Managing Exchange 2003 with SCOM 2007 (Part 1)

If you would like to read the next part in this article series please go to Managing Exchange 2003 with SCOM 2007 (Part 2)

Monitoring your Exchange Servers is an absolutely essential task in order to guarantee that the messaging environment is operating reliably. Depending on the complexity of your IT infrastructure, there may be a huge effort involved in monitoring and operations.

The Exchange Server 2003 Management Pack (MP) for Operations Manager 2007 contains rules to monitor a significant subset of server health indicators and create alerts when problems are detected, or when reasonable thresholds are exceeded.

The following table provides an overview of the Exchange Server 2003 MP monitoring functionality that is enabled through Operations Manager 2007:

Exchange Component

Monitoring Functionality

Exchange client access

  • MAPI Logon State monitoring
  • Performance measuring and alerting

Exchange mail flow

  • State of synthetic e-mail flow
  • Performance measuring and alerting

Exchange back end

  • Directory Access monitoring and alerting
  • Mailbox status
  • Public folder status

Exchange front end

  • Outlook Web Access monitoring
  • Outlook Mobile Access monitoring
  • Exchange ActiveSync monitoring
  • Performance measuring and alerting

Configuration and Security

  • Data Store mount status
  • Exchange best practices

Exchange and related service monitoring

  • Exchange Services monitoring
  • Exchange messaging-related service

Operating System metrics

  • Monitoring and alerting of specialized operating system metrics

Exchange Event Log monitoring

  • Comprehensive rules for Exchange
  • Detailed product knowledge on events

Exchange Topology discovery

  • Organization-wide Exchange Topology discovery
  • Topology Diagram view

Table 1: Exchange 2003 MP monitoring functionalities

Besides all the monitoring features, System Center Operations Manager (SCOM) 2007 and the Exchange Server MP will give you the reporting capability that Exchange Server 2003 lacks by itself.

Although significant improvements have been made since the release of MOM 2000, configuring the platform in general and the Exchange MP in particular can become quite a challenge.

These are more than enough reasons why I decided to write this configuration guide for the Exchange 2003 MP. I won’t cover the installation process of the SCOM 2007 components, only the importing and configuring processes of the Exchange 2003 MP.

What’s New

The Exchange Server 2003 MP for Operations Manager 2007 contains the following new functionality:

  • Self-tuning threshold monitors for e-mail message queue (the values at which alerts should be raised are automatically set based on the learned values).
  • A console task that starts the Exchange Server System Manager.
  • Agent tasks that perform the following functions:
    - Install the Exchange Server Best Practices Analyzer.
    - Query local domain controllers to find out the ones that an Exchange server is currently using.
    - Start, stop, pause, and resume Exchange monitored services.
  • An agent task targeted at Exchange MAPI Logon that performs a synthetic logon to MAPI.

Solution Topology

For the purpose of writing this article, I installed the following environment on my test lab:

Figure 1:
Solution topology

As you can see, I’ll use a server called SCOM2007 to monitor an Exchange front-end (E2K3FE) and an Exchange back-end (VM1), which is also the domain controller for the domain

Secure Exchange 2003 Servers

We must first configure the Exchange environment, before the servers can be managed by Operations Manager 2007

  1. Configure SSL on Exchange Server 2003 front-end servers. SSL is required on the Outlook Web Access, Outlook Mobile Access, and Exchange ActiveSync Web sites. In order to accomplish these tasks, you must first install a certificate on the Exchange website and then require SSL (Figure 2) on the following virtual directories: Exchange, Microsoft-Server-ActiveSync, OMA and Public.
    If you don’t have a front-end, after you enable SSL, ActiveSync and OMA might stop working. If that’s the case, follow the steps from the Knowledge Base article 817379.

2: Virtual Directory security settings

  1. Enable forms based authentication on the front-end servers. If administrative groups are enabled, expand Administrative Groups, expand Servers, and then expand your front-end server. Expand Protocols, expand HTTP, right-click Exchange Virtual Server, and then click Properties. Click the Settings tab and enable the check box Enable Forms Based Authentication (Figure 3).

Figure 3: Forms Based Authentication

  1. On every Exchange server, verify that message tracking log shares (\\SERVER\SERVER.LOG) are locked down: remove the Everyone Group from Share Permissions (Figure 4).

Figure 4: Message tracking log share permissions

  1. Verify that SMTP cannot anonymously relay messages: follow the procedures from the KB article 895853.

Install .NET Hotfix

Install the .NET Framework hotfix on Exchange servers, if required. If you have upgraded the .NET Framework from version 1.1 to 2.0 on your Exchange 2003 servers, you must apply the hotfix described in KB article 919356. Although the article says the hotfix addresses an issue related to monitoring Exchange Server 2003 with MOM 2005, the hotfix is also applicable to Exchange Server 2003 with Operations Manager 2007.

Install the Exchange Server 2003 MP

Download and install the required Management Pack files. To monitor Exchange Server 2003 with Operations Manager 2007, you need the following Management Pack files:

  • (Exchange Server Core Library)
  • (Exchange Server 2003 Discovery)
  • (Exchange Server 2003 Monitoring)

You can find the latest Management Packs at System Center Operations Manager 2007 Catalog. The Management Packs that ship with Operations Manager 2007 are in the ManagementPacks directory of the installation CD.

To import the Exchange 2003 MP, open the SCOM 2007 Operations Console. Click the Administration tab, right-click the Management Packs node and then click Import Management Packs. Select the required Management Packs and then click the Import button. After the import process is complete and the dialog box displays an icon next to each Management Pack that indicates success of the importation, click the Close button.

