Objective 5.5 Exchange 2010 Flashcards
Objective 5.5: Configure logging.
You need to know how to use protocol logging to log the SMTP communication between email servers that occurs as part of message delivery. You should know that this traffic is called SMTP ______ and that it occurs on Send connectors and Receive connectors configured on Hub Transport or Edge Transport servers.
conversations
The exam might test that you know that protocol logging is ______ by default and is enabled or disabled on a per-connector basis, and that the Receive connectors (and the Send connectors) on a Hub Transport or Edge Transport server share the same protocol log files and protocol log options.
disabled
You can use the ______ cmdlet to configure the intraorganization Send connector.
Set-TransportServer
The following EMS command enables protocol logging for the intraorganization Send connector: ______.
Set-TransportServer –IntraOrgConnectorProtocolLoggingLevel Verbose
The following command disables protocol logging for the intra-organization Send connector, if this has previously been enabled: ______.
Set-TransportServer –IntraOrgConnectorProtocolLoggingLevel None
Note that you cannot use the ______ to enable or disable protocol logging for the intra-organization Send connector.
EMC
You can use the EMS ______ or ______ to enable or disable protocol logging on a Receive or Send connector, respectively.
Set-ReceiveConnector, or
Set-SendConnector
If you use the EMS, then, for example, the following command enables protocol logging for the Default VAN-EX2 Receive connector: ______.
Set-ReceiveConnector “Default VAN-EX2” -ProtocolLoggingLevel Verbose
The following command disables protocol logging for the Send connector MySendConnector: ______.
Set-SendConnector MySendConnector -ProtocolLoggingLevel None
The following command enables protocol logging for the intra-organization Send connector on the Hub Transport server VAN-EX1: ______.
Set-TransportServer –Identity VAN-EX1 –IntraOrgConnectorProtocolLoggingLevel Verbose
You can access a connector’s Properties dialog box in the EMC to change its location. You can also use the ______ cmdlet.
Set-TransportServer
Tthe following command moves the Receive connector protocol log directory to C:\ProtolcolLogs\Receive on the Hub Transport server VAN-EX1: ______.
Set-TransportServer –Identity VAN-EX1 -ReceiveProtocolLogPath C:\ProtocolLogs\Receive
The following command moves the Send connector protocol log directory to C:\ProtolcolLogs\Send on the same server: ______.
Set-TransportServer –Identity VAN-EX1 -SendProtocolLogPath C:\ProtocolLogs\Send
You cannot use the connector Properties dialog box in the EMC to set the maximum size of Receive connector and Send connector protocol log files, you must use the ______ cmdlet.
Set-TransportServer
The following command sets the maximum size of Receive connector protocol log files to 15 MB on the Hub Transport server VAN-EX1: ______.
Set-TransportServer –Identity VAN-EX1 -ReceiveProtocolLogMaxFileSize 15MB
To set the maximum size of Send connector protocol log files to 20 MB on the Edge Transport server DEN-EDGE1, you would enter the following command: ______.
Set-TransportServer –Identity DEN-EDGE1 -SendProtocolLogMaxFileSize 20MB
Store logging provides a database ______ mechanism.
recovery
Exchange store logging, or transaction logging, is an Extensible Storage Engine (ESE) recovery mechanism designed to restore an Exchange database to a ______ state after any sudden stoppage. The logging mechanism is also used when creating and restoring online backups.
consistent
The exam might expect you to know that diagnostic logs such as agent logs can be configured with one of five logging levels: ______.
- Lowest (the default),
- Low,
- Medium,
- High, and
- Expert.
You should, however, be aware that protocol logging has only two logging levels: ______ and ______. Changing the diagnostic logging level for a given process can cause additional events to be written to the event log.
Verbose, and
None
You can use the EMC Manage Diagnostic Logging Properties Wizard to configure logging levels. You can also use the EMS ______ cmdlet.
Set-EventLogLevel
The following command changes the MSExchangeTransport\Agents logging level to High: ______.
Set-EventLogLevel -Identity “MSExchangeTransport\Agents” -Level High
You need to know how you can use agent logs to record actions performed on a message by specified anti-spam agents that you have installed and configured on an Edge Transport or Hub Transport server. The exam might ask about the following agents that can write information to the agent log: ______.
- The connection and content filter agents
- The edge rules agent
- The recipient and sender filter agents
- The sender identity (ID) agent
Transport agents act on messages at specific access points in the SMTP command sequence that transports messages through a Hub Transport server or Edge Transport server. These access points are called SMTP ______.
events
The anti-spam agent logs on a Hub Transport server are located in the folder ______.
C:\Program Files\Microsoft\Exchange Server\V14\TransportRoles\Logs\AgentLog
You can use commands based on the EMS ______ cmdlet on an Edge or Hub Transport server to access the information in an agent log.
Get-AgentLog
The following command returns a report containing statistics collected between 09:00 (9:00 AM), October 4, 2011, and 18:00 (6:00 PM), November 5, 2011: ______.
Get-AgentLog -StartDate “10/04/2011 9:00:00 AM” -EndDate “11/05/2011 6:00:00 PM”
You can use the EMS ______ script to search the agent logs and obtain anti-spam filtering statistics.
Get-AntiSpamFilteringReport.ps1
You can enable or disable agent logging by modifying the Edge ______ file.
Transport.exe.config
By default, agent logging is enabled on Hub Transport and Edge Transport servers. You can enable or disable agent logging by modifying the ______ key that is present in the EdgeTransport.exe.config file.
