Most users have no idea what happens to their email messages after they hit Send. But if a message fails to reach...
its recipient, many ask what went wrong. How does a busy Exchange server admin track down a single email message?
The trick is to use the Exchange Message Tracking tool, which acts like a search engine for your Exchange server, allowing you to search the server's logs to determine if or when a message was delivered. This tip explains the native search tool and a few other ways to diagnose some troublesome message delivery problems.
To use the Exchange Message Tracking tool, open the Exchange Management Console and select the Toolbox container. Once the toolbox opens, click on the Message Tracking option and Exchange server will load the Microsoft Exchange Troubleshooting Assistant.
If you're using the Message Tracking tool for the first time, you'll have to select the update options that you want to use and click Go To Welcome Screen.
The Message Tracking Parameters screen lets you search messages based on a number of message attributes. For example, you can search for messages that were sent by User4 between 8:00 a.m. and noon on a specific day. If you look at the bottom of the window in Figure 1, you'll see that as you populate certain attributes, the console dynamically constructs an Exchange Management Shell command that you can use to perform message tracking from the command line.
If you click Next, the tool will display all of the messages that match your query. Remember, though, that search results are based only on data that has been retrieved from the server's logs (Figure 2). As an administrator, you don't have the ability to open messages that are displayed on the results page. But this page does reveal a wealth of information about the message.
Searching for message-delivery information seems easy enough. But simply knowing where a message went doesn't help to correct any underlying delivery problems.
The cause of an Exchange server delivery problem can be simple -- the recipient's spam filter intercepted a message, for example. Other times, the problem may be on your end -- the message never left your Exchange server. Diagnosing the root cause for this type of mail flow problem can be more difficult.
The Queue Viewer tool
One common cause of mail flow issues is that a corrupt message has blocked the message queue. When this happens, that corrupt message can prevent subsequent messages from passing through the queue. To fix this, Microsoft's Queue Viewer tool can clear an Exchange Server cache and restore mail flow.
To access Queue Viewer, open the Exchange Management Console and select the Toolbox container. When the Toolbox appears, click on the Queue Viewer option. The Queue Viewer will then list one or more mail queues (Figure 3).
Often there are multiple queues, depending on how your Exchange organization is configured and how Exchange is being used. Look at Queue Viewer's columns to determine which queue is causing problems. Each column of the tool lists the message count, the time of the next retry and the last error for each individual message queue.
To track down a queue error, look at the Queue Viewer's Last Error column as well as the Next Retry column. You'll also want to pay attention to the Message Count column. A rapidly rising message count can be an indication that a message is caught in the queue. It could also indicate that the server is encountering performance problems and cannot maintain the current workload.
If you look at Figure 3 again, you will notice that the Submission domain is empty. An empty submission queue does not necessarily reflect a problem. Typically, messages pass through the submission queue very quickly. This means that if you have a fast server or a light average workload, then it might be normal for the queue to always appear empty. In contrast, it is also normal for some organizations to almost always have messages in queue.
As you look for errors or rapid increases in the message count, note that Queue Viewer doesn't report Exchange Server's queue status in real time, but instead automatically refreshes periodically. Therefore, the only way to ensure that you're getting a true and current look at the queue's status is to either click Refresh or wait about 30 seconds.
If you suspect that the mail flow problem is due to a message that's stuck in the queue, double-click on the queue to look inside of it. Queue Viewer will display a list of all the messages in the queue (Figure 4). The console also shows you each message and any errors related to individual messages.
Figure 4 shows that there are no errors associated with any messages in the submission queue. However, if a message did contain an error, deleting that message generally will restart the queue's flow. If this doesn't work, you may have to reboot Exchange Server.
The Queue Viewer console, however, doesn't have a Delete button within it, and you can't right-click on a message to delete it. The only way to get rid of an unwanted message is to select it and press the Delete key. When you do, the tool sends an error message informing you that you are about to delete a message. If you complete the deletion, the tool will automatically send a non-delivery report to the sender of that message.
About the author: Brien M. Posey, MCSE, is a six-time recipient of Microsoft's Most Valuable Professional (MVP) award for his work with Exchange Server, Windows Server, Internet Information Services (IIS), and File Systems and Storage. Brien has served as CIO for a nationwide chain of hospitals and was once responsible for the Department of Information Management at Fort Knox. As a freelance technical writer, Brien has written for Microsoft, TechTarget, CNET, ZDNet, MSD2D, Relevant Technologies and other technology companies. You can visit Brien's personal website at www.brienposey.com.
Do you have comments on this tip? Let us know.