Enabling Exchange Message Logging

Email from a user of a Microsoft Exchange 6.5 server was not being delivered. I attempted to view the log of message transmissions on the server via the Exchange System Manager (click on Tools, Monitoring and Status, then Message Tracking Center), but got the message below:

Exchange System Manager
White X in red circle The tracking database on crystal.example.com is not available or the message has left the Exchange
organizations.

Facility: Microsoft Exchange Management
ID no: c1032751
Microsoft Exchange Management

OK


I had to enable logging to track the transmission of messages by the following steps:

  1. Click on Start.
  2. Select All Programs.
  3. Select Microsoft Exchange.
  4. Select System Manager.
  5. Click on Servers to see the list of servers in the right-pane of the window.
  6. Right-click on the server in the right pane and select Properties.
  7. Check "Enable message tracking".
  8. Check "Enable subject logging and display" if you also want to log the subject of messages.
  9. Click on the OK button.

Then within the Exchange System Manager, you can click on Tools then double-click on Message Tracking Center. You can then search for messages by time and sender or recipients.

After taking the above steps, I was able to see that email was being delivered to a local account on the Exchange server that should have been sent to an external account. I.e., email to john@example.com was being delivered to the account John on the Exchange server, though the domain name associated with the Exchange server was not example.com. And I could see that email to jsmith@example.com was being bounced back to the sender from the Exchange server, even though there was an account by that name on the external example.com email server. The sender did see email to that address being bounced back to her by the Exchange server.

So I wanted to get information on what, if any, communications were occurring between the Exchange server and the external SMTP server. Exchange provides the capability to turn on SMTP protocol logging. To turn on that logging, take the following steps:

  1. Open Exchange System Manager
  2. Click on the "+" next to Servers to expand the list of servers.
  3. Click on the "+" next to the Exchange server in question.
  4. Click on the "+" next to Protocols to expand the list of protocols.
  5. Click on the "+" next to SMTP.
  6. Right-click on Default SMTP Virtual Server and select Properties.
  7. Under the General tab, click on Enable logging.

    Enable logging for default SMTP Virtual Server

  8. Select the log format you wish to use. I chose W3C Extended Log File Format. The choices are as follows:

    1. Microsoft IIS Log File Format The event sink keeps track of SMTP protocol activities in a comma-separated plain-text file. This format includes the remote host's IP address, the host name if specified, the date i and time of the request, the status code, the number of bytes received, the elapsed time of the request, the number of bytes sent, and the action taken. The items are separated by commas and the list cannot be customized. You can configure the path to the log files in Exchange System Manager. The default path to the log file directory is Windows\System32\LogFiles.

    2. NCSA Common Log File Format The event sink keeps track of SMTP protocol activities in a comma-separated plain-text file. This is a fixed, non-customizable ASCII format that includes basic information, such as the remote host name, user name, date, time, command type, status code, and the number of bytes received. The items are separated by spaces.

    3. ODBC Logging The event sink keeps track of SMTP protocol activities in an open database connectivity (ODBC)-compliant database, such as Microsoft Access or Microsoft SQL Server. For troubleshooting purposes, you might find it sufficient to log protocol activities in an ASCII text file instead of an ODBC-compliant database.

    4. W3C Extended Log File Format The event sink keeps track of SMTP protocol activities in a customizable plain-text file. When you choose this format, you can exclude all those fields from the log file that do not have meaningful information for SMTP protocol activities, such as user name in anonymous SMTP communications. This can help to limit log size by omitting unwanted fields. Fields are separated by spaces.

    If you click on the Properties button next to the Active log format field, you can specify the location for the log file and how often it is rotated.

    Exchange logging properties

    The log file name is displayed under the log file directory on this tab. The log file directory is by default C:\WINDOWS\System32\LogFiles and the will be in the form SmtpSvc1\exyymmdd.log. I.e. a subdirectory named SMTPSVC1 will be created with a log file name that begins with "ex" followed by 2 digits for the year, 2 digits for the month, and 2 digits for the day. The directory and log file won't be created until the first SMTP connection occurs.

References:

  1. How to Enable Message Tracking in Exchange System Manager
    Last Modified: May 23, 2005
    Microsoft TechNet
  2. Protocol Logging, Event Logging, and Message Tracking
    Last Modified: May 23, 2005
    Microsoft TechNet
  3. Simple Mail Transfer Protocol
    Wikipedia, the free encyclopedia

Valid HTML 4.01 Transitional

Created: Sunday June 17, 2007 12:57 PM