Liens vers d'autres blogs
Tips sur d'autres produits ...
Notes diverses
Hi all,
the official TechNet most important performance counters list to monitor for Exchange 2013 is now available !
The good news is that since Exchange 2013 is now a single box (-ish as separable CAS role is merely just a protocol forwarder), the counters to monitor are now simplified down to 71 counters:
Remember the process to analyze an Exchange performance concern (once it’s determined that the latency is server-side and not client side or network related):
1- Check the RPC requests as well as the RPC latency counters
and then:
2- Determine which is likely the cause by checking
Check out all the counters and their description below:
Exchange 2013 Performance Counters
https://technet.microsoft.com/en-us/library/dn904093(v=exchg.150).aspx
For a summarized view, below is a sub-list of the above Technet Exchange counters to show only those which have thresholds (29 counters have thresholds out of the 71 TechNet counters) – the TechNet article above has the entire list and descriptions. You’ll see below a picture with colors for readability between categories (click on the small image to open the original one in a new window), the other table is a simple table to enable you to copy paste these to make it a bit easier to integrate the counters in SCOM or Perfmon custom alerts for example…
Hey all,
Here is a script to dump the Internal and External URL properties from the main Exchange services.
This script has been designed and tested to work out of the box on an Exchange 2010 environment, but it may work on Exchange 2007 and Exchange 2013 as well.
Why these properties ? Because on many engagements, I found that these URLs were not properly set, leading to users or servers latencies, performance issues, proxy or redirection not working between Active Directory sites, …
Look at the URL configuration tables on the below link, which are Microsoft’s recommendations to set correctly your URLs whether you have a Load Balancer or not:
Understanding Proxying and Redirection
https://technet.microsoft.com/en-us/library/bb310763(v=exchg.141).aspx
Virtual directory /service
Don’t forget to double check your certificates as well, they should contain all the above used URLs.
The below script will dump the Internal and External URLs for the above services to that you’ll be able to check if your environment has been configured correctly (trust me, it’s worth to triple-check because for lots of my customers we saw surprises, that explained some user or server performance issues we had at that time).
This type of script is pretty common among administrators, pretty straightforward, anyways I tried to comment the script so that it’s understandable by anyone, but leave me comments and suggestions if you don’t understand something…
You can either copy-paste the below lines (but the formatting will be a bit weird), or download the script from the following link.
Download the script
https://gallery.technet.microsoft.com/Powershell-script-to-ccde9d5f
Add-PSSnapin microsoft.exchange.management.powershell.admin -erroraction 'SilentlyContinue' | OUT-NULL
Add-PSsnapin Microsoft.Exchange.Management.PowerShell.E2010 -erroraction 'SilentlyContinue' | OUT-NULL
Add-PSsnapin Microsoft.Exchange.Management.PowerShell.Setup -erroraction 'SilentlyContinue' | OUT-NULL
Add-PSsnapin Microsoft.Exchange.Management.PowerShell.Support -erroraction 'SilentlyContinue' | OUT-NULL
#For Exchange 2007 and 2013, add the corresponding modules/snapins, or simply execute the script into an Exchange MAnagement Shell :-)
$ScriptPath = Split-Path -Parent -Path $MyInvocation.MyCommand.Definition
#just change the $Servers = @(Get-ClientAccessServer) line with $Servers = @(Get-content ServersList.txt) for example to get servers from a list...
$Servers = @(Get-ClientAccessServer)
#Initializing counters to setup a progress bar based on the number of servers browsed
# (more useful in an environment where you have dozen of servers - had 45 in mine)
$Total=$Servers.count
$report = @()
foreach( $Server in $Servers)
#$Computername=$Server.Name <- not needed for now
#This is to print the progress bar incrementing on each server (increment is later in the script $Counter++ it is...
$Pct=($Counter/$Total)*100
Write-Progress -Activity "Processing Server $Server" -status "Server $Counter of $Total" -percentcomplete $pct
#For the current server, get the main vDir settings (including AutodiscoverServiceInternalURI which is important to determine
#whether the Autodiscover service will be hit using the Load Balancer (recommended).
$EAS = Get-ActiveSyncVirtualDirectory -Server $Server| Select Name, InternalURL,externalURL
$OAB = Get-OabVirtualDirectory -Server $Server| Select Name,internalURL,externalURL
$OWA = Get-OwaVirtualDirectory -Server $Server| Select Name,InternalURL,externalURL
$ECP = Get-EcpVirtualDirectory -Server $Server| Select Name,InternalURL,externalURL
$AutoDisc = get-ClientAccessServer $Server | Select name,identity,AutodiscoverServiceInternalUri
$EWS = Get-WebServicesVirtualDirectory -Server $Server| Select NAme,identity,externalURL
#If you want to dump more things, use the below line as a sample:
#$ServiceToDump = Get-Whatever -Server $Server | Select Property1, property2, .... <- don't need the "Select property", you can omit this, it will just get all attributes...
