ralfk/zettelkasten
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
5a108aa2b4
zettelkasten/OneNoteExport/Kommunikationstechnologie/Exchange/04_Active Monitoring.md
Ralf Koop 5a108aa2b4 .
2023-08-25 23:29:11 +02:00

17 KiB
Raw Blame History

Active Monitoring

Dienstag, 12. April 2016

16:55

 

In der PECX wurde dies probiert und dient als Beispiel

Exchange Server PECXMXP01a und PECXMXP01b als DAG Cluster

Als Beispiel dient der Mailbox Space, welcher mit einem Threshold Wert von 175GB viel zu hoch ist

 

Exchange Server 2016 besteht aus der Sicht von Active Monitoring aus mehreren Serverkomponenten und deren Unterteilungen

 

ServerComponent <-> Healthsets <-> Proben <-> Monitor <-> Responder

 

Methode zur Fehler Analyse mit "Top-Down"

  1. Finden der "unhealthy" HealthSets

  2. Finden der "unhealthy" Monitore

  3. Finden der "failed" Probe

  4. Finden der Error-Meldung in der "failed" Probe

 

Get-ServerComponentState -id pecxmxp01a

 

Computergenerierter Alternativtext: \[PS\] C:\\windows\\system32\>Cet---ServerComponentState ---id pecxnxpOta erver Component State PECXMXPØ1A .FUN..PEC ServerWideOf f line Active PECXMXPØ1A .FUN.PEC HubTransport Active PECXMXPØ1A .FUN..PEC FrontendTransport Active PECXMXPØ1A .FUN.PEC Monitoring Active PECXMXPH1A .FUN.PEC BecoveryActionsEnabled Active PECXMXPØ1A .FUN.PEC AutoDiscoverProxy Active PECXMXPØ1A .FUN..PEC ActiveSyncProxy Active PECXMXPØ1A .FUN.PEC EcpProxy Active PECXMXPØ1A .FUN..PEC EwsProxy Active PECXMXPØ1A .FUN.PEC ImapProxy Active PECXMXPH1A .FUN.PEC OabProxy Active PECXMXPØ1A .FUN.PEC OwaProxy Active PECXMXPH1A .FUN.PEC PopProxy Active PECXMXPØ1A .FUN.PEC PushHotificationsProxy Active PECXMXPØ1A .FUN..PEC BpsProxy Active PECXMXPØ1A .FUN.PEC RwsProxy Active PECXMXPØ1A .FUN..PEC BpcProxy Active PECXMXPØ1A ..FUN..PEC UMCallRouter Active PECXMXPH1A .FUN.PEC XropProxy Active PECXMXPØ1A .FUN.PEC HttpProxyAvailabilityCroup Active PECXMXPØ1A .FUN.PEC ForwardSyncDaenon Inactive PECXMXPØ1A .FUN.PEC Provisioningflps Inactive PECXMXPØ1A .FUN..PEC MapiProxy Active PECXMXPØ1A .FUN.PEC EdgeTransport Active PECXMXPØ1A .FUN..PEC HighAvailahility Active PECXMXPØ1A .FUN.PEC SharedCache Active PECXMXPH1A .FUN.PEC MailboxDeliveryProxy Active PECXMXPØ1A .FUN.PEC floutingUpdates Active PECXMXPØ1A .FUN..PEC BestProxy Active PECXMXPØ1A .FUN.PEC DefaultProxy Active{width="10.03125in" height="4.447916666666667in"}

Alle wichtigen auf Active

 

Get-HealthReport -Server pecxmxp01a

Get-HealthReport -Server pecxmxp01a | ? AlertValue -like "unhealthy"