AgentLogEnabled
You should be aware that message tracking records the SMTP ______ activity of all messages transferred to and from a Hub Transport, Edge Transport, or Mailbox server.
transport
Message tracking is ______ by default on Hub Transport, Edge Transport, and Mailbox servers.
enabled
You can use the EMC to disable or enable message tracking on Hub Transport and Edge Transport servers but not on ______ servers.
Mailbox
You can use the ______ cmdlet to enable or disable message tracking on Mailbox servers.
Set-MailboxServer
You can use the ______ cmdlet to enable or disable message tracking on Edge Transport and Hub Transport servers.
Set-TransportServer
The following command disables message tracking on the Hub Transport server VAN-EX2: ______.
Set-TransportServer –Identity VAN-EX2 –MessageTrackingLogEnabled $false
The following command enables message tracking on the Mailbox server VAN-EX1 (assuming this has previously been disabled): ______.
Set-MailboxServer –Identity VAN-EX1 –MessageTrackingLogEnabled $true
You can use EMS commands to reconfigure the message tracking log location for all three server roles. For example, the following command changes the message tracking log location on the Hub Transport server VAN-EX2 to C:\Logfiles\MessageTracking: ______.
Set-TransportServer –Identity VAN-EX2 -MessageTrackingLogPath C:\Logfiles\MessageTracking
You can use the ______, ______, and ______ parameters to change the maximum size of each message tracking log file, to specify the maximum size of the message tracking log directory, and to configure maximum age for an individual message tracking log, respectively.
MessageTrackingLogMaxFileSize,
MessageTrackingLogMaxDirectorySize, and
MessageTrackingLogMaxAge
The following command changes the maximum age of message tracking logs on the Mailbox server VAN-EX1 to 40 days: ______.
Set-MailboxServer –Identity VAN-EX1 -MessageTrackingLogMaxAge 40.00:00:00
You can use the EMS but not the EMC to enable or disable message ______ logging in message tracking logs on Edge Transport, Hub Transport, and Mailbox servers.
subject
The following command disables message subject logging in message tracking logs on the Hub Transport server VAN-EX2: ______.
Set-TransportServer –Identity VAN-EX2 -MessageTrackingLogSubjectLoggingEnabled $false
______—one of the ExTRA tools in the EMS—provides details of all message activity as messages are transferred to and from an Exchange server that has the Hub Transport server role, the Mailbox server role, or the Edge Transport server role installed.
Tracking Log Explorer
Exchange servers that have the Client Access server role or Unified Messaging server role installed (and none of the other three roles) do not have message ______ logs.
tracking
You can also use the EMS ______ cmdlet to locate messages in a tracking log.
Get-MessageTrackingLog
The following command accesses all messages with a RECEIVE EventID between the times and dates specified: ______.
Get-MessageTrackingLog –EventID RECEIVE –Start 3/18/2012 5:37:00 AM –End 3/18/2012 5:47:00 AM
You might be tested on the use of the ______ cmdlet to change logging levels and the ______ cmdlet to display them.
Set-EventLogLevel,
Get-EventLogLevel
You should know that Exchange 2010 records most of its events to the ______ log. However, some events are recorded in other event logs.
application
You can use Event viewer to change the size of event logs and alter the path where the logs are stored. You can also use the Windows Server 2008 (and 2008 R2) ______ command-line tool.
Wevtutil
The following command, entered in an elevated command prompt, changes the size of the Exchange Auditing log file to 100 MB: ______
Wevtutil sl “Exchange Auditing” /ms:104857600
Exchange 2010 makes use of ______ channel logging.
crimson
You can ______ EMS command output to a .txt or .csv file. By doing so, you create a file that can be analyzed by (for example) Microsoft Office Excel or third-party reporting software.
redirect
You can choose to redirect output that has been previously formatted as a list or table and filtered by the FL or FT cmdlets, or you can use the facilities provided by the reporting software. The following command script creates a file called DecemberStats.csv for future analysis: ______.
Get-MailboxStatistics –Database “MBDB01” | Sort-Object TotalItemSize –Descending | FT > DecemberStats.csv
What EMS command changes the maximum size of each message tracking log file on the hub transport server VAN-HUB1 to 25 MB?
The Set-TransportServer –Identity HUB-EX2 -MessageTrackingLogMaxFileSize 25MB command.
You are responsible for managing an Exchange Server 2010 SP2 Hub Transport server named VAN-EX01 that supports message tracking. What actions can you take to change the location of the message tracking log file on that server?
You can change the Hub Transport server object properties in the EMC or use the EMS Set-TransportServer cmdlet.
What EMS command returns a report containing statistics collected in an agent log between 08:00 hours on October 4, 2012, and 19:00 hours, November 5, 2012?
The Get-AgentLog -StartDate “10/04/2012 8:00:00 AM” -EndDate “11/05/2012 7:00:00 PM” command.
An SMTP server on the Internet has rejected some email messages sent from your Exchange 2010 organization. What steps should you take to troubleshoot the problem?
You should access your organization’s Send connectors and enable protocol logging by setting the protocol logging level to Verbose. You should then check the protocol log files.
What EMS command do you issue to enable protocol logging for the intraorganization Send connector on an Edge Transport server?
You issue the Set-TransportServer –IntraOrgConnectorProtocolLoggingLevel Verbose command.