#the below is a template if you need to dump more things into the final report
#just replace the "ServiceToDump" string with the service you with to dump - don't forget to
#Get something above like the $Service = Get-whatever -Server
#$Obj | Add-Member -MemberType NoteProperty -Name "ServiceToDump-vDirNAme" -Value $ServiceToDump.Name
#$Obj | Add-Member -MemberType NoteProperty -Name "ServiceToDump-InternalURL" -Value $ServiceToDump.InternalURL
#$Obj | Add-Member -MemberType NoteProperty -Name "ServiceToDump-ExernalURL" -Value $ServiceToDump.ExternalURL
#Initializing a new Powershell object to store our discovered properties
$Obj = New-Object PSObject
$Obj | Add-Member -MemberType NoteProperty -Name "ServerName" -Value $Server.Name
$Obj | Add-Member -MemberType NoteProperty -Name "EAS-vDirNAme" -Value $EAS.Name
$Obj | Add-Member -MemberType NoteProperty -Name "EAS-InternalURL" -Value $EAS.InternalURL
$Obj | Add-Member -MemberType NoteProperty -Name "EAS-ExternalURL" -Value $EAS.ExternalURL
$Obj | Add-Member -MemberType NoteProperty -Name "OAB-vDirNAme" -Value $OAB.Name
$Obj | Add-Member -MemberType NoteProperty -Name "OAB-InternalURL" -Value $OAB.InternalURL
$Obj | Add-Member -MemberType NoteProperty -Name "OAB-ExernalURL" -Value $OAB.ExternalURL
$Obj | Add-Member -MemberType NoteProperty -Name "OWA-vDirNAme" -Value $OWA.Name
$Obj | Add-Member -MemberType NoteProperty -Name "OWA-InternalURL" -Value $OWA.InternalURL
$Obj | Add-Member -MemberType NoteProperty -Name "OWA-ExernalURL" -Value $OWA.ExternalURL
$Obj | Add-Member -MemberType NoteProperty -Name "ECP-vDirNAme" -Value $ECP.Name
$Obj | Add-Member -MemberType NoteProperty -Name "ECP-InternalURL" -Value $ECP.InternalURL
$Obj | Add-Member -MemberType NoteProperty -Name "ECP-ExernalURL" -Value $ECP.ExternalURL
$Obj | Add-Member -MemberType NoteProperty -Name "AutoDisc-vDirNAme" -Value $AutoDisc.Name
$Obj | Add-Member -MemberType NoteProperty -Name "AutoDisc-URI" -Value $AutoDisc.AutodiscoverServiceInternalURI
$Obj | Add-Member -MemberType NoteProperty -Name "EWS-InternalURL" -Value $EWS.InternalURL
$Obj | Add-Member -MemberType NoteProperty -Name "EWS-ExernalURL" -Value $EWS.ExternalURL
#Appending the current object into the $report variable (it's an array, remember)
$report += $Obj
#Incrementing the Counter for the progress bar
$Counter++
}
#Building the file name string using date, time, seconds ...
$DateAppend = Get-Date -Format "ddd-dd-MM-yyyy-\T\i\m\e-HH-mm-ss"
$CSVFilename=$ScriptPath+"\ExchvDirsInformation"+$DateAppend+".csv"
#Exporting the final result into the output file (see just above for the file string building...
$report | Export-csv -notypeinformation -encoding Unicode $CSVFilename
Exchange 2010 SP3 RollUp 8 Version 2 (V2) is now released ! Link below.
Update on 12th December from the Exchange Team Blog:
Exchange Server 2010 SP3 Update Rollup 8 has been re-released to the Microsoft download center resolving a regression discovered in the initial release. The update RU8 package corrects the issue which impacted users connecting to Exchange from Outlook. The issue was insulated to the MAPI RPC layer and was able to be isolated to quickly deliver the updated RU8 package. The updated RU8 package is version number 14.03.0224.002 if you need to confirm you have the updated package. The updates for Exchange Server 2013 and 2007 were not impacted by this regression and have not been updated.
Update Rollup 8 v2 For Exchange 2010 SP3 (KB2986475)
http://www.microsoft.com/en-us/download/details.aspx?id=45225
This update still include the security patch for Exchange MS14-075 (https://technet.microsoft.com/library/security/ms14-075)
Other fixes included on this RollUp (also listed on the SP3 RU8’s page):
3004235
(http://support.microsoft.com/kb/3004235/ )
Exchange Server meetings in Russian time zones as well as names of time zones are incorrect after October 26, 2014
3009132
(http://support.microsoft.com/kb/3009132/ )
Hybrid mailbox moves to on-premises environment but finishes with CompletedWithWarnings status
3008999
(http://support.microsoft.com/kb/3008999/ )
IRM restrictions are applied to incorrectly formatted .docx, .pptx, or .xlsx files in an Exchange Server 2010 environment
3008370
(http://support.microsoft.com/kb/3008370/ )
Group members are not sorted by display name when HAB is used with OAB in Exchange Server 2010
3008308
(http://support.microsoft.com/kb/3008308/ )
Public folder database migration issue in a mixed Exchange Server environment
3007794
(http://support.microsoft.com/kb/3007794/ )
Hub Transport server cannot deliver messages when a database fails over to a cross-site DAG in Exchange Server 2010
3004521
(http://support.microsoft.com/kb/3004521/ )
An Exchange server loses its connection to domain controllers if a public folder server is down in Exchange Server 2010
2999016
(http://support.microsoft.com/kb/2999016/ )
Unreadable characters when you import ANSI .pst files of Russian language by using the New-MailboxImportRequest cmdlet
2995148
(http://support.microsoft.com/kb/2995148/ )
Changing distribution group takes a long time in an Exchange Server 2010 environment
2992692
(http://support.microsoft.com/kb/2992692/ )
Retention policy is not applied to Information Rights Management protected voice mail messages in Exchange Server 2010
2987982
(http://support.microsoft.com/kb/2987982/ )
Issues caused by ANSI mode in Exchange Server 2010
2987104
(http://support.microsoft.com/kb/2987104/ )
Email message is sent by using the "Send As" instead of "Send on Behalf" permission in Exchange Server 2010
2982017
(http://support.microsoft.com/kb/2982017/ )
Incorrect voice mail message duration in Exchange Server 2013 and Exchange Server 2010
2977279
(http://support.microsoft.com/kb/2977279/ )
You cannot disable journaling for protected voice mail in Exchange Server 2013 and Exchange Server 2010
Sam.
YaY, public version big jumping from v2.2 to v2.7 for many cool features and fixes, thanks Julian Burger, Microsoft Application Developper !
Quote from the site:
RDCMan manages multiple remote desktop connections. It is useful for managing server labs or large server farms where you need regular access to each machine such as automated checkin systems and data centers. It is similar to the built-in MMC Remote Desktops snap-in, but more flexible.
The RDCMan 2.7 version is a major feature release.
New features include:
Here is the download link:
http://www.microsoft.com/en-us/download/details.aspx?id=44989
And here are some more good information from my friend Rhoderick Milne:
http://blogs.technet.com/b/rmilne/archive/2014/11/19/remote-desktop-connection-manager-download-rdcman-2-7.aspx
Cheers,
The security update MS014-066 was released last Tuesday with the normal patch Tuesday releases and very little mention was made of it.
It addresses a vulnerability in Microsoft’s implementation of Secure Channel (SChannel) that is used to establish SSL connections. If this vulnerability is exploited an attacker could run code remotely on servers and/or workstations that use the current SChannel algorithms. It can affect servers and clients as well, and the impact is the ability for remote code execution rather than just communication interception.
The good news is that the patch is available. We highly recommend testing the patch and deploy it once tested as soon as possible.
So again, the patch is available and should be implemented as soon as possible. The bad guys are already hard at work trying to reverse-engineer the patch (just as a comparison point, they only took 12 hours to figure-out and exploit Heartbleed)…
More information is available here:
https://technet.microsoft.com/library/security/MS14-066
http://arstechnica.com/security/2014/11/potentially-catastrophic-bug-bites-all-versions-of-windows-patch-now/
Pasting the FAQ from the TechNet link above for quick reference:
What might an attacker use the vulnerability to do? An attacker who successfully exploited this vulnerability could run arbitrary code on a target server.
How could an attacker exploit the vulnerability? An attacker could attempt to exploit this vulnerability by sending specially crafted packets to a Windows server.
What systems are primarily at risk from the vulnerability? Server and workstation systems that are running an affected version of Schannel are primarily at risk.
Many thanks to Mike MacGillivray for putting together all the above information !
Thanks Macster and Festivalman for this tip !
Before applying this TCP Ack solution, the below conditions must be met:
- OWA connection and mail browsing is very fine, whereas an Outlook online mode (i.e. not cached mode) connectivity is quite sluggish when mailboxes are on Exchange 2013…
- If OWA is slow as well, then the issue may be a general network slowness issue – check the network latency using Ping or PsPing (Advanced ping tool from Windows SysInternals)
- On Outlook Connection Status dialog box (CTRL+Right Click the Outlook icon on the Windows notifications part of the taskbar), Avg. Proc. time is fine, below 50~60ms, and Avg. Resp. time is over 110ms.
Cause:
Cause seems that it looks like it’s caused by the 200ms timeout setting on ACKs, probably causing more TCP retransmits – using Netmon and an Outlook connecting to an Exchange 2013 lab infrastructure may confirm that point …
To summarize Macster and Festivalman findings, the solution is to create a TcpAckFrequency registry key and set it to 1.
Recommendation:
My recommendation is not to change this registry key on the desktop(s) until you confirmed the behavior using a Network Trace, and until you are falling Under the above mentionned conditions (especially OWA browsing is fine, Outlook online browsing is slow)
More information about the TcpAckFrequency registry key:
Quoting from http://support2.microsoft.com/kb/328890:
- TcpAckFrequency is a registry entry that determines the number of TCP acknowledgments (ACKs) that will be outstanding before the delayed ACK timer is ignored.
- TCP uses delayed acknowledgments to reduce the number of packets that are sent on the media (Wifi, Wire,…)
- As data is received by TCP on a particular connection, it sends an acknowledgment back only if one of the following conditions is true:
Typically, an acknowledgment is sent for every other TCP segment that is received on a connection unless the delayed ACK timer (200 milliseconds) expires.
- You can adjust the delayed ACK timer by editing the following registry entry.
Subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\<Interface GUID>
Entry:
TcpAckFrequency
Value Type: REG_DWORD, number Valid Range: 0-255 Default: 2 Description: Specifies the number of ACKs that will be outstanding before the delayed ACK timer is ignored. Microsoft does not recommend changing the default value without careful study of the environment.
More explanations and complete solution:
Outlook slow after migrating to Exchange 2013
http://community.spiceworks.com/topic/571571-outlook-slow-after-migrating-to-exchange-2013
Slow online mode "browsing"
https://social.technet.microsoft.com/Forums/office/en-US/0d45b1b0-3047-4666-ad04-217e98ed8823/slow-online-mode-browsing?forum=exchangesvrclients
Again, to give back to Caesar what belong to Caesar, thanks to Macster and Festivalman for sharing this finding ! That will save trouble for many people out there !
a quick word about this SSL 3.0 vulnerability and Exchange Server, as there is nothing specific to Exchange regarding our recommendations.
Microsoft Suggested Actions to mitigate or eliminate the SSL 3.0 vulnerability are to disable 3.0 usage on clients (browsers, devices) and servers, although this vulnerability is not a huge security threat, in the sense that the attacker must show up in the middle of a Client <-> Server SSL session to perform his attack and as per the below mitigation factor from the Technet’s vulnerability detailed description:
Mitigating Factors:
· The attacker must make several hundred HTTPS requests before the attack could be successful.
· TLS 1.0, TLS 1.1, TLS 1.2, and all cipher suites that do not use CBC mode are not affected.
Then, disabling the use of SSL v3 on the client will prevent all clients to use SSL v3.0 to establish SSL channels, these will use TLS instead; the consequence of this is for services (applications servers) who don’t support TLS, who only rely on SSL 3.0 for SSL encryption => clients/browsers without support of SSL v3.0 won’t be able to access services using SSL v3.0 only; they just won’t understand other SSL encryption protocols than SSL v3.0. Exchange Server supports TLS for SSL channel encryption and then can work without SSL v3.0 as it is doing by default.
