<

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x

Monitoring Exchange 2010 and Message Flow Using PowerShell Scripts

Published on
7,647 Points
4,047 Views
6 Endorsements
Last Modified:
If the message delivery in an environment is slow, generally the slow network is blamed for it. However, if everything is working well, but still the mail-flow in the organization is affected, then possibility is that a message is stuck in the transport sever queue and restricting delivery of other messages. Here, we will discuss how to check the delivery status of the Exchange messages using PowerShell scripts.
 

Messages in Transport Queue:


When a message is sent or received, it is stored in the transport queue for a limited time interval. A mailbox server can have more than one queue, depending upon message destination. It is one of the convenient and the finest way to keep a track of message delivery status that helps in maintaining the work flow. The Get-Queue cmdlet allows viewing the messages that are the part of transport server. 

image001.pngHow it Works:

By running the Get-Queue cmdlet, different results for the awaiting delivery of message can be returned by the command. The queue types of mailbox server are as follows:
 
  • Submission Queue: The mails are first received by the submission queue and are then moved to deliver or retry queue. The identity of the queue is available as \Submission.
 
  • SMTP Delivery to Mailbox Queue: This queue will have mails that are headed for delivery through SMTP. This queue is available as \Unique Number and will be used only on Mailbox Server.
 
  • Remote Delivery Queue: This queue will have mails that are routed to another server through SMTP. This will be listed as \Unique Number
 
  • Poison Message Queue: This queue will have messages that are considered to be potentially unsafe and will be listed as <Servername>\Poison.
 
  • Unreachable Queue: This will have messages that did not reach its destination. It is listed as <Servername>\Unreachable
 

Actions that can be taken on Mails in the Queue


Suspend: In order to restrict delivery of the message in queue, the Suspend-Message can be used:

image002.pngNote: The messages in Submission and Poison queue cannot be suspended.

Resume: If the messages are stuck in the queue, their delivery can be resumed using the Resume-Message cmdlet can be used. 

image004.pngRetry: To force delivery of message in queue, use the Retry-Message cmdlet. This will resubmit the mails into submission queue so that they can be processed again. 

image005.pngTo resubmit messages that are in unreachable queue, following cmdlet will be used:

image007.pngNote: Messages that are in the suspended queue cannot be submitted for delivery trial using Retry-Queue.
Remove: To purge the messages from queue, the Remove-Message cmdlet can be used. 

image008.pngThe sender of the message will receive Non-Delivery Report (NDR) message with a suggestion to resent the mail. In the command shared above, the –Confirm parameter is set to false which means an NDR will not be sent to the sender of message.
 

Get Details of a Message in a Log


The Get-MessageTrackingLog cmdlet in Exchange Server gives an account for the mail flow in the organization. Here we will learn how to generate a log report for message tracking from multiple servers in the organization.

To get information about the messages that are traversed through the mailbox server within a definite time span, following command can be used. For Example: The following command will return the log for messages that have been sent from SMTP and MBX Server. 

image010.pngThe message tracking option in Exchange Server is enabled by default and every mailbox server records the mail flow log that gets stored at following location:
<install path>\V15\TranportRoles\Log\MessageTrackingdirectory

Open in new window

The maximum size of a log file is 10 MB and once this file is filled with the data within defined limits, a new log file is generated.

The logs files are available until the maximum size for the directory is reached or 30 days limitation have passed. Also, through circular logging, logs can be removed as per requirement. These options can be configured using the Set-TransportService cmdlet.

In the example shared above, we mentioned a mailbox server against which the command should be run. However, the network topology may differ and thus there can be need to involve more than one server to get accurate results.

For example: Say an organization has multiple servers and the message tracking for one of the employees has to be done within a certain time stamp. In that case, following command can be used:

image012.pngHere, the Get-TransportService cmdlet is used in order to get the list of mailboxes from all servers within the organization. The resultant is then piped to the Get-MessageTracking cmdlet where the start and end time has to be provided along with the EventId and the sender.

The results thus obtained include message sender/recipient, its size, subject, and IP address of the server where the mail has arrived. This is then piped to the Export-CSV for generating an external report.
 

What is the –EventId Parameter?


In the above commands, you must have noticed the –EventId parameter. This helps to categorize as what type of log when the search is performed. Following are the event categories that can be used:

image013.pngFor example: To search message tracking logs based on recipients on mailtest server, following command can be run:
image014.pngFollowing these PowerShell commands, it is easy for an administrator to maintain mail flow for messages within and outside the organization. Also, message-tracking can be done using Exchange Management Console also with same options and facilities available in PowerShell, just in case if the admin feels comfortable with GUI. 
6
Comment
0 Comments

Featured Post

Defend Against the Q2 Top Security Threats

Were you aware that overall malware worldwide was down a surprising 42% from Q1'18? Every quarter, the WatchGuard Threat Lab releases an Internet Security Report that analyzes the top threat trends impacting companies worldwide. Learn more by viewing our on-demand webinar today!

Join & Write a Comment

Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…
Screencast - Getting to Know the Pipeline

Keep in touch with Experts Exchange

Tech news and trends delivered to your inbox every month