Wednesday, October 3, 2012

ExMon Unknown Start Trace Error (183)


When trying to run Exchange Monitor (ExMon) you may run into this error:




Here are the steps to fix this common problem.
  • From the CMD prompt, Query the running traces:
    • Logman query -ets
    • You should see one called "Exchange Event Trace"
  • To stop the Exmon trace, run this:
    • Logman stop “Exchange Event Trace” -ets
  • You should now be able to run ExMon

Tuesday, October 2, 2012

MS Exchange abnormal log generation


We came across an issue where one of our Exchange 2010 databases was quickly filling with logs.  The server was generating 10-20 times more logs than average, which caused the database drive to fill and took the database offline.

The root cause, a user had updated their iPhone iOS which resulted in a sync error with ActiveSync.  I discovered this by using the below tips to locate the mailbox generating the logs and disabling the ActiveSync feature for the mailbox.  With ActiveSync disabled the logs stopped.  So a quick wipe of the Exchange account from the iPhone, rebooting the iPhone, and recreating the Exchange account on the iPhone resolved the issue.

If you have a single mailbox database you are lucky, and the Exchange User Monitor should be all you need. Download Exchange User Monitor (ExMon) from Microsoft:
http://www.microsoft.com/en-us/download/details.aspx?id=11461

Run the ExMon.exe application from "C:\Program Files (x86)\Exchange User Monitor".  With ExMon you can see the users mailboxes, their CPU usage, Bytes In, Bytes out, Log Bytes, etc.  You may quickly find a user with a large consistent CPU usage and large Log Bytes compared to other users, this may be your culprit.  Try disabling their Exchange ActiveSync within the Mailbox Features.  This will only stop the ActiveSync communication, the mobile device will reconnect when you re-enable the ActiveSync, so no need to reconfigure the mobile device if this doesn't resolve the log issue.  With ActiveSync disabled for the suspected log generating mailbox, monitor the logs for the database and verify they have returned to a normal generation rate.  If so, you found the user.  Delete the email account from the mobile device, restart the device, and then re-add the email account.

If you ever run into the 'Unknown Start Trace Error (183)' when starting ExMon, see this post for a fix.

If you have multiple databases, ExMon is not as easy as it will list all mailboxes for the server.  To filter per database, us the Exchange Management Shell and this powershell script.

Get-StoreUsageStatistics -Database <DatabaseIdParameter> | export-csv c:\temp\LogonStats.csv

Modify the <DatabaseIdParameter> to the name of your database, and also change the path for the export of the csv file.  You can find additional information on this command here:
http://technet.microsoft.com/en-us/library/dd876852.aspx