So to understand the differences between both, here is the Technet’s description which is okay to take paste here (just to not reinvent the wheel):
What is SSL? Secure Sockets Layer (SSL) is a cryptographic protocol that provides communication security over the Internet. SSL encrypts the data transported over the network, using cryptography for privacy and a keyed message authentication code for message reliability.
What is TLS? Transport Layer Security (TLS) is a standard protocol that is used to provide secure web communications on the Internet or on intranets. It enables clients to authenticate servers or, optionally, servers to authenticate clients. It also provides a secure channel by encrypting communications. TLS is the latest version of the Secure Sockets Layer (SSL) protocol.
So disabling SSL V3.0 on the Windows Server hosting Exchange server application won’t affect classical Exchange services, it will only prevent clients that cannot/don’t “speak” TLS (who speak SSL 2.0/3.0 only) to connect to Exchange services using SSL channel.
All the other clients such as Outlook and IE will continue to work seamlessly with the Exchange services.
Disable SSL 3.0 in Windows
You can disable support for the SSL 3.0 protocol on Windows by following these steps:
1. Click Start, click Run, type regedt32 or type regedit, and then click OK.
2. In Registry Editor, locate the following registry key:
HKey_Local_Machine\System\CurrentControlSet\Control\SecurityProviders \SCHANNEL\Protocols\SSL 3.0\Server
Note If the complete registry key path does not exist, you can create it by expanding the available keys and using the New -> Key option from the Edit menu.
3. On the Edit menu, click Add Value.
4. In the Data Type list, click DWORD.
5. In the Value Name box, type Enabled, and then click OK.
Note If this value is present, double-click the value to edit its current value.
6. Type 00000000 in Binary Editor to set the value of the new key equal to "0".
7. Click OK. Restart the computer.
Note This workaround will disable SSL 3.0 for all server software installed on a system, including IIS.
Note After applying this workaround, clients that rely only on SSL 3.0 will not be able to communicate with the server.
(Source: https://technet.microsoft.com/en-us/library/security/3009008.aspx)
More information:
Details about the POODLE attack on the SSL 3.0 vulnerability:
http://www.theregister.co.uk/2014/10/16/poodle_analysis/
One of the security researchers says as well:
“The conditions that are required for the attack to be applicable are hard to obtain. In particular, the attacker needs to become a man-in-the-middle between the attacked client and server, and to generate, block and modify client messages to the server and vice versa."
Testing your client vulnerability to Poodle attacks/hijacks:
https://www.poodletest.com/
Hope this helps you understand a bit better what’s up with Exchange and this SSL 3.0 vulnerability,
Intro:
In this article, I’ll provide a quick reference guide and an Excel-based tool that allows you to build monitoring consoles using HTML without being a scripting star. I call it the Document-Tool-Walkthrough (DTW).
This is a new concept document/tool built using Excel that can help you to build System Monitor consoles that are centrally stored to monitor your servers. You can build as many consoles as you want using this tool, with each console being responsible for monitoring a specific area of your IT infrastructure (e.g. one for Exchange databases, another for disk latencies, another for core resources of DC servers, etc.), You can store these in a central place where administrators will be able to open them and monitor (or troubleshoot) their servers. People using this tool won’t need any knowledge about scripting (or at least very little) as the code is generated automatically through the Excel tabs.
Please note this tool is provided as is, but feedback and input is appreciated.
The remainder of my article is there:
How To Build A Simple and Efficient Windows Monitoring Solution (DTW)
http://blogs.technet.com/b/mspfe/archive/2011/03/10/how_2d00_to_2d00_build_2d00_a_2d00_simple_2d00_and_2d00_efficient_2d00_windows_2d00_monitoring_2d00_solution_2d00_dtw.aspx
The Excel spreadsheet/tool is there:
Version Excel 2003 (may not work as good as Excel 2007-2013 version above):
Adding the above issue on my blog to help me remember as I forgot the commandlet to check for replication network communication issues between members of a DAG (damn limited memory of mine) – may be valid for Exchange 2013 as well (have to double-check this on my lab when I’ll have time between kids, regular work, administrative work, etc, etc)
SYMPTOMS:
If we encounter the following behavior :
1- Issues trying to Update-DatabaseCopy (error message saying that "An error occurred while communicating with server '<Server_Issue>'. Error: Unable to read data from the transport connection: an existing connection was forcibly closed by the remote host.")
2- 2153 MSExchangeRepl errors in the Application Log and NO OTHER RELATED ERRORS
3- Get-MailboxDatabaseCopyStatus -ConnectionStatus gives the above error on the "IncomingLogCopyingNetwork" parameter.
An error occurred while communicating with server '<Server_Name>'. Error: Unable to read data from the transport connection: an existing connection was forcibly closed by the remote host.
CAUSE:
Some network error on the Replication network causing the network replication to have issues…
WORKAROUND:
3 facts to remind first:
ACTION: disable replication on "Replication Network" + enable replication on "MAPI Network". then RESTART the MSExchange Replication service.
To see if it worked:
Get-MailboxDatabaseCopyStatus -ConnectionStatus | FT Identity,IncomingLogCopyingNetwork
You should see something like "{Server_Name,MAPI-Network}" on the IncomingLogCopyingNetwork column, and no "Error: Unable to read data...." subsequent message.
Raw issue data:
IncomingLogCopyingNetwork
SERVER_NAME
Replication_Network_name
An error occurred while communicating with server 'SERVER_NAME'. Error: Unable to read data from the transport connection: an existing connection was forcibly closed by the remote host.
Lost of times I work with Excel to make statistics, build nice operational Exchange dashboards, and I make a very intensive usage of LOOKUP and VLOOKUP. Since I recently lost valuable time trying to figure why a LOOKUP would not return me the values I want, or sometimes it did, sometimes it didn’t, I finally found the workaround for this.
This post is mostly for me to remember the trick but it’s good to know for you guys as well if you are like me an Excel-man (ish):
This post is merely a pure copy (commented) from the following article:
http://support.microsoft.com/kb/181212
“LOOKUP requires that the first column of the vector (or the first column or row for the array form) is sorted in ascending order. The following information describes different formulas that you can use to return the same information returned by LOOKUP without requiring that the first column of the table be sorted. “
==> because I was not aware of the above until I searched the Internet (using www.bing.com I have to say it), I lost about 2 hours trying to figure what was wrong in my spreadsheet ! I was thinking “Chier, qu’est-ce que c’est encore que ce truc de daube ???” which the Parisian French for “what is wrong with my data ???”
(Private message to my friends Joe T. and Liju V.: we don’t say “sacrebleu” anymore in France since the XVIIth century, you have to learn the expression above instead :-) )
Then I found the above article, which saved my spreadsheet. Pewwww, it’s not a bug, it’s just the way the LOOKUP function works !! I was just ignorant.
I could have used VLOOKUP, but VLOOKUP does a lookup on the first column only. so if you wish to match the data on something in a column of your table that is not in the first column, and you don’t want to rearrange your original table against which you are searching, that’s when you’d use the formula in mentionned this article.
I found the “INDEX+MATCH” combination the most useful and the most practical to use in my case, so I paste this part in this post. For the other possibilities, just open the support article above (181212)
=INDEX(Table_Array,MATCH(Lookup_Value,Lookup_Array,0),Col_Index_Num)
Where:
Table_Array = The entire lookup table. Lookup_Value = The value to be found in the first column of "table_array". Lookup_Array = The range of cells containing possible lookup values. Col_Index_Num = The column number in "table_array" for which the matching value should be returned.
Thank you very much for your attendance and your kindness during our Exchange 2007/2010 migration workshop.
As promised, and as it’s easier for me to share these through my blog as you guys already got the address, below is the link to the extra-slides that I showed you during the workshop; these are intended to help understanding Exchange 2013 parts that I found were not obvious, especially because they changes quite significantly since previous Exchange versions, or because they are new…
A quick “tip” that can be useful as IIS logging usually generates GB of files that we don’t necessary monitor, and I thought it was important enough to write a quick post about it, as I got lately several examples of customers for which C:\ free drive space fell below 10%;
You may ask yourself, why this guy is writing such a post on an Exchange Server blog ? What does this has to do with Exchange ?
- reason is Exchange is using the C:\TEMP or C:\Windows\Temp folder for a few things like message content conversion (the HUB role in particular). So if we run out of disk space on C:\, there is a risk that the Transport Service stops; or even worse, the Windows host can stop working because there is no more space to handle temp files for other OS related tasks.
So continue to monitor your disk space on the C:\ drive, and you can use the below command line to check and purge your IIS Logging directory (if you need IIS logging to stay activated) :
get-childitem -Path C:\inetpub\logs\LogFiles -recurse | where {$_.lastwritetime -lt (get-date).addDays(-90)} | Foreach-Object {del $_.FullName}
Also useful if it appears you don’t need IIS logging because there is no troubleshooting need, you can simply deactivate IIS logging:
Enable or Disable Logging (IIS 7)
http://technet.microsoft.com/en-us/library/cc754631(v=WS.10).aspx
Here are a few examples of which issues you can expect as well if some software are preventing access, even temporarily, to Outlook Cache mode files:
- a manager with many secretaries who have delegations rights on this manager’s mailbox, and who organize meetings on behalf of the boss – inconsistencies will arise overtime on meeting organizer and meeting attendees, which can be directly related to AV scanning Outlook cache files (OST, OST.tmp,xml,…) – or any other software who can have a handle on these files.
- desktop load from other application also plays a role in the frequency the above mentioned issues appearance, as applications like Outlook may be slower to process elements and will need more time handling OST, ost.tmp, profile_name.xml, .oab, etc… files and need more constant access to these => if the antivirus are handling these files at the same time, chances to have issues are multiplied.
- Outlook in cache mode is freezing as the application is trying to access its OST or other cache related files (as well as PST files sometimes “hooked” by AV software – remember not to put PST files on network shares or mapped drives) – Outlook in cache mode will NEVER freeze, unless the mentionned case on this example, OR any piece of online mode that is used on the user profile (Example: access to shared folders or mailboxes for which cache mode is not configured – this is a check box on the Outlook options for the current profile, or the OAB is not downloaded, then Outlook uses Online mode Address Book for example)
Note that frequency of these also increases as certain conditions of daily utilizations are met.The above examples of issues can be hard to reproduce on a lab.
I’m adding some more information regarding Outlook latency causes that can be on the Desktop side.
> Outlook 2007/2010 – More precisions about Antivirus exclusions and things that can slow down your messaging client in general
http://blogs.technet.com/b/samdrey/archive/2012/10/10/outlook-2007-2010-some-basic-advice-if-you-experience-startup-latencies.aspx
> Plan antivirus scanning for Outlook 2010
http://technet.microsoft.com/en-us/library/hh550032(v=office.14).aspx
Quotes:
- We recommend that you turn off scanning of the following Microsoft Outlook files:
*.oab (Outlook address book files)
%userprofile%\AppData\Local\Microsoft\Outlook\Offline Address Books\<guid>
*.srs (send/receive settings files)
%userprofile%\AppData\Roaming\Microsoft\Outlook
Navigation pane settings file profile_name.xml files
%userprofile%\AppData\Roaming\Microsoft\Outlook\<profile name>.xml
where <profile name> is the name of the Outlook messaging profile, as shown in the Control Panel, Mail applet.
outlprnt (print styles)
- If you use antivirus software to perform file-level scanning [Outlook files], while Outlook is in use, data corruption issues might result.
