Exchange 2007 Message Tracking (Part 1)

by [Published on 15 Feb. 2007 / Last Updated on 15 Feb. 2007]

How to configure and use message tracking in Exchange 2007.

If you would like to read the next part in this article series please go to Exchange 2007 Message Tracking (Part 2).

Introduction

If you’ve been using any version of Exchange for a while, you’re almost certainly aware of the message tracking feature of Exchange. Once enabled, message tracking creates log files that detail the messaging activity as it takes place within your Exchange infrastructure. These log files help you track message flow as they give you information about the path the message has taken as it makes its way through your Exchange system. Additionally, message tracking logs form the foundation for the reports produced by products such as Promodag Reports or Quest MessageStats.

In Exchange 2000 and Exchange 2003, message tracking is enabled on a per-server basis by bringing up the properties of an Exchange server within Exchange System Manager. On the General tab are options to enable message tracking and subject logging, as well as options to control the number of log files to retain and the location of these log files. A sample of this General tab is shown below in Figure 1.


Figure 1: Exchange 2003 Message Tracking

As you might imagine, Exchange 2007 still has message tracking but there are some differences as I will explain. First, one big difference to note is that it’s not possible to configure message tracking with the Exchange Management Console (EMC), the Exchange 2007 equivalent of Exchange 2000 and Exchange 2003’s Exchange System Manager. To configure message tracking, you need to use the Exchange Management Shell (EMS) and in part one of this two-part article I’ll show you how. Also, note that message tracking is configured on Exchange 2007 servers that are configured with the Mailbox, Hub Transport, or Edge Transport roles. In other words, you cannot configure message tracking on Client Access or Unified Messaging servers. One final thing to note is that in this article I’m going to refer to the EMS commandlets by their shorter name of cmdlets. Microsoft refers to cmdlets as single-feature commands that manipulate objects in Windows PowerShell.

In part two of this article I’ll cover what’s inside an Exchange 2007 message tracking log and how to actually search the logs for information you require.

So, you’ve deployed your first Exchange 2007 Mailbox, Hub Transport or Edge Transport server and you want to know how message tracking is configured and what you can do about changing any default settings. Let’s get going and see how.

Default Settings

First, let’s look at the default settings that are relevant for Exchange 2007 message tracking. To examine the default settings, remember that you can only perform the cmdlets below on Mailbox, Hub Transport or Edge Transport servers. With this in mind, the following PowerShell cmdlet can be run to examine the objects on a Hub Transport or Edge Transport server, using the format-list or fl formatting cmdlet:

Get-TransportServer SERVERNAME | fl

The same process can be performed against a Mailbox server via the following cmdlet:

Get-MailboxServer SERVERNAME | fl

For the remainder of this article, I’m going to focus on running cmdlets against the Hub Transport server role. All you need to do is substitute TransportServer with MailboxServer if you wish to perform the cmdlets against Mailbox servers. Incidentally, if you’ve elected to have the Mailbox and Hub Transport server roles combined onto a single server, you can use either cmdlet. Additionally, I’ll include the SERVERNAME parameter to remind you where you can specify the server name to configure, although don’t forget that you don’t need to supply this if configuring the local server.

The result of running the Get-TransportServer cmdlet will look something like that shown in Figure 2.


Figure 2: Get-TransportServer cmdlet Result

What does this tell us about message tracking? Absolutely nothing! You can see from Figure 2 that if you execute the Get-TransportServer cmdlet with the above options, quite a few objects are returned which can make identifying the specific message tracking objects quite difficult - you’ll have to scroll up through the window contents to find them. I happen to know that the objects we are interested in all contain the string messagetracking within them, so a better cmdlet to run is:

Get-MailboxServer SERVERNAME | fl *messagetracking*

The result of this cmdlet is shown below in Figure 3. In actual fact, you could just use a filter string of *tracking* for this to work successfully.


Figure 3: Filtered Get-TransportServer cmdlet Result

It’s clear from Figure 3 what the various message tracking options are on this server and what their values are. Let’s go through each object and examine the default settings and how to change them.

Enabling/Disabling Message Tracking

As a change from previous versions of Exchange, message tracking is now enabled by default on Mailbox, Hub Transport and Edge Transport servers. This is a welcome change, since message tracking is typically enabled by the administrators on most Exchange 2003 servers anyway and I can’t recall the last time I didn’t enable it on a new server build. Here is the cmdlet to disable message tracking should you need to:

Set-TransportServer SERVERNAME –MessageTrackingLogEnabled $false

Note the use of the Set-TransportServer cmdlet rather than the Get-TransportServer cmdlet. Replace $false with $true to re-enable message tracking.

