Microsoft KB Archive/924152

From BetaArchive Wiki
Knowledge Base


Manual Configuration of the Exchange Management Pack (steps to manually accomplish what the Configuration Wizard accomplishes)

Article ID: 924152

Article Last Modified on 10/25/2007



APPLIES TO

  • Microsoft Exchange Server 2003 Enterprise Edition
  • Microsoft Exchange Server 2003 Standard Edition



Source: Microsoft Support

RAPID PUBLISHING

RAPID PUBLISHING ARTICLES PROVIDE INFORMATION IN RESPONSE TO EMERGING OR UNIQUE TOPICS, AND MAY BE UPDATED AS NEW INFORMATION BECOMES AVAILABLE.

Important This article contains information about how to modify the registry. Make sure to back up the registry before you modify it. Make sure that you know how to restore the registry if a problem occurs. For more information about how to back up, restore, and modify the registry, click the following article number to view the article in the Microsoft Knowledge Base:

256986 Description of the Microsoft Windows registry


SUMMARY

Manual Configuration of the Exchange Management Pack (steps to manually accomplish what the Configuration Wizard accomplishes)

MORE INFORMATION

Agent Mailboxes are used by the Mailbox Access Account for MAPI logon to Exchange. You must create at least one mailbox and account for each Exchange server which is called the Agent Mailbox Account, and unlike the Mailbox Access account, the name of the agent account must begin with servernameMOM. The account may have additional letters or numbers (with no spaces) after the word MOM in the name, especially if there are multiple mailbox stores on the server and you have specified monitoring per store. If you wish to monitor multiple mailbox stores on an Exchange server, you will need a account and mailbox for each mailbox store. It is recommended that you use the Exchange Management Pack Configuration Wizard to create and configure these accounts. The steps to create them manually are listed here for understanding of troubleshooting procedures, or if the Configuration Wizard is failing in the customer's environment.

Manual Creation of the Mailbox Access Account
You can create the Mailbox Access account and mailbox manually and then set permissions for this account using the Exchange Management Pack Configuration Wizard. You can also use the Exchange Management Pack Configuration Wizard to create the Mailbox Access account and set all permissions for you. If you choose to create the account and manually set permissions, you should create the Mailbox Access account, and create an Exchange Mailbox for the account.

Note Earlier documents state that you do not need a mailbox for this account, but this error has been noted and corrected in later documents.

The Mailbox Access Account must be granted at least Exchange View Only Administrator in the Delegation Wizard. Be sure that you can log on to the Exchange server as the Mailbox Access account, open Exchange System Manager and view property pages for the Exchange server.

To inform the Exchange 2003 Management Pack of the mailbox access account, perform the following steps:

  1. After you create the mailbox access account(s), wait until all servers running Exchange that are being monitored by Microsoft Operations Manager receive the event with source "Exchange MOM" and 9986 indicating that the Management Pack has generated the keys to encrypt the mailbox access account credentials. This may take approximately 10-15 minutes.

    You can use the view Monitor\Public Views\Exchange 2003\Server Configuration and Security\Servers Ready For SetCredentialUtility (also called the ExchangeMOMSetCredentialUtility) to watch for these events.

    If the Exchange MOM 9986 event has otherwise not occurred, there are a number of possible reasons.

    First, ensure that the script Exchange 2003 - Publish ExMP Data is scheduled to run.

    This script is called from either of the two following rules in the processing rule group "Microsoft Exchange Server 2003\Availability Monitoring":
    1. Publish data for Agent Mailbox impersonation: This rule is triggered by the occurrence of the event with source Exchange MOM and id 9987, which is created by the MAPI scripts (for example, MAPI Logon or Mail Flow Verification).
    2. Daily Agent Mailbox data generation: This rule is run every 24 hours at 2:00 a.m.