- We we do not recommend that you scan *.pst, *.ost, and other Outlook files directly. Instead, we recommend that you scan email message attachments on the email server and on the Outlook client computer.
> How to troubleshoot performance issues in Outlook 2010
http://support2.microsoft.com/kb/2695805
Quote:
- The performance issues may be caused by one or more of the following:
Just pasting the new Paging File size guidance on Exchange 2013 OS because we tend to forget the below new stance:
Moving forward with Exchange 2013, we recommend a fixed pagefile of the smaller of RAM size + 10MB or 32,778 MB (which is 32GB + 10MB).
http://blogs.technet.com/b/exchange/archive/2014/04/03/ask-the-perf-guy-sizing-guidance-updates-for-exchange-2013-sp1.aspx
Thanks Jeff Mealiffe !
Hey,
Just taking Richard Schwendiman’s awesome Mail Flow schema and put the corresponding Receive Connectors as we “see” them from either Exchange Management Shell (in the Green Boxes, results of Get-ReceiveConnector for Get-ReceiveConnector -Server e2013 | fl name,bindings,transportrole,permissiongroups,authmechanism) or Exchange management console (focusing on the “Security” section of the EMC)
In your servers, for the connectors names in both EMS and EMC, you’ll see “Default <YourServerName>”, “Client FrontEnd <YourServerName>”, etc… instead of “Default E2013” , “Client FrontEnd E2013”, etc….
Full-resolution picture:
Sources:
http://blogs.technet.com/b/rischwen/archive/2013/03/13/exchange-2013-mail-flow-demystified-hopefully.aspx
Here I’ll just show a few examples just to make it sure if you have a doubt, that RPC Averaged Latency counter(s) is/are in milliseconds always, not in seconds, whether you query the counter(s) via Perfmon or Powershell (get-counter).
Perfmon in general always shows latency or times counters in milliseconds, usually in the format “0.000” for the Latest, Maximum, Average and Minimum values.
Here are a few examples.
I will do 2 sets of verifications to prove that the value we see for the RPC Averaged Latency (MSExchange RPC Client Access counter set) is in milliseconds even if it’s in the format “0.000”.
So first one, for two of my recent Exchange 2010 customers, I did a performance health check, and during the time frame of the test (2 hours), we had very few users, and we were good on RPC latencies (that is, below the 250ms error threshold for MSExchange RPCClientAccess – for MSExchangeIS, the error threshold is 100ms in average in Exchange 2010/2013).
So first one, we have a spike of “25.000” and an average of “6.587” … so if it were in seconds, we would have had a spike at “25.000 seconds” (that is 25,000 milliseconds) and an average of “6.587 seconds” (that is 6,587 milliseconds – six thousands five hundred and eighty seven milliseconds)… over an error threshold of 250ms (0.250 seconds) … then if we assume these values were really in seconds, for this first customer, the Exchange server would have been unusable ! and it was not the case, we were all good - so on this case, it’s definitely 25.000 milliseconds for the spike, and 6.587 milliseconds for the average.
And another view generated by PAL (Performance Analyzer of Logs by Clint Huffman):
For the second one, a customer for which I’m dedicated, which was measured with just about 30 users on it (my test mailbox also was in as well), so very few load – you see a spike at “5.000” and an average of “3.800” – again if it were in seconds, it would be 5 seconds for the spike (=5000 milliseconds) , and 3.800 seconds (=3800 milliseconds) – wayyy above the 250ms error threshold again and if it was the case, we would be unresponsive on the client side, and even the Exchange server would definitely have a problem - so it’s 5.000 milliseconds for the spike, and 3.800 milliseconds for the average.
See below the performance show which shows in thick the RPC latency (MSExchange RPCClientAccess), the Active User Count in brown (again MSExchange RPCClientAccess list set), and in blue (or thin black) the RPC Operations/sec activity which was very low (usually a full loaded server with 5000 mailboxes shows about 2000 RPC operations per seconds – here we only had 25 RPC ops/sec in average:
And a final test on my own lab:
And from the test I just did on my Lab (the red line is the CPU work – the black one is the RPC Average Latency, which I have very few here) :
Average = 0.330 , Max 1.000
And the Outlook latencies on the client side show 3ms max for the Exchange Mail connection:
(the 72ms is for the “Exchange Directory” connection which is slow because I’m running 4 vms on my Laptop – 1 Exchange 2007 + GC, 1 Exchange 2010 + GC, 2 Exchange 2013 configured as a DAG, all these on 2 AD sites) – and in Outlook 2010/Exchange 2010, there is no direct connection to the GC for directory requests (Outlook 2010 connects to Exchange 2010, which does NSPI requests for client directory requests – that adds overall time and raises the “Exchange Directory” times you see on the “Connection Status” window)
But see, “Avg Resp” is always in ms on the “Connection status” otherwise if it were 3 seconds here, my Outlook client will be unresponsive and always freezing, which is definitely not the case – as we recommend a round-trip time from Outlook to Exchange of 110ms max otherwise we will see lots of freezing, and RPC “waiting for server” dialog boxes.
So that corresponds to the 1.000 ms spike I see on my server (if I had 1.000 sec spike on the server, I wouldn’t have 3 ms of “Avg Resp” time seen on the client but a value closer to 1000ms).
So in conclusion, the value we see in MSExchange RPCClientAccess is in milliseconds, and more generally, all values you’ll see on Perfmon counters for Exchange and AD latencies are in milliseconds just like Technet’s latency thresholds.
