Executive Summary:

There are hundreds of utilities to identify and fix problems in Exchange Server 2007, from all-purpose tools such as Event Viewer, to specific tools like Dcdiag. Here are Brien Posey’s top 10 easy to find and easy to use utilities.

Microsoft Exchange Server 2007 is a difficult, if not intimidating, product to troubleshoot. Fortunately, many utilities can help diagnose and fix the myriad of problems that can arise when using Exchange 2007. My list of top 10 existing and new utilities includes tools for watching systems (performance monitor), tools for researching crashes (Event Viewer), and tools to troubleshooting problems (Database Troubleshooter).

1. Database Troubleshooter
The Database Troubleshooter is one tool most administrators hope they never have to use. It's designed to analyze database and transaction logs and their entries and report any issues that might prevent you from recovering the database. For example, this tool can be used to identify missing or corrupted log files.

You access the Database Troubleshooter through the Exchange Management Console Toolbox. When first launched, the Database Troubleshooter will prompt you to check the Microsoft Web site for a newer version. It then asks you for a job name, the name of the Exchange server having problems, and the name of the domain controller (DC). After you provide this information, you are taken to a screen that allows you to choose a troubleshooting task, as shown in Figure 1. For example, you could choose to verify the database and transaction logs, analyze log drive space, or repair the database.

Part of the analytical process involves examining event log entries, so the tool will ask how far back it should look for problems. By default, the tool will search the last two hours of log entries. After the tool has examined the log entries, it provides a detailed report.

2. Database Recovery Management
Occasionally when you restore an Exchange server backup or attempt to correct database corruption, the database is left in an inconsistent state, which means it can't be mounted. Although this problem was more common in earlier Exchange releases, it still occurs, and trying to mount an unmountable database can be frustrating. This is where the Database Recovery Management Tool comes in. It's designed to analyze a database store and specify the steps needed to mount it. The Database Recovery Management tool is also accessible through the console's Toolbox and Exchange Troubleshooting Assistant interface. More information on the Database Troubleshooter and Database Recovery management Tools is available at http://technet.microsoft.com/en-us/library/aa998611.aspx.

3. Mail Flow Troubleshooter
The Mail Flow Troubleshooter is used to identify and repair mail flow holdups, including unexpected nondelivery reports when sending messages and problems with Edge Transport server synchronization to Active Directory (AD). It is also accessed through the console's Toolbox. When you launch the Mail Flow Troubleshooter, you must provide an identifying label for the analysis and then select the problem you're having from the drop-down list. Some of the mail flow problems that the tool can diagnose include:

  • expected messages are delayed or not received at all
  • messages sent to some recipients are delayed or not received at all
  • messages are backing up in the queue
  • messages being sent are pending submission on the mailbox server.

The Results Report displays any errors or warnings that have been detected.

4. Message Tracking
Occasionally, messages get lost in mail flow transit. When this happens, Message Tracking will reveal a message’s path through the Exchange Server organization.

In Exchange 2007, all messages pass through the Hub Transport server. Since the Hub Transport server is responsible for message routing, Message Tracking is automatically enabled on any server hosting the Hub Transport role.

To track a message as it passes through the Exchange Server organization, select the Message Tracking option from the Toolbox. The Exchange Troubleshooting Assistant will then prompt you to provide some details regarding the message you want to track.

The actual query can take some time to complete depending on how much traffic your server handles, but Exchange will eventually display a Message Tracking Report similar to the one shown in Figure 2.

5. Queue Viewer
As the name implies, Queue Viewer allows you to view and interact with the mail flow queues. This is handy because occasionally a corrupt or oversized message can cause messages to stop flowing through the queues. In such cases, you can identify the message causing the problem through Queue Viewer and delete it. You access Queue Viewer through the Toolbox.

Queue Viewer is also useful for dealing with Denial of Service (DoS) attacks because it allows you to suspend the activity of an entire queue. DoS attacks can usually be stopped at an organization’s perimeter firewall, but if an attack makes it to the Exchange server, you could freeze the server's queue and empty it instead of all those messages being added to the mailbox store.