    If the Exchange MOM 9986 event is not found, there are several explanations:

    1. The Availability Monitoring processing rule group is disabled.
    2. Any of the rules in the Availability Monitoring processing rule group are disabled.
    3. There was a failure in Exchange 2003 - Publish ExMP Data script or the COM component EMPKP.PubKeyPublisher called by this script. If the script or the COM component fails, it will either generate an event with source Exchange MOM and id 10000 or 10001. The events will specify the exact nature of the problem encountered. The most common case is EMPKP.EXE not registered. If the script and the COM component execute successfully, Exchange MOM 9986 will be created and SetCredentialUtility.exe can be run.
  2. On the Microsoft Operations Manager server, log on with local administrator credentials to all servers running Exchange. (For example, log on as a Domain Administrator.)
  3. Create a list in a text file of all the servers running Exchange that Microsoft Operations Manager monitors. For example, use Notepad to create a file called c:\ExServerList.txt. In the file, list the server names and end the list with a period (.) as shown:
    ServerA
    ServerB
    ServerC
    .

    Note In the case of a cluster of servers running Exchange, these should be the names of the physical servers, not the Exchange virtual servers.
  4. Get the credential storage utility SetCredentialUtility.exe (or ExchangeMOMSetCredentialUtility)
  5. Run SetCredentialUtility.exe -E <filename>
    For example: SetCredentialUtility.exe -E C:\ExServerList.txt
    You are prompted for the domain name (this must a fully qualified name), username, and password for the Mailbox Access Account.

    Here is an example of running this utility:

    Please provide the credential of your Mailbox Access Account
    Domain [100 characters max]: DomainA.SiteOne.com
    User [100 characters max]: JohnSmith
    Password [120 characters max]: *************
    Confirm password...
    Password [120 characters max]: *************
    The credential storage utility stores these for use by the Microsoft Operations 
    Manager agents on Exchange servers.


Creating of the Mailbox Access Account using the Exchange Management Pack Configuration Wizard
Creation of the Mailbox Access Account by the Exchange Management Pack Configuration Wizard is recommended. If you manually create the Mailbox Access Account, you should also run the Exchange Management Pack Configuration Wizard to properly apply permissions for this account.

Creating the Agent Accounts
Prior to the Exchange Management Pack Configuration Wizard, Agent Mailboxes had to be created and configured manually. Often these accounts were not configured correctly. In this case, the scripts that did not require a MAPI logon ran without any problems, but the scripts requiring a MAPI logon were not able to gather data. This would go unnoticed until someone discovered that some reports could not be run and they would get an error saying that no data was being gathered. The following rules require the configuration of an agent mailbox account on each server running Exchange:

Processing Rule Group: Server Availability\MAPI Logon Check and Availability Reporting
Rule Name: Check store availability - MAPI logon\ 
Report: Exchange Server Availability
Agent Mailboxes used: <servername>MOM<optional suffix>

Processing Rule Group: Server Availability\Mail Flow Verification
Rule Name: Send mail flow messages
Rule Name: Receive mail flow messages
Agent Mailbox used: only <servername>MOM

Processing Rule Group: Report Collection Rules\Mailbox Statistics Analysis
Rule Name: Report Collection Rules - Mailbox Statistics Analysis
Reports: Mailbox reports in "Exchange Mailbox and Folder Sizes" folder
Agent Mailbox used: only <servername>MOM

Processing Rule Group: Report Collection Rules\Public Folder Statistics Analysis
Rule Name: Report collection - public folder statistics
Reports: Public Folder reports in "Exchange Mailbox and Folder Sizes" folder
Agent Mailbox used: only <servername>MOM


Do not create an Agent Mailbox on a Front End Server.

Creating the Agent Accounts Manually
On a computer with the Exchange System Manager installed, start the Active Directory Users and Computers snap-in (dsa.msc). Create a user account and mailbox on each server running Exchange with the logon name that includes the name of the server running Exchange as <servername>MOM. If this is an Exchange cluster, the server name is the name of the Exchange virtual server. For example, if the server name is ExServer1, the test account is ExServer1 MOM. Set a password for this account.