The below counters are just to be taken as indicators if you suspect a memory leak on your machine; there are other Tools that are designed for detecting precisely memory leaks, but you can start with understanding what Working Set – Private, Private Bytes and Working Set indicate and watching the below perfmon counters …
- If Windows 2008 or later:
\\Server\Process(*)\Working Set - Private
The above counter will tell you how much memory each process is using – it counts the memory allocated just for that specific process, excluding the memory used by the process that can be shared by other processes. So it’s the most accurate process memory counter that can tell us if we have a memory leak.
- If Windows 2003 or earlier :
\\Server\Process(*)\Private Bytes
This one reports bytes allocated exclusively for a specific process; its value tends to rise for a leaking process.
\\Server\Process(*)\Working Set
The above one reports the shared and private bytes allocated to a process; its value tends to rise for a leaking process. (WS Shared bytes correspond to physical memory area that the process shares with other processes while WS private bytes shows memory area only taken by the process itself)
- All versions:
\\Server\Memory\Available Bytes (for Windows 2003 or earlier)
or
\\Server\Memory\Available MBytes (For windows 2008 or later – easier to read without having to convert from Bytes to MB)
References:
- Investigating User-Mode Memory Leaks
http://technet.microsoft.com/en-us/library/cc938582.aspx
- What is private bytes, virtual bytes, working set?
http://stackoverflow.com/questions/1984186/what-is-private-bytes-virtual-bytes-working-set
Q: What’s the impact of a user having lots of Shared calendars opened or just configured in his Outlook profile ? Is the calendar connection opened “on access” or is the connection made everytime the user opens Outlook ? What if the Outlook (2010, 2013) user has checked the “download Shared folders” to cache all Shared folders locally ? Are all calendars downloaded as the user opens Outlook ? Or is the download in the OST of Shared Calendars done on access basis only?
Screenshot 1: this is the place where you activate cached mode for Shared Folders as well (Outlook 2010, 2013)
Below are a few elements of answers, based on tests and real life expériences:
1- If the user didn’t have cached mode enabled for Shared Folders, but already had 10 calendars configured on their profile, and then if later on we enable cached mode for Shared Folders, these 10 calendars will be “downloaded” onto the OST file when users access these only – not all at once.
2- If the user has already cached mode enabled for Shared Folders, it’s when they will add each calendar that Outlook will download a copy of the calendar the first time. But if they uncheck the box beneath the shared calendar name, and don’t access it for a while, and then after 1 month they check the box beneath this shared calendar because they need to access it, Outlook will update the data with the data from the last month since last time they accessed it. Updates download of calendars is on access only when “Download Shared folders” is checked on Outlook (2010, 2013)
As a summary, if the user has cached mode enabled, calendars will be updated when they will access the calendar, if users doesn’t have cached mode enabled, calendar connection will be on access only as well.
So in conclusion, the calendar update (for cached mode) or calendar access (for online mode) occurs only when the user clicks on the calendar or switches from the “Mail” view to the “Calendars” view.
Quick illustrations below:
Screenshot 2: the bar where you switch from Mail-only view to Calendar-only view => changing this, if in the “Calendar” view you checked a few calendar, connection (online mode) or update (cached mode for Shared Folders) will be triggered for the checked calendars only
Screenshot 3: the calendar view with the list of calendars: only the checked ones will be accessed (online mode) or updated (cached mode for Shared Folders)
See info below, and let me know what you think:
http://blogs.technet.com/b/samdrey/archive/2013/12/02/exchange-2007-2010-2013-on-windows-2008-2008-r2-check-tcp-chimney-windows-settings-and-status.aspx
Exchange 2013 has a 1300-ish limit on the number of allowed IPs we can set in the list (the limit is on the corresponding AD attribute actually). Here are a few tips to workaround this limitation:
You get another 1300 ~ IPs that can be added.
For example instead of
192.168.1.1
192.168.1.2
192.168.1.3
Use 192.168.1.1/30
=> One entry – 3 IPs
Thanks to Akshay Katti (PFE India) and Richard Timmering (PFE US) for these !
This one is just for me to remember; more explanations later on
This post is more a reminder on the main rule on what not to do when installing a certificate that you requested using Exchange or IIS. Why this reminder? Because even I forget all the times (I’m not playing with Certificates everyday).
- Cert from the CA HAS to be imported on the SAME server where you made the REQUEST from so that you get the Private Key. E.g. you made the request (using New-ExchangeCertificate OR via IIS) on <SERVER 1>, you sent the CA the cert request, then you HAVE to import the certificate that the CA issued you on <SERVER 1>(using Import-ExchangeCertificate or IIS).
- don’t use MMC to import a certificate you get back from the CA as it won’t associate the Private Key either.
Here is an excellent reminder as well from DIGICERT.COM:
Error message: "The certificate with thumbprint... was found but is not valid for use with Exchange Server (reason: PrivateKeyMissing)."
Cause 1: Most common cause of this issue is that a server admin imported the .crt/.cer/.p7b SSL Certificate files through MMC and not through the Exchange command line or IIS where the request was generated.
Importing stand-alone certificate files through MMC does not associate those files with their private key. SSL Certificates can only be imported via MMC if they have already been installed to their private key and then backed up to a .pfx file.
Cause 2: An admin correctly imported the certificates to one server but then backed up the certificate files to a .pfx without backing up the private key.
