asked on

Exchange 2013 SP1 Health Service Manager

I have a single Exchange Server 2013 SP1 (all roles on one server) and a single domain controller in a small environment. Exchange is running on Server 2012 and the domain controller on Server 2008 R2. I will be putting in a back-up domain controller at some time in the future.

I have managed to put in some global over-rides for the responder to try to disable the reboots. I hope I have this all covered. Is there really a scenario where the server must shut down itself ? What could be so bad ! The reboots might happen every couple days or it might go a entire week but I really have a hard time believing that this is necessary.

Here is a list of the over-rides I put in:

Identity ItemType PropertyName PropertyValue
-------- -------- ------------ -------------
Exchange\ServiceHealthActiveMana... Responder Enabled 0
AD\ActiveDirectoryConnectivityCo... Responder Enabled 0
Exchange\ActiveDirectoryConnecti... Responder Enabled 0
AD\ServiceHealthMSExchangeReplFo... Responder Enabled 0
Exchange\ServiceHealthMSExchange... Responder Enabled 0
AD\ActiveDirectoryConnectivitySe... Responder Enabled 0
Exchange\ActiveDirectoryConnecti... Responder Enabled 0

I am trying to keep the service running. It appears to add nice functionality. However, this is a common problem out there. I see people in the forums who are frustrated and simply disable the entire service. I don't blame them ! I think the idea is pretty good but it might need improvement.

I used different articles when researching this issue but this one really helped: http://social.technet.microsoft.com/Forums/exchange/en-US/7ea38bab-8bbc-467e-a646-d5f6264b39e6/exchange-2013-sp1-ignoring-presence-of-globalmonitoringoverride-setup-to-workaround-random-server?forum=exchangesvrgeneral

I ran this command: (Get-WinEvent -LogName Microsoft-Exchange-ManagedAvailability/* | % {[XML]$_.toXml()}).event.userData.eventXml| ?{$_.ActionID -like "*ForceReboot*"} | ft RequesterName and got this output (I believe this is a list of the reboots that have been requested)

RequesterName
-------------
TopologyServiceConnectivityServerReboot
TopologyServiceConnectivityServerReboot
TopologyServiceConnectivityServerReboot
TopologyServiceConnectivityServerReboot
TopologyServiceConnectivityServerReboot
ActiveDirectoryConnectivityConfigDCServerReboot
ActiveDirectoryConnectivityConfigDCServerReboot
ActiveDirectoryConnectivityConfigDCServerReboot
ActiveDirectoryConnectivityConfigDCServerReboot
ActiveDirectoryConnectivityConfigDCServerReboot
ActiveDirectoryConnectivityConfigDCServerReboot
ActiveDirectoryConnectivityConfigDCServerReboot
StoreServiceKillServer
StoreServiceKillServer
StoreServiceKillServer
ActiveDirectoryConnectivityConfigDCServerReboot
ActiveDirectoryConnectivityServerReboot
ActiveDirectoryConnectivityConfigDCServerReboot
ActiveDirectoryConnectivityServerReboot
ActiveDirectoryConnectivityConfigDCServerReboot
ActiveDirectoryConnectivityServerReboot
TopologyServiceConnectivityServerReboot
ActiveDirectoryConnectivityConfigDCServerReboot
ActiveDirectoryConnectivityServerReboot
TopologyServiceConnectivityServerReboot
TopologyServiceConnectivityServerReboot
ActiveDirectoryConnectivityServerReboot
TopologyServiceConnectivityServerReboot
TopologyServiceConnectivityServerReboot
ActiveDirectoryConnectivityConfigDCServerReboot
ActiveDirectoryConnectivityConfigDCServerReboot
ActiveDirectoryConnectivityServerReboot
ActiveDirectoryConnectivityConfigDCServerReboot
ActiveDirectoryConnectivityConfigDCServerReboot
ActiveDirectoryConnectivityConfigDCServerReboot
ActiveDirectoryConnectivityServerReboot
ActiveDirectoryConnectivityConfigDCServerReboot
ActiveDirectoryConnectivityServerReboot

I have not tried to delete the health mailboxes and restart the service. Here is the listing of them:

Name Alias ServerName ProhibitSendQuota
---- ----- ---------- -----------------
HealthMailboxe7d49eeb2... HealthMailboxe7d4... exchsvr Unlimited
HealthMailbox92b796a11... HealthMailbox92b7... exchsvr Unlimited

Please note that I do not have an OU for "Monitoring Mailboxes" so not sure why not.