Computergenerierter Alternativtext: \[PS\] C:\\windows\\systen32\>Cet---Healthfleport ---Server pecxnxpøla erver State HealthSet AlertUalue LastTransitionTine MonitorCount ecxnxpøla NotApplicable Activeßync Healthy 3/29/2016 4:19:3\... 2 ecxnxp0la NotApplicable ActiveSync.Protocol Healthy 3/8/2016 4:57:04 PM 7 ecxnxpøla NotApplicable AM_Scheduled Healthy 3/8/2016 3:32:31 PM 10 ecxnxp0la NotApplicable AMScanError Healthy 3/8/2016 3:40:25 PM 10 ecxnxpøla NotApplicable AMMessagesDeferred Healthy 3/8/2016 3:32:31 PM 1 ecxnxp0la NotApplicable AMADError Healthy 3/8/2016 3:35:03 PM 2 ecxnxpøla NotApplicable Conpliance Healthy 3/8/2016 5:15:39 PM 39 ecxnxp0la NotApplicable AMTenantConfigError Healthy 3/8/2016 3:34:22 PM 1 ecxnxpøla NotApplicable AMService Healthy 3/8/2016 3:36:20 PM 6 ecxnxp0la NotApplicable Autodiscover.Pro\... Healthy 3/8/2016 3:37:14 PM 8 ecxnxpøla NotApplicable Monitoring Healthy 3/30/2016 12:12:\... 29 ecxnxp0la NotApplicable DLExpansion Healthy 3/8/2016 3:36:09 PM 3 ecxnxpøla NotApplicable ECP Healthy 3/30/2016 12:09:\... 12 ecxnxp0la NotApplicable AD Healthy 3/8/2016 3:37:30 PM 28 ecxnxpøla NotApplicable EDS Healthy 3/30/2016 12:09:\... 37 ecxnxp0la NotApplicable EtIS.Protocol Healthy 3/8/2016 3:37:21 PM 8 ecxnxpøla NotApplicable AMScanners Healthy 3/8/2016 3:32:31 PM I ecxnxp0la NotApplicable AMßcanTineout Healthy 3/8/2016 3:32:31 PM 2 ecxnxpøla NotApplicable AMEUS Healthy 3/8/2016 3:32:32 PM 1 ecxnxp0la Online UM.Callllouter Healthy 3/8/2016 3:37:02 PM 10 ecxnxpøla NotApplicable UM.Protocol Healthy 3/8/2016 3:36:49 PM 23 ecxnxp0la NotApplicable OAB Healthy 3/8/2016 3:36:32 PM 11 ecxnxpøla NotApplicable O365Criffin Healthy 3/30/2016 12:13:\... 136 ecxnxp0la NotApplicable Cross---Fabric Healthy 3/8/2016 3:34:27 PM 2 ecxnxpøla NotApplicable EAS Healthy 3/8/2016 3:36:03 PM 2 ecxnxp0la NotApplicable Antinalware Healthy 3/8/2016 3:36:13 PM 2 ecxnxpøla NotApplicable Autodiscover Healthy 3/8/2016 4:24:19 PM 3 ecxnxp0la NotApplicable AMßcannerCrash Healthy 3/8/2016 3:32:32 PM 1 ecxnxpøla NotApplicable AMFMSService Healthy 3/8/2016 3:37:20 PM 6 ecxnxp0la NotApplicable FreeBusy Healthy 3/8/2016 3:36:13 PM 2 ecxnxpøla NotApplicable BitlockerDeploynent Healthy 3/8/2016 3:34:47 PM 2 ecxnxp0la NotApplicable ClientAccess.Proxy Healthy 3/8/2016 3:33:44 PM 2 ecxnxpøla Online Transport Healthy 3/8/2016 3:37:03 PM 2 ecxnxp0la NotApplicable EnailManagenent Healthy 3/8/2016 3:37:16 PM 2 ecxnxpøla NotApplicable EventAssistants Healthy 3/14/2016 4:51:0\... 14 ecxnxp0la NotApplicable EUS Healthy 3/8/2016 4:24:19 PM 3 ecxnxpøla NotApplicable ExtendedfleportUeb Healthy 3/8/2016 3:37:15 PM 7 ecxnxp0la NotApplicable FEP Healthy 3/8/2016 3:35:46 PM 2 ecxnxpøla NotApplicable Pf oflps Healthy 3/8/2016 3:37:04 PM 2{width="9.697916666666666in" height="5.385416666666667in"}