(------------------------------[Sam’s note]------------------------------- “checkbox “mark private key exportable or when using New-ExchangeCertificate blabla –PrivateKeyExportable:$true] example:
New-ExchangeCertificate -GenerateRequest -SubjectName "c=CA, o=CONTOSO, cn=globule.contoso.ca" -DomainName webmail.contoso.ca,sammy.contoso.ca,autodiscover.contoso.ca -PrivateKeyExportable $true
--------------------------------[end of Sam’s note]----------------------)
Source: http://www.digicert.com/ssl-support/exchange-private-key-missing.htm
Disclaimer: ---------------------------------------------------------
Thanks to Symon Perriman MSFT for this information !
Putting it in my blog as well as I’m using my blog as an extension of my (red fish) memory
Check out his blog for the details on Cluster Logs : http://blogs.msdn.com/b/clustering/archive/2008/09/24/8962934.aspx
---------------------------------------------------------------------------End of Disclaimer
CREATING THE CLUSTER.LOG:
From one of the nodes of the cluster,
- open a Command Prompt with Administrator rights.
- The simplest command to create the log is to type “cluster log /g”.
- A cluster.log file will be generated and stored in the %windir%\Cluster\Reports directory on each node of the cluster.
Note that with all commands you can use either “cluster … ” or “cluster.exe …” as they have the same functionality.
Again, thanks Symon !
Bernie and I had an issue today trying to import a CSV file using Import-CSV in Powershell V2.0, as the French accents and some dashes were not imported correctly, and then we couldn’t use some of the information in the CSV to query Exchange or AD objects with other Powershell commandlets.
So it appears that this depends on the encoding of the CSV file and how Powershell’s Import-CSV is handling it.
Using Powershell v3.0, I was able to Import-CSV the CSV file with accents and then Export filtered results in a file, keeping these special characters in Powershell and in the final filtered file, because “Import-CSV” in Powershell v3.0 has the “-Encoding” parameter, which is missing in Powershell v1 and v2. So in Powershell V3, I saved my CSV file using Notepad and specifying “UTF-8” encoding. Then I did an Import-CSV using the “-Encoding UTF8” parameter (remember Powershell 3.0 only).
That worked ! I kept my French accents for the names in the CSV file.
But Powershell V1 and V2 Import-CSV does not have this “-Encoding” parameter. So Bernie and I had to find in which encoding we had to save our CSV file so that the Import-CSV was keeping the initial characters, so that we can handle the objects to do some stuff with them.
So we tried many, and found that saving our CSV file as “Unicode” with Notepad worked fine, and saved us lot of time for the future.
Note that by default Excel saves CSV files in the “ANSI” encoding. In my case, Powershell then imported the French accent and some other exotic characters with a “?” sign.
So the steps if you are using Excel to build your CSV are:
1- Save your Excel CSV as “.CSV” file
2- Open the .CSV again using NOTEPAD
3- Save again with NOTEPAD using the “Unicode” encoding
… and you’re good to Import-CSV in Powershell v1 and v2, and even v3 without needing to specify the –Encoding parameter.
Below is a nice Powershell script to enable you to check which encoding is your CSV file (or any other file but I didn’t test it for other ones):
http://poshcode.org/2059
Get-FileEncoding by Chad Miller 3 years ago View followups from JasonMArcher, RyanFisher, Enter your zip code here and Billy | embed code: <script type="text/javascript" src="http://PoshCode.org/embed/2059"></script>download | copy to clipboard | new post
Pasting here for my convenience – please check for the original one and check for updates on the above original location.
Thanks Chris, Manfred and friends from the following article:
http://social.technet.microsoft.com/Forums/exchange/en-US/5ad656a5-fe70-477f-a608-0e588096f227/how-to-get-mailbox-folder-permissions-to-all-mailbox-folders-in-all-mailboxes?forum=exchangesvradminlegacy
Manfred Preissner : http://social.technet.microsoft.com/profile/manfred%20preissner/?ws=usercard-mini
Result will be like :
FolderName User AccessRights ---------- ---- ------------ Calendar Default {Owner} Calendar Anonymous {None} Calendar User177 {CreateItems, EditOwnedItems} Calendar User1769 {CreateItems, EditOwnedItems} Calendar User1768 {CreateItems, EditOwnedItems} Calendar User1767 {CreateItems, EditOwnedItems} Calendar User1766 {CreateItems, EditOwnedItems} Calendar User1765 {CreateItems, EditOwnedItems} Calendar User1764 {CreateItems, EditOwnedItems} Calendar User1763 {CreateItems, EditOwnedItems} Calendar User1762 {CreateItems, EditOwnedItems} Calendar User1761 {CreateItems, EditOwnedItems} Calendar User1760 {CreateItems, EditOwnedItems} Contacts Default {None} Contacts Anonymous {None} Conversation Action Settings Default {None} Conversation Action Settings Anonymous {None} Deleted Items Default {None} Deleted Items Anonymous {None} Drafts Default {None} Drafts Anonymous {None} Inbox Default {None} Inbox Anonymous {None} Journal Default {None} Journal Anonymous {None} Junk E-Mail Default {None} Junk E-Mail Anonymous {None} News Feed Default {None} News Feed Anonymous {None} Notes Default {None} Notes Anonymous {None} Outbox Default {None} Outbox Anonymous {None} Quick Step Settings Default {None} Quick Step Settings Anonymous {None} RSS Feeds Default {None} RSS Feeds Anonymous {None} Sent Items Default {None} Sent Items Anonymous {None} Suggested Contacts Default {None} Suggested Contacts Anonymous {None} Tasks Default {None} Tasks Anonymous {None}
Cherry on the cake, visualizing the number of permissions per folder in an Excel graph.
To do so, just copy paste the result above, OR in your script, export the results into a CSV file (Export-CSV can do the trick, as well as Out-File or redirecting “>” into a file, up to you !) and then “Text to columns” Excel menu, then “Format as table” and then “Insert pivot graph”, et voilà :
This is just an example showing what we can do with Excel and a Cut/n/Paste from Powershell raw data…