Log Location

Now that we know message tracking is enabled by default, where are the log files stored? Those of you familiar with Exchange 2000 and Exchange 2003 will remember that, by default, the message tracking logs are stored in the \Program Files\exchsrvr\{servername}.log folder as shown above in Figure 1. With Exchange 2007, the default folder is a little deeper than before: \Program Files\Microsoft\Exchange Server\TransportRoles\Logs\MessageTracking.

Should you wish to change the location of the message tracking log files, this can be achieved by running the following cmdlet:

Set-TransportServer SERVERNAME –MessageTrackingLogPath LOGPATH

For example, if you wished to change the tracking log file directory to D:\Tracking Logs on server E2K7, you’d use the following cmdlet:

Set-TransportServer E2K7 –MessageTrackingLogPath “D:\Tracking Logs”

One useful thing that I found is that if the proposed tracking log file directory does not exist prior to running the cmdlet, it will be created for you when you run the cmdlet.

There are several additional things that are worth noting about changing the message tracking directory:

  • After changing the location of the log files, existing logs will remain in their previous location; new logs will be created in the new location.
  • The new location cannot be a UNC path as it must be local to the Exchange 2007 server.

Although there are situations where permissions can be set automatically, I still think it prudent to ensure that the proper permissions are set on any new directory that you have created before moving the logs. The Administrator account needs Full Control, System needs Full Control, and Network Service needs Read, Write, and Delete Subfolders and Files.

Maximum Log and Directory Size

Although old message tracking log files are deleted after a configurable number of days (more on this later), the entire directory that contains all message tracking log files is subject to a default maximum size of 250MB. In other words, if the sum total of all message tracking log files within the log file directory exceeds 250MB, the oldest log files will be deleted.

As you might expect, this 250MB limit is configurable via PowerShell cmdlets. For example, the following cmdlet sets the maximum directory size to 500MB on server E2K7:

Set-TransportServer E2K7 –MessageTrackingLogMaxDirectorySize 500MB

You’ll notice that, to denote megabytes, the unit identifier MB has been entered after the numerical value of 500. It’s also possible to specify values in bytes (B), kilobytes (KB), gigabytes (GB) and terabytes (TB) making the setting of values very easy to comprehend.

So what about individual message tracking log files? Well, by default each log file can grow to a maximum size of 10MB before a new log file is created. Compare this to Exchange 2003, where a new log file was created each day. Once again, this setting can be altered via PowerShell cmdlets. The following example cmdlet sets the maximum log file size to 5MB on server E2K7:

Set-TransportServer E2K7 –MessageTrackingLogMaxFileSize 5MB

As per the directory size, it’s also possible to specify file size values in bytes, kilobytes, gigabytes and terabytes.

Maximum Log File Age

As you saw earlier in Figure 1, Exchange 2003 message tracking log files can be retained for a specified number of days which is extremely useful when you’re asked to troubleshoot why someone did not receive a message that was sent several days ago. In Exchange 2007, message tracking logs have an age limit of 30 days which I believe is a good figure to use if you’re not sure how long to keep your tracking logs for.

Should you wish to alter this setting, the cmdlet to run is:

Set-TransportServer SERVERNAME –MessageTrackingLogMaxAge DD.HH:MM:SS

As you can probably guess from the above cmdlet, it’s possible to set this age limit down to a specific number of days, hours, minutes and seconds. For example, to set the message tracking log maximum age to 15 days on server E2K7, the following cmdlet will need to be run:

Set-TransportServer E2K7 –MessageTrackingLogMaxAge 15.00:00:00

Subject Logging

Finally we reach the area of message tracking subject logging which gives you the ability to display the subject line of messages when tracking messages through the system. Those of you who know Exchange 2003 may remember that subject logging is disabled by default. As a change, Exchange 2007 now enables subject logging by default which I personally believe is a good move, since the majority of organizations use it. However, this change of default settings is one to watch for if your organization has a security policy that prohibits its use.

To disable message tracking subject logging on a server, the following cmdlet will be required:

Set-TransportServer SERVERNAME –MessageTrackingLogSubjectLoggingEnabled $false

Replace $false with $true to re-enable message tracking subject logging.

Summary

It’s hard to imagine life as an Exchange administrator without message tracking so it’s no surprise to me that Exchange 2007 comes with message tracking enabled by default. As I said earlier in this article, Exchange 2007 message tracking is only configurable via PowerShell cmdlets, so knowing the above list of cmdlets will be useful when configuring it. In part 2, we’ll take a look at the contents of a tracking log file and how to actually track messages.

If you would like to read the next part in this article series please go to Exchange 2007 Message Tracking (Part 2).

The Author — Neil Hobson

Neil Hobson avatar

Neil is a UK-based consultant responsible for the design, implementation and support of Microsoft infrastructure systems, most notably Microsoft Exchange systems. He has been in the IT industry since 1987 and has worked with Exchange since 1996. He was an Exchange MVP from 2003 to 2010 and still spends some of his spare time helping others in various Exchange online forums.

Latest Contributions

Featured Links