Message tracking can go a long way in helping you to troubleshoot message routing problems and identify whether your Exchange organization is responsible for those messages that just 'disappear'. In this article we look at how to use the message tracking feature in Exchange 2003.
About Message Tracking
Exchange Message Tracking is a feature that allows you to track the flow of messages that are transferred through your Exchange organization. Messages going to or coming from non-Exchange systems can also be tracked. This feature is useful if you have someone call you up and say they are waiting for a message that never got delivered, or that they sent a message which the recipient never received. There are many external reasons as to why a message might not have been delivered but using message tracking you can at least confirm that your Exchange organization is not at fault. In Exchange 2003 message tracking has been improved and you can now track messages through the post-categorization and routing stage.
Message Tracking is disabled by default and will have to be enabled manually on each Exchange Server, unless you use a system wide policy to enable it automatically on all servers. Through the Message Tracking Center you can then search for messages easily and check a message's history to see the events that it went through. You can, for example, locate messages that are stuck in the message queue and failed to reach their intended destination (i.e.: a users' mailbox). You can also open the log files directly and analyze message tracking information in a standard text editor or Microsoft Excel.
You might notice a slight decrease in performance if you enable message tracking on a slower system as additional system resources are consumed. If you do happen to be running a slower system or perhaps you have an excessive amount of mail flow then you might consider enabling message tracking only when there are reports of message delivery problems, rather than enabling it from the start. On the other hand however, if you have a very powerful machine and reasonable mail flow then you might want to enable it straight away. It's all about finding the right balance; you can always enable it, see how it goes and then act accordingly.
Enabling Messaging Tracking
To enable message tracking, open the Exchange System Manager and navigate to Organization Name | Servers | Server Name, right click and select properties to bring up the General tab of the Exchange Server properties dialog. Select Enable message tracking. A message box will pop up informing you that you will have to grant read permissions for those users who you wish to be able to view the message tracking logs.
When you press OK, the log file will be created in the location you specified. By default this location is \Program Files\Exchsrvr\ComputerName.log\.
Figure 1 - Enabling message tracking
Set the 'Enable subject logging and display' checkbox to have also the subject of an e-mail message logged to the message tracking log file. Before enabling this option it is important that you check your organization's security policy; some security policies do not allow the subject of an e-mail to be viewed by anyone. Also note that logging the subject does create an additional amount of overhead, especially on high volume processing Exchange Servers.
When you enable message tracking you are given the option to specify the amount of time the log files should remain on disk before they are deleted. By default there is a 7 day limit. If you wish to set a different amount of time then check the Remove log files checkbox and enter a value of your choice.
The Message Tracking Log File
The message tracking log file is a tabular text file which holds a YYYYMMDD.log file name format; a new file is created every day. It stores message transport details such as the date and time that each step was performed, the Message ID, number of recipients, server name and IP Address, the Event ID as well as whether the message is encrypted or not.
TIP: To be able to read the log more clearly it would be a good idea to open it with Microsoft Excel so everything will be more structured.
The Event IDs will assist you in identifying at which stage the message was in so you can track its progress. For example, if I'm looking through a message tracking log and I see an ID of 1028 I know that the message has successfully been delivered to a local recipient. Similarly, if I see an ID of 1034 I know the message was queued and routed for remote delivery. Of course, if this was the last entry I saw in the log for a particular message I would investigate why the message is remaining in the queue.
TIP: Visit http://support.microsoft.com/kb/821905 for a list of message tracking Event IDs in Exchange 2003 and see what each ID means.
Using the Message Tracking Center
The Message Tracking Center allows you to search for messages and view details about what happened at each event during the message transfer process. You can specify the Sender or Recipients of a message or search by Message ID for a more accurate result.
Navigate to the Message Tracking Center snap-in from Exchange System Manager, under Organization Name | Tools. Alternatively you can open the Message Tracking Center snap-in from a separate MMC console.
Figure 2 shows the message tracking center snap-in. In this example I have searched by Message ID and as the results pane shows there is one message that corresponds to my criteria.
Figure 2 - The Message Tracking Center
If you right click on the result you are given the option to view the message properties (which include most of what you would see in the raw log file such as message size, priority, and recipients) or Track the message. If you choose to Track the message you will be shown a screen such as the one seen in figure 3 below.
Figure 3 - Viewing the Message History
Message History shows what happened at each event while the message was being transferred through the Exchange organization. In this example, the message was submitted to the Advanced Queuing engine, then to the Categorizer and queued for routing eventually to be delivered to a local recipient called andrew@ztabona.local. You will see a more detailed list of events for a message that passes through multiple servers. Use this information to investigation any possible reasons as to why a message might have stopped at a certain point.
Conclusion
As we have seen, message tracking is a nifty little feature that can help you analyze the flow of messages and prove to users that the message has left your Exchange organization.
References
Message tracking event IDs in Exchange Server 2003
How to enable message tracking in Exchange 2000 Server and in Exchange Server 2003