Alle Reports sind wichtig und gehören einem Health Set an. Alert Value ist "Healthy" nur einer nicht

Computergenerierter Alternativtext: ecxnxp1a NotApplicable ecxmxp1a NotApplicable ecxnxp1a NotApplicable ecxmxp11a NotApplicable ecxmxpOla NotApplicable ecxmxp1a NotApplicable LogExpoit MailboxAss istants MailboxSpace MailboxStanping MRS MessageTrac ing Healthy Healthy Unhealthy Healthy Healthy Healthy 3/8/2016 3:36:34 PM 2 3/8/2016 3:36:42 PM 3 4/12/2016 5:08:4..,. 6 3/8/2016 3:34:46 PM 3 3/8/2016 3:36:31 PM 2 3/8/2016 3:36:50 PM •?{width="9.291666666666666in" height="0.78125in"}

Die MonitorCount zeigt an, das für "MailboxSpace" = 6 Monitore zuständig sind (HubTransport sind 110). Dies kann man sich anzeigen lassen

 

Get-HealthReport -id PECXmxp01a -HealthSet MailboxSpace | fl *

 

Computergenerierter Alternativtext: \[PSI C:\\windows\\systen32\>Cet---Healthfleport ---Id PECXnxpOla ---HealthSet MailboxSpace : f1 \* SConputerNane : pecxnxp0la.fun.pec unspaceld : cü8ef'?94---6efO---4cba---918a---øa6Obe?990b2 SßhowConputerNane : False erver : PECXnxpOla tate : NotApplicable ealthßet : MailboxSpace ealthCroup : SeruerResources lertUalue : Unhealthy astTransitionTine : 4/12/2016 5:08:44 PM onitorCount : 6 alnpactingMonitorCount : 0 ntries : CMaintenanceFailureMonitor.MailboxSpace. MaintenanceTineoutMonitor.MailboxSpace DatabaseSizeMonitor. StorageLogicalDriueßpaceMonitor. DatabaseSizeMonitor, StorageLogicaiDriveSpaceMonitor) Identity : MailboxSpace\\PECXnxpOla IsUalid : True bjectState : New{width="9.9375in" height="2.6770833333333335in"}

 

Get-ServerHealth -server pecxmxp01a -HealthSet MailboxSpace | ft -AutoSize

 

Computergenerierter Alternativtext: \[PS\] C:\\windows\\systen32\>Get---ServerHealth ---server pecxnxpøla ---HealthSet MailhoxSpace : ft ---AutoSize erver State Nane Targetilesource HealthSetNane AlertUalue ServerConponent )ecxnxpøla NotApplicable MaintenanceFailureMonitor..MailboxSpace MailboxSpace Healthy None ecxnxpøla NotApplicable MaintenanceTineoutMonitor.MailboxSpace MailboxSpace Healthy None )ecxnxpøla NotApplicable DatabaseSizeMonitor DBO1DACOOÍ MailboxSpace Healthy None )ecxnxpøla NotApplicable StorageLogicalDriveSpaceMonitor DBO1DACOO1 MailboxSpace Unhealthy None ecxnxpøla NotApplicable DatabaseSizeMonitor DBO1DA0002 MailboxSpace Healthy None )ecxnxpøla NotApplicable StorageLogicalDriveSpaceMonitor DBØ1DACØØ2 MailboxSpace Unhealthy None{width="10.020833333333334in" height="1.4583333333333333in"}

Der Monitor "StorageLogicalDriveSpaceMonitor" für alle Datenbanken ist Unhealthy. Genauer ist es anzuzeigen mit

 

Get-ServerHealth -id pecxmxp01a -HealthSet MailboxSpace | ? name -like "StorageLogicalDriveSpaceMonitor" | fl *

 

Computergenerierter Alternativtext: {width="10.0in" height="4.635416666666667in"}

 

Jetzt kann man sich noch die einzelnen Komponenten vom "MailboxSpace" ansehen

 

Get-MonitoringItemIdentity -server pecxmxp01a -id MailboxSpace | select Name,Healthsetname,Targetresource,itemtype | ft -AutoSize

