Health monitoring e-mails.

Hi folks,

I'm just starting to take a look at Exchange Server 2013, but one topic I'm finding difficult to navigate is the whole monitoring/probe/responder side of things.

I haven't managed to find much technical reference information on how it works and how to configure it outside of a few TechNet articles that deal with the basic handful of "monitoring" commandlets, this KB article and this appendix that makes reference to some of the object hierarchy.

What I'm having difficulties with, specifically, is that I cannot run Get-MessageTracking log without a plethora of unwanted monitoring e-mails completely obscuring the more relevant user-focused traffic. When I take a look at these messages using the "| fl" option, I get clues that I'm looking at a monitoring situation - as shown with one example below (using "fl Source*,MessageSubject"), but I simply do not know how to make use of this information to find the right override to apply. I've used Get-MonitoringItemIdentity to try and track down the culprit, but I'm just not having any luck it would seem.

Example output from get-messagetrackinglog ... | fl Source*,MessageSubject:

SourceContext  : MDB:0d34c89c-65c8-4741-9779-7370444684e5, Mailbox:2d9eb357-bf57-4eab-9dd6-07d3f7c33ca1, Event:1196011,
                 MessageClass:IPM.Note.MapiSubmitLAMProbe, CreationTime:2013-07-01T15:00:58.600Z, ClientType:Monitoring
Source         : STOREDRIVER
MessageSubject : MBTSubmission/StoreDriverSubmission/0000003a-0000-0000-0000-0000954d15d6-MapiSubmitLAMProbe

SourceContext  : MDB:0d34c89c-65c8-4741-9779-7370444684e5, Mailbox:2d9eb357-bf57-4eab-9dd6-07d3f7c33ca1, Event:1196018,
                 MessageClass:IPM.Note.MapiSubmitLAMProbe, CreationTime:2013-07-01T15:02:58.622Z, ClientType:Monitoring
Source         : STOREDRIVER
MessageSubject :

SourceContext  : 08D03608B0A9C2E3
Source         : STOREDRIVER
MessageSubject : MBTSubmission/StoreDriverSubmission/0000003a-0000-0000-0000-0000954d15d7-MapiSubmitLAMProbe

SourceContext  : MDB:0d34c89c-65c8-4741-9779-7370444684e5, Mailbox:2d9eb357-bf57-4eab-9dd6-07d3f7c33ca1, Event:1196018,
                 MessageClass:IPM.Note.MapiSubmitLAMProbe, CreationTime:2013-07-01T15:02:58.622Z, ClientType:Monitoring
Source         : STOREDRIVER
MessageSubject : MBTSubmission/StoreDriverSubmission/0000003a-0000-0000-0000-0000954d15d7-MapiSubmitLAMProbe

I'm not running CU1 at this point in time.

Can anyone point me in the right direction about where I can read up on this new object hierarchy and how it's configured? I'm quite keen to get these disruptive e-mails out of the logs so I can get back to being productive with get-messagetrackinglog.

Cheers,
Lain

July 2nd, 2013 12:06pm

Hi Lain,

I'm not very sure what do you want, if my understanding is wrong, please tell me.

You can refer to the following article to decide to use which parameter to filter message tracking log.

Get-MessageTrackingLog:

http://technet.microsoft.com/en-us/library/aa997573(v=exchg.150).aspx

Understanding How Exchange Server 2013 Management Pack Reports System Health:

http://technet.microsoft.com/en-us/library/dn195910(v=exchg.150).aspx

If you have any feedback on our support, please click here

Free Windows Admin Tool Kit Click here and download it now
July 3rd, 2013 4:45am

Hi Wendy,

Thanks for the response, but I'm not sure how I can explain it any better. It's all right there in the first post, but perhaps I can summarise it in bullet point form:

  1. I use Get-MessageTrackingLog extensively in Exchange 2010, so I'm quite familiar with it already - at least in the context of 2010.
  2. I'm am evaluating Exchange 2013.
  3. In Exchange 2013, Get-MessageTrackingLog is difficult to use effectively because the results it pulls back are littered with system messages relating to the new health monitoring messages being sent every five minutes to the HealthMailbox mailboxes.
  4. I do not want to see this as it gets in the way of using aggregate functions such as Group-Object and Measure-Object, so how do I turn this new functionality off, or at least stop it from being logged (probably the preferred option)?
  5. I've tried to find technical literature relating to the new monitoring commandlets, but I cannot find anything meaningful on TechNet other than what I already listed in the first post.
  6. I have tried to find the offending probe/monitor/responder using the output from the above Get-MessageTrackingLog command (shown in the post) but I cannot find anything that explicitly matches the only clues I'm being given by the output.

Cheers,
Lain

July 3rd, 2013 6:45am

This is what I normally use:

Get-MessageTrackingLog | Where-Object {$_.recipients -notlike "HealthMailbox*&

Free Windows Admin Tool Kit Click here and download it now
July 3rd, 2013 3:13pm

Hi Martina,

I'm aware that I can use the notlike construct and that I could both go and edit the numerous powershell commandlets I have as well as add that postscript to every single Get-MessageTrackingLog command I run (in which case why didn't the Exchange team put a new switch into the command to bypass the monitoring nonsense?), but my question isn't really how to work around it, it's how to get rid of the issue altogether.

What I'm looking for is more along the lines of:

  1. How to disable the relevant monitoring processes (probe/monitor/responder) that produce message log entries, or
  2. How to configure logging such that monitoring events are ignored or logged to an alternate location that doesn't interfere with Get-MessageTrackingLog.
  3. In addition, I'm looking for technical documentation on the hierarchy of this new monitoring infrastructure, what each of the classes do and more detail on how to make use of the relevant Powershell commandlets, as right now they're only useful as a syntax reference with no context on what their purpose in life actually is.

Cheers,
Lain

July 3rd, 2013 8:02pm

With regards to your point 1 you can disable the monitors by using the following KB article

http://support.microsoft.com/kb/2823959

I've been looking for documentation on the health monitoring functionality myself as it has been causing many problems for one of my customers - not found anything yet

regards

Nick

Free Windows Admin Tool Kit Click here and download it now
July 4th, 2013 10:17am

Hi Nick,

Thanks for the pointer, but unfortunately that's the same KB article that I referenced in the first post.

As I've only been assessing RTM, I used 15.0.516.32 with the ApplyVersion switch. The KB article uses examples from CU1 but doesn't actually state CU1 is required.

From your experience, if you're using CU1 and applied the three overrides, did that completely stop the logging? In my case, it did remove a few different log entry types but not all. The ones that were left had the above detail from my first post, and it's those I'm endeavouring to remove.

In terms of trying to locate the correct probe/monitor/responder to override, the only possibly-relevant information I've found to point me in the right direction was also that which I pasted in the first post, but I couldn't find any exact references that matches those clues with Get-MonitoringItemIdentity and the base class (i.e. "Get-MonitoringItemIdentity -Identity Transport" to check out the Transport class).

Without any appropriate documentation, I'm at something of an impasse, but again, if you found that the three commandlets from the KB article resolved the issue under CU1, then I may as well give CU1 a go.

Cheers,
Lain

July 4th, 2013 12:18pm

I actually used the commands to disable a different set of monitors and having checked that system earlier today I'm not convinced it's disabled them correctly for me either. I will monitor tomorrow

regards

Nick

Free Windows Admin Tool Kit Click here and download it now
July 4th, 2013 12:22pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics