Monitoring Exchange 2007 / 2010 with Powershell (Part 2)



If you would like to read the other parts in this article series please go to:

Introduction

In the first part of this series we highlighted that the ability to know what is happening on your Exchange Servers quickly and accurately is key to effective Exchange Administration.

I also gave a very high level overview of some traditional 3rd party monitoring products and briefly explained why (according to your needs) you might wish to consider making use of PowerShell to perform basic monitoring of your Exchange environment – if you are on a tight budget or do not have the resource to configure and maintain an additional product.

In this part I will add the following functionality to the script that we started in Part 1;

  • Checking CPU Utilisation
  • Checking Free Memory
  • Checking Event Logs
  • Checking each server for specific Exchange Roles and executing the relevant tests

Check CPU Utilisation

The check_CPU function within the script is designed to connect remotely to the WMI namespace of an Exchange Server and retrieve a sample value (typically the last minute) of current CPU utilisation (this is per CPU or per CPU / Per Core).

The check_CPU function is called from the pingServers function (which we defined in Part 1). It is only executed if the server which is referenced in the ExchangeServers.txt file (see part 1) replies to a ping request (StatusCode 0 from the Win32_PingStatusWMI class).

The check_CPU function makes use of a “Foreach” loop to retrieve each Exchange server from the ExchangeServers.txt file. Each server name is passed as a parameter to the “Get-WmiObject” cmdlet which gets the Win32_Processor data for that server into a variable called $cpuS.

Another “Foreach” loop cycles through the CPU’s within the $cpuS variable and gets individual CPU information into another variable called $proc.

There is an IF statement which compares the last measured value of CPU LoadPercentage (which is contained in$proc) with the $CPU_UpperLeverPercentage Global constant. If the LoadPercentage value exceeds the threshold value then an e-mail is sent to the administrator using the SMTPAlertMessage function.

functioncheck_CPU(){

Foreach ($exMacin$ExServers){

$cpuS=Get-WmiObject-ComputerName$exMacWin32_Processor

Write-Host"Checking $exMac CPU Load"-ForegroundColorGreen

foreach ($procin$cpuS){

Write-Host"Checking CPU: $proc"

Write-Host$proc.LoadPercentage -ForegroundColorWhite

If($proc.LoadPercentage -gt$CPU_UpperLeverPercentage){

$procTot=$proc.LoadPercentage

$MessBody="<b>Exchange Server CPU Load for $proc is over defined threshold of $CPU_UpperLeverPercentage with a value of $procTot for the sample period</b>"

SMTPAlertMessage"Exchange CPU is over threshold size"$MessBody

}

}

}

}

Check Memory Utilisation

The check_Mem function within the script is designed to connect remotely to the WMI namespace of an Exchange Server and retrieve a value of the current amount of RAM which is free.

The check_Mem function is called from the pingServers function and just like check_CPU It is only executed if the server which is referenced in the ExchangeServers.txt file (see part 1) replies to a ping request.

The check_Mem function makes use of a “Foreach” loop to retrieve each Exchange server from the ExchangeServers.txt file. Each server name is passed as a parameter to the “Get-WmiObject” cmdlet which gets the information contained within the Win32_PerfFormattedData_PerfOS_Memoryclass - for that server into a variable called $AvailMem.

There is an IF statement which compares the value of AvailableMBytes (which is contained in$AvailMem) with the $MemoryThreshold Global constant. If the LoadPercentage value exceeds the threshold value then an e-mail is sent to the administrator using the SMTPAlertMessage function.

functioncheck_Mem(){

Foreach ($exMacin$ExServers){

$AvailMem=Get-WmiObject-ComputerName$exMacWin32_PerfFormattedData_PerfOS_Memory

If($AvailMem.AvailableMBytes -lt$MemoryThreshold){

$detMem=$AvailMem.AvailableMBytes

$MessBody="<b>Exchange Server Memory Load is less than defined threshold of $MemoryThreshold with a value of $detMem MBs for the sample period</b>"

SMTPAlertMessage"Exchange Available Memory is lower than threshold size"$MessBody

}

}

}

Get Error Events Function

The purpose of the Error Events function is to retrieve the last 10 error events which are Exchange related from the Application Event log on the target server.

The get_ErrorEvents function is called from checkRoles function (see below) and takes a single parameter called $strServer (which is the server name passed from the ExchangeServers.txt file).

In order to get the last 10 error messages which are Exchange related from the Application Event log the Get-EventLog cmdlet is constructed to use the -LogName-EntryType parameters and to ensure that the returned events are Exchange based a conditional “where” statement is used to filter the output {$_.Source -like"*Exchange*"}.