Get-MonitoringItemIdentity -server pecxmxp01a -id MailboxSpace | ? itemType -eq "Probe" | select Name,Healthsetname,Targetresource,itemtype | ft -AutoSize

 

Computergenerierter Alternativtext: \[PS\] C:\\windows\\systen32\>Get---Monitoringltenldentity ---server pecxnxpøla ---id MailboxSpace : select Server,.nane,Healthsetna w.Targetresource,itentype : it ---AutoSize Nane HealthSetNane TargetResource ItenType ecxnxpøla DatabaseSpaceProbe Mailboxßpace DDØIDACØØ2 Probe ecxnxpøla DatabaseßpaceProbe MailboxSpace DBO1DACOO1 Probe ecxnxpøla MaintenanceFailureMonitor.MailboxSpace MailboxSpace Monitor ecxnxpøla MaintenanceTineoutMonitor..Mailboxßpace MailboxSpace Monitor ecxnxpøla DatabaseSizeMonitor MailboxSpace DBØIDACØØ2 Monitor ecxnxpøia StorageLogicalDriveßpaceMonitor Mailboxßpace DBO1DACOO2 Monitor ecxnxpøla DatabaseSizeMonitor MailboxSpace DDØIDACØØI Monitor ecxnxpøia StorageLogicalDriveßpaceMonitor Mailboxßpace DBO1DACOOÍ Monitor ecxnxpøla MaintenanceFailureEscalate .MailboxSpace Mailboxßpace PECXMXPØIA Responder ecxnxp@la MaintenanceTineoutEscalate .MailboxSpace MailboxSpace PECXMXPOÍA Responder ecxnxpøla DatabaseSizeProvisioning MailboxSpace DBØIDACØØ2 Responder ecxnxp@la DatabaseSizeEscalate MailboxSpace DBO1DAGOO2 Responder ecxnxpøla StorageLogicalDriveSpaceEscalate MailboxSpace DBØIDACØØ2 Responder ecxnxp@ia DatabaseSizeProvisioning MailboxSpace DBO1DACOOÍ Responder ecxnxpøla DatabaseSizeEscalate MailboxSpace DDØIDACØØI Responder ecxnxp@ia StorageLogicalDriveSpaceEscalate MailboxSpace DBO1DACOO1 Responder ecxnxpøla MailboxSpaceMaintenanceUorkiten MailboxSpace Maintenance{width="10.041666666666666in" height="2.8854166666666665in"}

 

Computergenerierter Alternativtext: \[PS\] C:\\windows\\systen32\>Get---MonitokingItenIdentit9 ---server pecxnxp1a ---id MailboxSpace : ? itemType ---eq "Probe" : selec name.Hea1thsetnane.Targetresource..itentpe : ft ---AutoSize ane HealthSetNane Targetflesource ItenT9pe atabaseSpaceProbe MailboxSpace DB1DACØØ2 Probe atabaseSpaceProbe MailboxSpace DBI1DACø1 Probe{width="10.03125in" height="1.0208333333333333in"}

 

Die Proben geben dem Monitor einen Status, dieser versucht mit dem Responder das Problem zu beheben oder einen Alert zu signalisieren.

 

Anzeigen der Definition

(get-winEvent -Logname Microsoft-Exchange-ActiveMonitoring/ProbeDefinition | % {[XML]$_.toXml()}).event.userData.eventXML | ?{$_.Name -like "DatabaseSpaceProbe"}

 