I believe this is happening because there are times that domain communications are at least slowed down by the Symantec Endpoint Protection client just enough to cause the Health Manager to BSOD Critical Process Died my Exchange Server. In the long term I need to find a different endpoint security product that will not hamper communication with the domain controller as much but still protect my Internet-facing Exchange Server. Please note that I am running the full SEP Client even on the servers (Yes I know it is not fully supported but I do like the idea of having a true endpoint protection client). SEP Client is 12.1.3001 (and SEPM) and I do have the firewall set up that it does work pretty well. In addition, my Symantec Management server was down for a little while and I got it back up and running yesterday. Things seem smoother when it is running and so far the domain communications seem to be better.

The Health Management Service might be better if you had a DAG or multiple servers but since I have only the one Exchange taking itself down is useless to me ! My central question is am I doing enough to prevent these reboots ? I would like to keep the service enabled and running but as long as these reboots do not occur. Any other over-rides or suggestions to customize the service are welcome. I am attaching a current health report on the Exchange Server and the dump details. As you can see most everything comes up with a healthy status.

One other question.....is there recommended settings for Exchange for the Application Pools ? By default they are not set up to recycle at all.

Please feel free to request any additional information. Thank you for your time !
DumpAnalysis.txt
healthreport.txt

Frank Angelini

ASKER

I am attaching a couple events from Eventviewer.
EventViewer.txt

ASKER CERTIFIED SOLUTION

yaench

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

Frank Angelini

ASKER

I can certainly try your suggestions. After the OU is created I would then delete the two health mailboxes that will be listed there ? I am thinking because there is a power shell script I could run on the Exchange Server to delete them as well.

As far as SEP goes yes the C:\Program Files\Microsoft\Exchange folder is excluded. It is automatically excluded but I added the Centralized Exception for good measure. I have Symantec Mail Security for Microsoft Exchange 7.5 running for spam protection with the Premium Anti-Spam as well and it is higher priority than the built-in MS one that comes with Exchange.

I will have to determine the load on the domain controller and get you the other information requested.

I asked about the Application Pool settings as this server had 8 GB of RAM at one point and running very high utilization and I thought I could save some memory by setting up recycling of the pools. I have since upgraded to 12 GB RAM and then went back in and took out the recycling. There are some other settings there and I am trying to remember what the defaults were. Stupid me I should of jotted down something before making changes.

I could put the mailboxdatabase on one other disk but right now that is where I put the daily back-ups so I am leery of doing that. It is sitting on a Raid1 that has plenty of space.

I am trying to leave the Health Manager running as like you say MS wants it that way. Things have been quiet since Sunday morning so I am not sure if that is because the changes I made or because I went into the SEP clients of both the Exchange Server and the domain controller and disabled the firewall and intrusion protection.

Frank Angelini

ASKER

Quick update. ADPrep finished and the OU is there now. However, it is empty. I restarted the Health Manager service but it is still not populated. I will wait to see if they show up there.

your command was successful:

[PS] C:\Windows\system32>Get-ExchangeServer -status | select name, Current*

Name CurrentDomainControllers CurrentGlobalCatalogs CurrentConfigDomainController
---- ------------------------ --------------------- -----------------------------
exchsrv {domaindc.domain.com} {domaindc.domain.com} domaindc.domain.com

host names substituted with generic ones but the dc is visiable.

Just a little tidbit that might have contributed to this issue. I normally have good luck with upgrading SEP. I upgraded the SEPM first and then went to do the clients on both the Exchange and DC servers. Exchange would not start no matter what I tried. After a couple hours with Symantec Support we just left the anti-virus on the servers. Still no go. I uninstalled completely and rebooted and still could not get Exchange to start up !

I resorted to disaster recovery for both servers and then did a restore to the recent mailboxdatabase. DR was 3 weeks old so I am thinking the health mailboxes got confused and started working erratically. DR was bare metal and that includes AD. Just a theory I just thought of. Thanks.

Frank Angelini

ASKER

Things have been better and more stable. I will be looking at different security products that might be a better fit for me.

I also added a couple more over-rides to further loosen things up a bit but still have the Health Manager running and doing its thing:

Add-GlobalMonitoringOverride -Identity Store\DirectoryServiceAndStoreMaintenanceAssistantMonitor -ItemType Monitor -PropertyName MonitoringIntervalSeconds -PropertyValue 115200 –ApplyVersion “15.0.847.32”

Add-GlobalMonitoringOverride -Identity Store\DatabaseRepeatedMountsMonitor -ItemType Monitor -PropertyName MonitoringIntervalSeconds -PropertyValue 3600 –ApplyVersion “15.0.847.32”