All of the returned events are places within a variable called $Events.

A “foreach” loop is used to cycle through each event within $Events and whilst the loop progresses a counter ($Count) is incremented.

If $Count goes above 10 – the SMTPAlertMessage is triggered with the following detail of each of the 10 error events being sent to the admin:

  • Entry Type (Error)
  • Source (e.g. MSExchangeIS)
  • The Error Event message

functionget_ErrorEvents($strServer){

$Events=Get-EventLog-computer$strServer-LogName"Application"-EntryType"Error" | where {$_.Source -like"*Exchange*"}

# Count the number of errors

$Count= 0

$MessageBody="<H1>Exchange Related Events</H1><hr><p>There are more than 10 Error events related to Exchange in the Application Event Log - you should review this</p><hr>"

foreach($evtin$Events){

$Count++

}

if ($Count-gt 10){

$retEvents=Get-EventLog-computer$strServer-LogName"Application"-EntryType"Error"-Newest 10 | where {$_.Source -like"*Exchange*"}

foreach($rEvtin$retEvents){

$MessageBody=$MessageBody+"<p><h2>"+$rEvt.EntryType +"</h2></p><p><h3>"+$rEvt.Source +"</h3></p><p>"+$rEvt.Message +"</p>"

}

SMTPAlertMessage"Exchange Server Event Issues"$MessageBody

}

}

Check Roles Function

The purpose of the checkRoles function is to detect which Exchange Roles are resident on the Exchange Server which is passed from the ExchangeServers.txt file. When the roles for each server have been determined – the appropriate testing function is called (we will begin to cover these in part 3). The checkRoles function also calls the get_ErrorEvents function.

The checkRoles function uses a “Foreach” loop to cycle through the names of the servers in the ExchangeServers.txt file, and places the relevant information into a variable called $roleTest using the Get-ExchangeServer cmdlet.

The function then uses 3 “if” test statements to get the Boolean value of:

  • isMailboxServer
  • isHubTransportServer
  • isClientAccessServer

Which is contained in the $roleTest variable.

If any of the above returns $true then the relevant Exchange Role Testing function is called – for example in the case of .isMailboxServer returning $true– the mailBoxRoleTests function is invoked.

functioncheckRoles(){

Foreach($exMacin$ExServers){

$roleTest=Get-ExchangeServer$exMac

Write-Host"Checking Events on: $exMac"-ForegroundColorMagenta

get_ErrorEvents$exMac

if($roleTest.isMailboxServer -eq$true){

Write-Host"Mailbox Role Detected"-ForegroundColorYellow

mailBoxRoleTests$exMac# Defined in the next part

}

if($roleTest.isHubTransportServer -eq$true){

Write-Host"HT Role Detected"-ForegroundColorYellow

HTRoleTest$exMac# Defined in the next part

}

if($roleTest.isClientAccessServer -eq$true){

Write-Host"CAS Role Detected"-ForegroundColorYellow

CASRoleTest$exMac# Defined in the next part

}

}

}

Summary

That completes part two of this series. In this part we have covered how you can check CPU and Memory loads – and report them to the admin when thresholds are exceeded, we have covered how you can retrieve Exchange related events from the Application event logs – and also how you can detect roles on an Exchange server.

In the next part we will define the checkingServices, MailboxRoleTests,DiskspaceTests and backupTests functions.

If you would like to read the other parts in this article series please go to:

Andy Grogan

Share
Published by
Andy Grogan

Recent Posts

What are the potential disadvantages of SSL/TLS?

There’s wide consensus on the benefits of SSL/TLS. However, not as much attention has been given to SSL/TLS disadvantages.

1 day ago

Exploring native software inventory logging in Windows Server

Windows Server has built-software inventory logging that can be very useful. Here’s how to use this little-known feature.

2 days ago

Passwordless authentication: Safer, better, and about time

Passwordless authentication has quickly become one of the primary means by which users access their laptops, phones, and tablets because…

2 days ago

Automated Incident Response in Office 365 ATP simplifies cybersecurity

Microsoft has pumped up Office 365 Advanced Threat Protection with a new feature, Automated Incident Response. Here’s what you need…

2 days ago

IFA 2019: Smart TVs and even smarter wearables unveiled

What will be in your living room or on your wrist this year? It may very likely be one of…

3 days ago

Consider these SD-WAN technologies for faster, more reliable networking

As virtualization becomes a major part of organizations’ infrastructure, these SD-WAN technologies provide faster and more reliable networking solutions.

3 days ago