Computergenerierter Alternativtext: \[PS\] C:\\windows\\systen32\>(get---winEuent ---Lognane Microsoft---Exchange---ActiueMonitorinq/ProbeDefinition : z (\[XML\]S\_.toXnl() )Levent..userData..euentXML : ?{\$\_..Nane ---like 'DatabaseßpaceProbe") auto---ns2 : http://schenas.nicrosoft.con/win/2004/08/euents xnlns : nyNs Id : 138 flssenblyPath : D:\\Progran Files\\Microsoft\\Exchange Seruer',v15\\Bin\\Microsoft.Exchange.Monitoring.ActiueMonitorinq.Local.Conponents.dll FypeNane : Microsoft.Exchange.Monitoring.ActiveMonitoring.MailboxSpace.Probes.DatabaseSpaceProbe Nane : DatabaseSpaceProbe blorkltenUersion : \[null\] SeruiceNane : MailboxSpace Deploynentld : 0 ExecutionLocation : \[null\] GreatedTine : 2016---04---12T15:08:38..5144226Z Enabled : \]. TargetPartition : \[null\] TargetGroup : \[null\] Targetflesource : DUO1DACOO1 TargetExtension : Sd5bdb@5---ObdS---43cd---beb9---?35da61?@@f? FargetUersion : \[null\] Recurrence InterualSeconds : 1800 Fineoutßeconds : 120 StartTine : 2016---04---12T15:24:39.5144226Z IipdateTine : 2016---04---04T08:43:32.2433101Z Maxlletryflttenpts : 3 ExtensionAttributes : \[null\] CreatedByld : 81 flccount : \[null\] AccountDisplayNane : \[null\] Endpoint : \[null\] SecondaryAccount : \[null\] SecondaryAccountDisplayNane : \[null\] SecondaryEndpoint : \[null\] ExtensionEndpoints : \[null\] Uersion : 65536 ExecutionType : 0{width="10.0in" height="4.84375in"}

 

Man kann sich die kompletten Definition laden und danach alle anzeigen lassen

 

Beispiel Responder Definitions

$ResponderDef = (get-winEvent -Logname Microsoft-Exchange-ActiveMonitoring/ResponderDefinition | % {[XML]$_.toXml()}).event.userData.eventXML

$ResponderDef | ? Name -eq "StorageLogicalDriveSpaceEscalate"

Computergenerierter Alternativtext: Mark Machine: PECXMXPO1A.FUN.PEC \_\_\_\_ ) . \<\[XML\]\$\_.toXnlO)).event.userData.eventxML \[PS\] C:\\windows\\systen32\>\$DataSpace : ? Nane ---eq "StorageLogicalDriveßpaceEscalate' uto---ns2 http://schenas.nicrosoft.con/win/2004/08/events nlns t nyNs Id 1889 ssenblyPath D:\\Progran Piles\\Microsoft\\Exchange Server\\vlS\\Bin\\Microsof t .Exchange .Monitoring.ActiveMonitoring.Local.Conponents .dll ypeNane g Microsoft .Exchange .Monitoring.ActiveMonitoring.ActiveMonitoring.Besponders .EscalateBes ponder ane : StorageLogicalDriveßpaceEscalate orkltenUersiori \[null\] ero iceNane t MailboxSpace eploynentld ; 0 xecut ionLocat ion \[null\] reatedTine 2016---04---1ST1O:08:25.1'760525Z nabled g 1 argetPartitior t \[null\] argetGroup : \[null\] argetflesource DBO1DAGOO1 argetExtensior t \[null\] argetUersion : \[null\] ecurrencelntervalßeconds : 0 ineoutSeconds : 300 tartTine : 2016---04---1ST1O:08:25.1?60525Z pdateTine : 2016---03---31T16:23:1?.2?27741Z axlletryAttenpts : 3 xtensionAttributes : \<ExtensionAttributes LoadFronflesourceAttributeUalue&Falsefl /\> lertMask : StorageLogicalDriveßpaceMonitor/DBO1DAGOO1 aitlntervalSeconds : 14400 ininunßecondsHetweenEscalates : 14400 scalationSubject : \[DataProtection Alert\] (PECXMXPO1A) Database 'DUOlDACOOl' is low on log volune space scalationMessage : Database 'DBOlDAGOOl' is low on log volune space. {Probe.StateAttributel) scalationService : \[null\] scalationTean : High Availability otificationServiceClass : 2 ailySchedulePattern : Pacific Standard Tine/Monday.Tuesday,.Llednesday,Thursday,Friday,Saturday,Sunday/00:00/23 :59 lwaysEscalateOnMonitorChanges : 0 ndpoint : \[null\] reatedHyld : 81 ccount : \[null\] lertTypeld : StorageLogicalDriveßpaceMonitor argetHealthState : 3 orrelatedMonitorsXnl : \[null\] ctionOnCorrelatedMonitors : 0 esponderCategory : \[null\] hrottleGroupNane : \[null\] hrottlePolicyXnl : \[null\] tion O{width="10.083333333333334in" height="6.760416666666667in"}