If you have multiple database files on a server, you can add more agent mailbox accounts with logon name <servername>MOM# where # can be any number or word. The first agent mailbox account must be named <servername>MOM because it is the only mailbox used by the mail flow verification and the mailbox and public folder analyses. If you have multiple database files on a server, you can add more agent mailbox accounts with logon name <servername>MOM#, where # can be any number or word. Also, the total length of the agent mailbox account name cannot exceed 20 characters.

Choose the following during account creation:

  • User cannot change password
  • Password never expires
  • Account is disabled
  • Do not clear the Create an Exchange mailbox check box.


Once the account is created, on the View menu, select Advanced Features.

Right-click this new agent mailbox account and select Properties, and then click the Exchange Advanced tab. If this tab is not present, ensure that Advanced Features was selected in the previous step.

  1. Click Mailbox Rights, and then click Add.
  2. Add the mailbox access account, and then click OK.
  3. In the Permissions box, give the mailbox access account Full Mailbox Access.
  4. In the Mailbox Rights tab, select the Self account.
  5. In Permissions, click Associated External Account and then click OK.
  6. Click the Security tab, and select the Mailbox Access Account. (It may be necessary to add the mailbox access account if it is not listed in the accounts. Select the mailbox access account from the list of all accounts.)
  7. With the mailbox access account selected, in the Permissions box, under the Allow column, check the Receive As and Send As check boxes and click OK.


Note The Agent Mailbox cannot be set to be hidden in the Global Address Book (GAL) because it is not possible to log in to an account in that state.

Creating the Agent Accounts using the Exchange Management Pack Configuration Wizard

The Agent (test) mailboxes can be created using the Exchange Management Pack Configuration Wizard. You are not prompted for the names or organizational unit in Active Directory to create these accounts. The default location to create these accounts is in the Users organizational unit in the Root domain. If you have multiple mailbox stores that you are monitoring, the Wizard will create Agent (test) mailboxes with the names servernameMOM00, servernameMOM01, servernameMOM03, etc. If you want to create these accounts in another location, or to name the suffix differently, you must manually create these accounts.

The Configuration Wizard will grant the Mailbox Access account Full Control of the Agent (test) mailboxes, and will set the attribute "Associated External Account"

Service Verification Script Configuration
Periodically, the Service Verification Script runs to determine whether a list of services specified in a registry key on the Exchange server is running. Specify the Exchange related services to be monitored in the following registry key on each of the managed Exchange servers:

  1. To create the registry key: You must create the following key in the registry editor.

Warning Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall your operating system. Microsoft cannot guarantee that these problems can be solved. Modify the registry at your own risk.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Exchange MOM

  1. In this key, create the entry Monitored Services as a string. Fill this string with a comma delimited list of the services for which you would like to receive notification if the services are not running.


Example setting for this entry:

MSExchangeIS, MSExchangeSA, MSExchangeMTA, SMTPSVC, POP3SVC, IMAP4SVC

In a cluster configuration, you must add this entry on each cluster node.



Exchange Traffic Analysis Reports Configuration
The Exchange 2003 Management Pack includes a timed event rule that collects information from the message tracking logs and analyzes it to assemble the Exchange Traffic Analysis reports, which detail various aspects of the messaging traffic. This event rule analyzes the message tracking log for the previous day.

To produce the Exchange Traffic Analysis report, you must configure the monitored Exchange 2003 servers to enable message tracking for Exchange as follows:

To enable message tracking - Repeat this task for each server

  1. Logon to the MOM computer with domain administrator rights.
  2. On the Start menu, point to Programs, point to Microsoft Exchange, and then click System Manager.
  3. In the console tree, double-click Server, right-click a server name, and then click Properties.
  4. To record the subject of any message sent to, from, or through the server, on the General tab, select the Enable subject logging and display check box.
  5. To log information about the sender, the time the message was sent or received, the message size and priority, or the message recipients, select the Enable message tracking check box.
  6. To change the directory in which the log file is stored, click Change, and enter the new directory name in which the Message Tracking Log Files will be stored.


