but
unintelligible peaks and troughs. However it isn’t actually very difficult at all to configure Performance Monitor on your Exchange Server, collect some useful data and then interpret the results. It is
often then very easy to make changes to your servers which can have quite a dramatic effect on the performance of the server and the experience of Outlook clients alike.
There is now an enormous amount of information which can assist you in understanding what information to collect and how to interpret the results.
When to collect performance logs?
Performance monitor is one of the key tool you can use in many exchange issues such as,
Emails in the queue are moving slowly or Delay in receiving emails, specific process utilize a lot from memory, get a warning on Outlook “Outlook is retrieving data”, Backpressure issues, etc..
How to collect performance logs? And what tools you can use?
There are many tools that can help you to collect performance monitor data such as Experfwiz, Logman and Exchange Performance troubleshooter which is a build in tool under exchange management
console toolbox.
What is Experfwiz:
ExPerfWiz is a powershell based script to help automate the collection of performance data on Exchange 2007 and Exchange 2010 servers. It is no longer necessary to pick the correct counters
for the Exchange Server Roles that are installed as this script will automatically detect the roles installed and will add the appropriate counters for each role detected.
The default behavior of the script is to create a rolling blg file that will roll to a new log when the maximum size of the log has been reached up to a maximum of 8 hours. For Windows 2008 servers,
this is based on time as the -max parameter for logman.exe stops the data collection when the maximum log file size has been reached. There is logic in the script to prevent you from changing the
maximum size of the blg files on Windows 2008 servers.
How to use Experfwiz?
Download experfwiz from the link below (download tab)
https://archive.msdn.microsoft.com/ExPerfwiz
And then extract the file, and copy the extracted file and put it under scripts folder under c:\program files\Microsoft\exchange server\Scripts..
Note: I consider the binary files for exchange is installed on default location, which is under C as per Path above, so if it installed in different location, just past the file where the scripts folder locate.
Example:
Open the Exchange Management Shell
Type cd $exscripts
.\experfwiz.ps1 -duration 04:00:00 -interval 5 -filepath D:\Logs -full
NOTE 1: The example above will collect all counters on this server for four hours with interval of 5 seconds and save it under d:\logs.
NOTE 2: You can change the path where you have space instead of D:\.
NOTE 3: 04:00:00 means it will run for 4 hours and will stop automatically.
NOTE 4: Important, before running this script, you may do one or both of the following:
- Set powershell's execution policy to RemoteSigned using (Set-ExecutionPolicy RemoteSigned)
- Files downloaded from the internet using Internet Explorer are automatically blocked from running. Follow the below steps to Unblock this script from running:
Save the script file on your computer.
Click Start, click My Computer, and navigate to the saved script file.
Right-click the script file, and then click "Properties." Click "Unblock."
You can stop the tool anytime, by run .\experfwiz.ps1 –stop
What is Logman:
The LOGMAN.EXE utility can be used to create and manage Event Trace Session and Performance logs. Many functions of Performance Monitor are supported and
can be invoked using this command line utility. You can run it, if you want to run it against few specific counters.
Example: From a command prompt:
Logman.exe create counter PerfLog-Long -o "c:\perflogs\DCNAME.blg" -f bincirc -v mmddhhmm -max 250 -c "\LogicalDisk(*)\*" "\Memory\*" "\NTDS\*" "\Network Interface(*)\*" "\Paging File(*)\*" "\PhysicalDisk(*)\*"
"\Processor(*)\*" "\Process(*)\*" "\Redirector\*" "\Server\*" "\System\*" -si 00:00:30
You can change the highlighted path and intervals as required, add or remove any counters.
To start the log
Logman.exe start PerfLog-Long
To stop it after running for the amount of time needed:
Logman.exe stop PerfLog-Long
How to analyze the data and where to look?
1. You can use a built in Performance Monitor to open any .blg file by just double click on the file. Or from run, type Perfmon, And then check the threshold for counters based on predefined value as per
https://technet.microsoft.com/en-us/library/dd335215.aspx Exchange 2010
https://technet.microsoft.com/en-us/library/cc671175(v=exchg.80).aspx Exchange 2007
For example, if you think there is a disk issue, you can start to take a look into Avg. Disk sec/Read and write values.
The Default value for Avg. Disk sec/Read and write for “transaction logs and database files” drives is 20 MS and the maximum value should not be more than 50 MS.
2. Use PAL tool
The PAL (Performance Analysis of Logs) tool is a powerful tool that reads in a performance monitor counter log and analyzes it using known thresholds for most of the major Microsoft products
such as IIS, MOSS, SQL Server, BizTalk, Exchange, and Active Directory.
Steps on where to download and how to use it under:
https://pal.codeplex.com/
References:
https://technet.microsoft.com/en-us/library/cc722414.aspx
https://blogs.msdn.com/b/douggowans/archive/2007/01/02/a-very-quick-guide-to-monitoring-the-performance-of-your-exchange-server.aspx
https://503sayhelo.wordpress.com/2011/10/26/automating-collection-of-performance-monitor-counters-for-exchange-on-windows-2008/
https://blogs.technet.com/b/mikelag/archive/2009/01/23/getting-started-with-exchange-2007-performance-monitoring-and-windows-2008.aspx
https://technet.microsoft.com/en-us/library/bb201689(EXCHG.80).aspx
https://blogs.technet.com/b/askperf/archive/2008/05/13/two-minute-drill-logman-exe.aspx