Tuesday, October 27, 2015

Message Tracking Logs Missing

The other day someone asked me for help regarding Message Tracking Logs missing. The problem was that the person had the message tracking logs configured to save 60 days’ worth of data but he could not find a particular email that was supposedly delivered before those 60 days.
 
The first step was to verify that 60 days of logs were actually being saved:
Get-TransportService | Select MessageTrackingLogMax*
MessageTrackingLogMaxAge:           60 Days
MessageTrackingLogMaxDirectorySize: 1000 MB
MessageTrackingLogMaxFileSize:      10MB

Going to the location where the logs are saved (by default %ExchangeInstallPath%TransportRoles\Logs\MessageTracking), there were indeed 60 days’ worth of logs, so why couldn’t we find the email?! Also, the overall folder size was over 1GB in size... But how can that be if we specified to only use 1000MB?! Let us go back a bit first...
 
The naming convention for message tracking log files in Exchange 2013 is MSGTRKyyyymmdd-nnnn.log, MSGTRKMAyyyymmdd-nnnn.log, MSGTRKMDyyyymmdd-nnnn.log and MSGTRKMSyyyymmdd-nnnn.log . The different logs are used by the following services:
  • MSGTRK: these logs are associated with the Transport service;
  • MSGTRKMA: these logs are associated with the approvals and rejections used by moderated transport;
  • MSGTRKMD: these logs are associated with messages delivered to mailboxes by the Mailbox Transport Delivery service;
  • MSGTRKMS: these logs are associated with messages sent from mailboxes by the Mailbox Transport Submission service.
 
The placeholders in the log file names represent the following information:
  • The placeholder yyyymmdd is the coordinated universal time (UTC) date on which the log file was created. Yyyy = year, mm = month and dd = day;
  • The placeholder nnnn is an instance number that starts at the value of 1 daily for each message tracking log file name prefix.
 
Information is written to each log file until the file size reaches its maximum specified value (MessageTrackingLogMaxFileSize) for each log file. Then, a new log file that has an incremented instance number is opened. This process is repeated throughout the day. The log file rotation functionality deletes the oldest log files when either of the following conditions is true:
  • A log file reaches its maximum specified age;
  • The message tracking log directory reaches its maximum specified size.
 
Now here comes the important part! The maximum size of the message tracking log directory is calculated as the total size of all log files that have the same name prefix. Other files that do not follow the name prefix convention are not counted in the total directory size calculation.
On Exchange 2013 Mailbox servers, the maximum size of the message tracking log directory is three times the specified value. Although the message tracking log files that are generated by the four different services have four different name prefixes, the amount and frequency of data written to the MSGTRKMA log files is negligible compared to the three other log file prefixes.
 
Going back to the initial issue, the problem was that there were less than 60 days’ worth of MSGTRKMD logs as the combined log files size has met the 1000 MB limit...
So, the bottom line is that, as with Exchange 2010, if you want to keep X amount of days of message tracking logs, ensure you set MessageTrackingLogMaxDirectorySize to a high enough value.
Posted by 2 comments:
Labels: , , ,

How to Bypass the Clutter in Exchange Online

Clutter is a feature in Office 365 designed to help users focus on the most important messages in their Inbox by moving lower priority messages out of their way and into a new Clutter folder. Exchange Online keeps track of the emails users read and the ones they don't read. Once it is turned it on, Clutter is automatic. As new email comes in, it takes messages users are most likely to ignore and puts them into the Clutter folder. The more users use it, the better it gets.

For organizations, it is important to ensure that certain messages do not end up in users’ Clutter folders. These could be messages from the CEO, from the HR or Finance departments, from the ServiceDesk, etc. In order to ensure this is the case, we need to create a transport rule that makes sure that these messages bypass the clutter folder.

We can do this by using PowerShell to create a rule similar to the following for example:
New-TransportRule -Name “Bypass Clutter” –From servicedesk@nunomota.pt -SetHeaderName “X-MS-Exchange-Organization-BypassClutter” -SetHeaderValue “true”

Please note that both “X-MS-Exchange-Organization-BypassClutter” and “true” are case sensitive!

If we prefer to use the UI, the transport rule will look like this:

Posted by No comments:
Labels:

Office 365 Support and Recovery Assistance tool

If you are experiencing problems with Outlook or are having trouble installing Office apps, Microsoft's new Office 365 Support and Recovery Assistant tool (aka SaRA) can help diagnose and fix many common user or client side issues.

The tool performs a series of diagnostics tests to help identify the root cause of issues, such as verifying users’ credentials, licenses, updates to Outlook clients, and whether Outlook servers are reachable. Depending on the test results, it can offer to automatically fix problems for users or provide instruction on recommended solutions. All the diagnostics results are saved in a log file for users to share with their Outlook admin or support engineers for further investigation.
Each time we run SaRa, it automatically gets updated to its latest version, so it can troubleshoot any new Outlook problems.

SaRA, still in the pre-release (beta) stage, can be downloaded from this link: http://aka.ms/snrpublic
Posted by No comments:
Labels: ,
Subscribe to: Posts (Atom)