Mail Flow Verification Scripts Configuration
These scripts periodically send mail and verify that the mail has been received.

You must configure the sending and receiving servers to know where to send mail and from where to expect mail.

The mail flow verification script uses the mailbox access account (named <servername>MOM) created in the previous procedure. For each server participating in the mail flow verification (as senders, receivers, or both), follow these configuration steps:

To configure a mail flow verification script

  1. Configure the time interval to send/receive mail according to your Exchange installation (the default is 15 minutes):
    1. Logon to the MOM server with domain Administrator rights.
    2. Open the MOM Admin console.
    3. Navigate to Rules - Microsoft Exchange Server 2003 - Availability Monitoring
    4. Expand Verify Mail Flow, click Event Processing Rules, and then click Send Mail Flow Messages.
    5. In Send Mail Flow Messages, click Properties.
    6. Click the Data Provider tab. From the Provider Name pull down menu, select Scheduled every 5 minuets synchronize at 00:00
      Note The default settings (every 15 minutes synchronized at 00:09) provide a high level of monitoring without interfering with other scripts such as MAPI logon. If you want to change the frequency with which this script runs, it is important to choose one of the existing providers. In general, you should never create a new provider unless you are doing so while creating an entirely new rule.
  2. Repeat the same process for the event processing rule Receive mail flow messages. Select a timed event with the same frequency as the one selected for
    1. In the current processing rule group folder, right-click the event processing rule named Receive mail flow messages, and click Properties.
    2. Click the Responses tab.
    3. Select Exchange 2003 - Mail flow receiver, and click Edit.
    4. In the Launch Script dialog box, double-click the MaxSafeMissedRuns parameter, and enter a value of 1.
    5. Click OK in all the dialog boxes.
  3. Configure the registry to specify the server that will send and/or receive mail.
    Warning Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall your operating system. Microsoft cannot guarantee that these problems can be solved. Modify the registry at your own risk.
    1. In each server (or virtual server) running Exchange, create the following registry key:
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Exchange MOMMail Flow\<Servername>
      If this is in a clustered configuration, the "Servername" should be the Exchange virtual server. Create this same key (and the values in Steps 3b and 3c) on each physical node of the cluster.
    2. Under this key, create a string value named SendTo as string and set its data to a comma delimited list containing the server names to which mail will be sent. If the server is not going to send mail, keep this registry value empty.
    3. Under the same key, create a string value named ExpectedFrom as string and set its data to a comma delimited list containing the server names from which mail is expected. If the server is not expecting mail from other servers, keep this registry value empty.






DISCLAIMER

MICROSOFT AND/OR ITS RESPECTIVE SUPPLIERS MAKE NO REPRESENTATIONS ABOUT THE SUITABILITY OF THE INFORMATION CONTAINED IN THE DOCUMENTS AND RELATED GRAPHICS PUBLISHED ON THIS WEBSITE FOR ANY PURPOSE. THE DOCUMENTS AND RELATED GRAPHICS PUBLISHED ON THIS WEBSITE COULD INCLUDE TECHNICAL INACCURACIES OR TYPOGRAPHICAL ERRORS. CHANGES ARE PERIODICALLY ADDED TO THE INFORMATION HEREIN. MICROSOFT AND/OR ITS RESPECTIVE SUPPLIERS MAY MAKE IMPROVEMENTS AND/OR CHANGES IN THE PRODUCT(S) AND/OR THE PROGRAM(S) DESCRIBED HEREIN AT ANY TIME.

For more information on the terms of use, click on the link below:
http://support.microsoft.com/tou/

Keywords: kbhowto kbrapidpub KB924152