6. Performance Troubleshooter
Performance Troubleshooter can analyze three performance problems:

  1. Multiple users are complaining of delays while using Outlook or are seeing the Outlook cancellable RPC dialog frequently.
  2. The number of RPC operations per second is higher than expected.
  3. The number of outstanding RPC requests is high.

Despite its limited troubleshooting capabilities, I included it in this list because I believe Microsoft will add to the performance problems it will address and increase its capabilities.

If you are experiencing one of the problems the tool is equipped to address, then you'll find the tool easy to use. Simply select your symptom from the list, provide the name of the Exchange server having problems and the name of a Global Catalog (GC) server, and the tool will do the rest. It is accessible through the Toolbox; just double click it.

7. Performance Monitor
Performance Monitor is designed to analyze counters associated with various aspects of system performance to see whether those counters fall within a designated range. It was first introduced in Windows NT and remains a viable troubleshooting tool.

You can get great information from the Performance Monitor, but it's one of Microsoft's most complex tools. There are hundreds, if not thousands, of counters, each of which has its own unique meaning. To get the most from Performance Monitor, you need to understand what a particular counter is measuring and know the typical values for that counter. Microsoft does provide explanations for most counters. You can access this tool through the Toolbox.

Microsoft has created a huge number of Performance Monitor counters specifically related to Exchange 2007. Unfortunately, no single screen shot can show you all the Exchange-related performance objects and counters, but be assured that you can measure virtually any aspect of an Exchange server’s performance.

8. Event Viewer
Both Exchange and Windows write information about system events to the event logs accessible through the Event Viewer. That makes it the first place to look for Exchange server problems. The majority of the Exchange-related events are written to the Application log, which Figure 3 shows. To open the Event Viewer, click Start, Control Panel, System and Maintenance, Administrative Tools, Event Viewer.

You can double-click an event for more information. If you don’t understand the description, perform a search for the event number at http://support.microsoft.com.

9. Nslookup
Every version of Exchange since Exchange 2000 has been dependent upon AD, which is in turn dependent upon DNS. If your organization’s DNS servers aren't functioning properly, AD can't function properly and neither can Exchange.

Since DNS plays such an important role in an Exchange organization, I've included a tool for troubleshooting DNS problems: Nslookup is a component that has been part of every version of Windows since at least Windows NT 3.5, and it may go back further than that.

Using Nslookup is simple. At a command prompt, type

nslookup

Nslookup will return the default DNS server’s IP address and prompt you to enter a host name. Upon entering the host name, Nslookup will present the IP address of the DNS server used to resolve the host name, followed by the host’s Fully Qualified Domain Name (FQDN) and IP address. You can use this information to determine whether DNS queries are being correctly resolved.

10. Dcdiag
Neither Windows Server nor Exchange contains a single, comprehensive tool for diagnosing AD problems. Windows Server does, however, contain the Dcdiag utility, which can test individual DCs.

Dcdiag is installed as a part of the Windows Support Tools. To install the Windows Support Tools, insert the Windows Server 2003 installation CD-ROM and navigate to the \Support\tools folder. Then double-click the suptools.msi file and follow the prompts.

When the installation is finished, open a command prompt and navigate to the \Program Files\Support Tools folder. You can now begin the diagnostic process. Dcdiag offers so many testing options that I could probably write a book on this one utility. If you want to see a list of all of the available command-line switches and options, you can enter the command

dcdiag /?

If you prefer to keep things simple, just type

dcdiag

When you do, Dcdiag assumes that you want to test the DC that you're locally logged on to. It runs a series of tests and displays the results on the screen. You can see sample output in Figure 4.

More Resources
Unfortunately, no single built-in utility can troubleshoot every possible Exchange problem. You'll need to use these 10 utilities included with Exchange or Windows and your own favorites to keep Exchange running smoothly. For more comprehensive troubleshooting, consider using an application such as Microsoft Systems Center Operations Manager 2007 (http://www.microsoft.com/systemcenter/opsmgr/default.mspx) or a third-party application such as Zenprise for Exchange (http://www.zenprise.com/products/exchange.aspx).