Add the Exchange servers as agent managed computers

  1. Click the Administration tab and then click Configure computers and devices to manage on the Actions pane. This will start the Computer and Device Management Wizard (Figure 5). Click Next, choose Advanced Discovery (Figure 6) and select Servers Only from the Computers & Device Types drop-down box.

5: Computer and Device Management Wizard

6: Advanced discovery

  1. On the next window, browse for the computers you are adding (Figure 7) and click Next. Select Use selected Management Server Action Account (Figure 8), click Discovery and wait for the discovery results. (Figure 9). If the Discovery Wizard stops responding, follow the procedures from KB article 941409. Figure 10 shows a brief summary that is displayed at the end of the wizard. Click Finish.

7: Discovery Method

8: Administrator Account

9: Select Objects to Manage

10: Summary

  1. If the agent installation was successful, on each Exchange server you’ll be able to see the System Center Operations Manager 2007 Agent listed on the Add/Remove Programs (Figure 11). A new service is also created, the OpsMgr Health Service, as depicted in Figure 12.

11: Add/Remove Programs

12: OpsMgr Health Service Properties

Management Pack Configuration Wizard

Install and run the Exchange Management Pack Configuration Wizard on one of the Exchange servers. You must use version 06.05.7903 (or higher) of the Microsoft Exchange Server MP Configuration Wizard with Operations Manager 2007. The user running the wizard must be a local administrator and must have at least Exchange full administrator rights on the administrative group or the organization.

  1. After installing it, run the Exchange Management Pack Configuration Wizard and on the Welcome page, click Next. (Figure 13). On the Administrative Group page, select the Administrative group from the drop-down list that you want to manage and click Next (Figure 14). On the Select Servers page, select the servers that you want to configure and then click Next (Figure 15).

13: Microsoft Exchange Server Management Pack Configuration Wizard

14: Selecting the Administrative Group

15: Select Servers

  1. On the Server Configuration Type page (Figure 16), you can normally leave it set to Default. We’re going to check Custom just for demonstrating purposes. Click Next. On the Properties page, select the properties you want to configure for monitoring (Figure 17) and click Next.

16: Server Configuration Type

17: Exchange Monitoring Properties

  1. On the Message Tracking page (Figure 18) and on the Front-end Monitoring page (Figure 19), you have the option to Enable or Disable front-end monitoring. On the Service Monitoring page (Figure 20), you have the option to select or clear the services that will be monitored. We’ll leave the default settings on all these pages.

18: Message Tracking

19: Front-end Monitoring

20: Service Monitoring

  1. On the Mailbox Availability page (Figure 21), you can configure Per server monitoring or Per store monitoring (you can also Disable mailbox availability monitoring). If you select Per server monitoring, you must disable the Verify Test Mailboxes rule that is targeted at the Exchange 2003 Role object type (we’ll cover this on next part of this article). Click Next.
  2. On the Mail Flow page (Figure 22), click a Sending server and its Receiving servers (only back-end servers are listed). Click Next.

21: Mailbox Availability

22: Mail Flow

  1. On the Mailbox Access Account page (Figure 23), type the account and password that will be used to test the mailboxes, and then click Next. If the account does not exist, it will be created.

  2. On the Summary page (Figure 24), review the configuration settings and then click Next. You can also click Save to save an *.XML file of the configuration settings.

  3. When the Completing the Microsoft Exchange Management Pack Configuration Wizard page (Figure 25) displays, click Finish. A logfile is created at %TEMP%\ConfigurationLog.xml.

23: Mailbox Access Account

24: Summary

25: Completing the Microsoft Exchange Management Pack Configuration Wizard

Every time you add a new server running Exchange Server 2003 to Operations Manager 2007, you must run the Configuration Wizard again for that server.

If you run the Configuration Wizard against a cluster instance, you may get the following error:

Error: Cannot configure the mailbox access account on computer 'SERVER_NAME'. This configuration can only be made after the Exchange MOM event 9986 is registered by MOM.

Although there’s a KB article about this problem (Knowledge Base article 899382), the only way I found to solve the problem without a failover was to follow the procedures described by Lee Chang on this link.


And this concludes part 1 of this 2 part article. In the next part we will cover the configuration process within the Operations Console required to monitor Exchange Servers with Operations Manager 2007.

Related Links

If you would like to read the next part in this article series please go to Managing Exchange 2003 with SCOM 2007 (Part 2)

Rui Silva

Published by
Rui Silva

Recent Posts

5 ways to automate Kubernetes cluster management

While there are a several tools and platforms to automate Kubernetes cluster management, it’s important…

2 days ago

DevSecOps best practices to ensure quick and secure development

Organizations looking to unite application developers, security teams, and IT operations must implement DevSecOps best…

2 days ago

Microsoft 365 administration: More on configuring Microsoft Teams

Our Microsoft 365 administration series continues with more on configuring Microsoft Teams. In this article,…

2 days ago

Review: Powerful and secure faxing solution GFI FaxMaker

GFI FaxMaker is a powerful and complete solution that should meet the requirements of every…

3 days ago

Port in a storm: Creating port ACLs for Hyper-V for better security

There’s no rule that says that you have to make use of port ACLs, but…

3 days ago

Network appliances: A third way when servers and cloud just won’t cut it

If the cloud doesn't seem right and buying a server costs too much, maybe network…

3 days ago