 

Mit einem Invoke kann man auch manuell eine Probe starten

Invoke-MonitoringProbe -Identity MailboxSpace\DatabaseSpaceProbe\DB01DAG001 -Server PECXMXP01a

Computergenerierter Alternativtext: LPi C:\\windows\\system32)Invoice---FlonitoringProbe ---Identity Mai1boxpace\\DatabasepaceProbe\\DB1DAG1 ---server PECXI1XP1a Ionitorldentity StartTime EndTine Result Error Exce ptio n lailboxSpace\\DatahaseSpaceProbe\\DB1D\... 4/15/2016 2:\... 4/15/2016 2:\... Succeeded{width="10.020833333333334in" height="0.96875in"}

 

Ergebnis steht im Event Log

Computergenerierter Alternativtext: --- Forwarded Events rInvokeNowRuft Number of events: 18 Level C\]) information CD Information Cij Information ij Information f3 Information (\]) Information Warning ! Warning 63 Information ! Warning Date and Time 4/15/2016 4:35:05 PM 4/15/2016 4:34:59 PM 4/15/2016 4:34:59 PM 4/15/2016 4:13:01 PM 4/15/20164:12:54 PM 4/15/2016 4:12:54 PM 4/15/2016 2:06:58 PM 4/15/2016 2:0&.54 PM 4/15/20162:06:53 PM 4/15/2016 1:54:16 PM A L Applications and Services Logs Hardware Events Internet Explorer Key Management Service E McAfee Anti-Virus File System Filter Driver --- A j Microsoft A Z Exchange A J. ActiveMonitoring MaintenanceDefinition MaintenanceResult LI MonitorDefinition MonitorResult U ProbeDefinition EI ProbeResult \[\] ResponderDefinition E \[j ResponderResult r E Compliance j E DxStoreHA E ESE i E HighAvailability E MailboxAssistants j E\_ MailboxDatabaseFailureltems A Z ManagedAvailability lnvokeNowRequest lnvokeNowResult Monitoring RecoveryActionLogs LI RecoveryActionResults El RemoteActionLogs i ManagedAvailability ManagedAvailability ManagedAvailability ManagedAvailability ManagedAvailability ManagedAvailability ManagedAvailability ManagedAvailability ManagedAvailability ManagedAvailability Event ID Task Category 2005 InvokeNow 2003 InvokeNow 2002 InvokeNow 2005 InvokeNow 2003 InvokeNow 2002 InvokeNow 2006 InvokeNow 2004 InvokeNow 2002 InvokeNow 2006 InvokeNow X Event 2005, ManagedAvailability General f5taiiTL Friendly View @' XML View xmlns="myNs"\> \<Id \>5Oc5fc3ccÍ4c4fae219d72ebe2açfId\> \<TypeName /\> \<AssemblyPath /\> \<Monitorldentity\>MailhoxSpace\\DatabaseSpaceProbe\\DIŠO1DACOO1 \</Monitorldentity\> \<PropertyBag\>\<Properties\> \<ServiceName\>MailboxSpace\</ServiceName\> \<Name \>DatabaseSpaceProbe\</ Name\> \<TarqetResource\>DBO1DAGOO1\</TarqetResource\>\</Properties\> \</PropertyBag\> \<ExtensionAttributes I\> \<RequestTime\>4/15/2016 4:34:30 PM4RequestTime\> \<State \>MonitorlnvokeFinished \</State\> cReci ilt\>S..rreedd c/Reci jIt'\> A{width="12.0in" height="6.0in"}

Mit einer Eindeutigen ID, wonach dieser ggf gesucht werden kann

 

 

 

Oder man schaut ins Event Log