July 9, 2008 – flaphead.com

8th July 2008: Microsoft Messaging & Mobility User Group UK Gathering

July 9, 2008 by ucinfo, posted in Exchange, Flaphead, MMMUG, Monitoring, MsExchange

Okay so Tuesday and a bunch of us headed to Microsoft’s office in Victoria to hear from Gordon McKenna talk about Managing and Monitoring Exchange using SCOM 2007. Here are my notes from the event … hopefully its not to disjoined ;-)

So eight of us joined Gordon who is actually a Windows Management MVP. Check out the Windows Management User Group: http://wmug.co.uk/

So let the writing of the rambings being …

With MOM 2005, the product groups wrote the management pack. In some cases, this is true, especially for Exchange, but not for other applications. In SCOM, the MOM team are writing the management pack

Two types of Management Packs exist:
Converted: MOM management packs that are converted from MOM to SCOM
Native: Properly built from the ground up especially for that product

If you are using MOM with the Exchange 2003 MP, make sure you have downloaded and installed the Exchange MP Config wizard. This will enable you to take advantage of the MOM Synthetic Transactions.

The Synthetic Transactions, once configured, will allow you test mail flow between servers and storage groups. Another test is MOM will perform MAPI logons to the exchange server, to track client logon information & latency.

The Exchange MP config wizard will also allow you monitor Exchange 2003 Front End services (OWA, OMA, Exchange Active Sync).

What is interesting, is that the MOM data warehouse actually has a whole load of data in it, that is not used by all the standard reports. … but you can access it, if you know how ;-)

Gordon mention the Windows Mobile Device Manager .. It has the ability to monitor Windows Mobile devices.

SCOM SP1 is really a requirement if you are thinking about installing SCOM. SCOM provides “service/components” and not just server management of Exchange. The Exchange 2007 Management Pack is the largest MP for SCOM.

There will be an “out of the box” connector for Remedy that is due with SCOM SP2

So, the SCOM console was kinda designed to look like outlook, which you either love or hate. You can get the latest Exchange 2007 MP from here: http://www.microsoft.com/downloads/details.aspx?FamilyId=1A83E112-8677-4E03-83C3-F1B7EBFC3A4B&displaylang=en&displaylang=en. When you download this, install it and look at the OM2007_MP_EX2007.doc. It has a wealth of knowledge in it.

In SCOM the management packs are sealed, and the only way to make changes is to use “overrides”. Check this out it is damm good! Gordon recommended that you always create an “override” management pack, and do any customisation to this override group. That way if an MP is upgraded you wont loose (in theory) any custom changes.

Gordon recommended creating a “Closed Alerts” view as SCOM will auto close alerts if they exceed a threshold, and then go below the threshold. This is cool, but you might want to see them, hence the need for this view.

OWA Monitoring with SCOM doesn’t work too well, but the built in Web Application recording facility in SCOM is a better way to monitor OWA in SCOM.

Some other stuff:

You should run the script New-TestCasConnectivityUser.ps1 in the Exchange Server 2007 to create the test mailbox for MOM/SCOM. Run it in the Scripts folder under the Exchange Server 2007 installation directory. You will need to run this on each mailbox server you have.
A Monitor rule has a “Before and After” condition. This will set an alert (go red) and have the ability to clear (go green)
A Rule is as simple as picking an event
SCOM has 3 type of notifications: SMTP, SMS text (built in GSM interface, all you need is a GSM modem to hang off the server), IM / OCS.
Priority: High, Medium, Low. Can be used to monitor the same alerts for different types of servers like production and test servers, and works well with overrides
Create a group for production & uat servers
You should create a Distribute Applications View for Exchange.
It is now possible to put components into maintenance mode as well as a server. To completely put a server into maintenance mode you will still get heartbeat alerts, and need to put another two components into maintenance mode too.
75% of the SCOM SDK is in the UI. So 25% is only available via Windows Powershell.
Availability reporting is now out of the box and you can report on application availability. You can also select business hours! You can drill down in the report too!
The size of the Data warehouse SQL database will now be 2 thirds smaller than MOM due to the way SCOM aggregates data and only collects changes in counters.
With MOM the data warehouse was written to once a day. With SCOM it is written to all the time and is up to the minute!
Gordon helped develop a Service Level Dashboard that can report SLA information for applications. This is coming soon!

There are some bugs in the SCOM, that are resolved with the Exchange 2007 MP Version 6.0.6278.12 and these KBs: 950853, 951979, 951380. Basically this is all to do with the way SCOM agent interfaces with some of the exchange powershell commands causes a memory link in the SCOM agent that causes the agent to fail.

This is a handy link to a post that explains how to setup Exchange 2007 MOM Monitoring

Gordon’s Tip on the first things to do when you walk into a preinstalled SCOM environment:

Go into SCOM, Reporting and run “Most Common Alerts”. This will give you the most common alerts for the last 24 hours for each management pack.

Enjoy .. Any comments or bit I have wrong, please comment

Exchange 2007 Service Pack 1 – RU3

July 9, 2008 by ucinfo, posted in Exchange, Flaphead, MsExchange

Okay that was a smoother installation than I expected. So Ari recommended using this from the command prompt

Exchange2007-KB949870-x64-EN.msp /quiet /lxv* KB949870.log

I Did bit found it a bit scarey that you get no feedback on what is happening so I tried /passive instead.

But what I did find was this in the Application event log when the rollup was applied:

Event Type: Information
Event Source: MsiInstaller
Event Category: None
Event ID: 1022
Description:
Product: Microsoft Exchange Server – Update ‘Update Rollup 3 for Exchange Server 2007 Service Pack 1 (KB949870) 8.1.291.2’ installed successfully.

Another check is to use Add/Remove programs, check the “show updates” and then under “Microsoft Exchange Server 2007”, you should see “Update Rollup 3 for Exchange 2007 Service Pack 1(KB949870)“

Essentially you can query the subkeys for this: SOFTWAREMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Products461C2B4266EDEF444B864AD6D9E5B613Patches

OST performance slow? Defrag it

July 9, 2008 by ucinfo, posted in !Things2Remember, Exchange, Flaphead, Hints n Tips, MsExchange, Outlook

I found this up on BlankMan’s Blog and it’s damm cool.

… One of the frustrating realities about OST files is that they become progressively slower as they become older. One of the factors influencing this is fragmentation.

As the Exchange Team blog says:
“We usually recommend no more than about 2500 – 5000 messages in any of the critical path folders. The critical path folders are the Calendar, Contacts, Inbox, and Sent Item folder. Ideally, keep the Inbox, Contacts and Calendar to 1000 or less. Other folders, particularly custom folders created by the user, can handle having larger numbers of items without having a broad impact on the user experience (20,000 items in my “Cookie Recipes” folder? No problem – except when I need to find that recipe from last Christmas!).”

So the more folders, the slow thing go … so BlankMan used Contig.exe from Sysinternals to defrag is OST :-|. Contig is a single-file defragmenter that attempts to make files contiguous on disk and is perfect for quickly optimizing files that are continuously becoming fragmented, or that you want to ensure are in as few fragments as possible.

The syntax for Contig.exe: