17 KiB
Event Log
Dienstag, 12. April 2016
18:10
Alle Einstellungen Definitionen und Results findet man im Event Log als XML Format. Dabei sind zwei Verzeichnisse wichtig
Unter Exchange / ActiveMonitoring sind alle Definition und Results
Unter Exchange / ManagedAvailability / Monitoring sind alle Ergebnisse und Alarme zu finden, wenn beheben fehlschlägt
{width="3.0833333333333335in" height="4.59375in"}![Computergenerierter Alternativtext: k Event Viewer (Local) p Custom Views A Windows Logs Application Security \[\] Setup (\] System Forwarded Events A Applications and Services Logs Hardware Events ri Internet Explorer \[\] Key Management Service p McAfee Anti-Virus File System Filter Driver A \_ Microsoft A Exchange I \_J ActiveMonitoring i Z Compliance DxStoreHA P Z ESE p Z HighAvailability p MailboxAssistants p Z MailboxDatabaseFailureltems A Z ManagedAvailability InvokeNowRequest lnvokeNowResult M o n ito rin g RecoveryActionLogs RecoveryActionResults RemoteActionLogs StartupNotification S ThrotthngConfig](/ralfk/zettelkasten/media/commit/5a108aa2b4135af0e72d7a64654b59c91b3e7032/OneNoteExport/Kommunikationstechnologie/Exchange/media/image2.png)
{width="3.0416666666666665in" height="5.9375in"}
Im Probe Result stehen die Fehler und Gründe warum ein HealthSet krank ist
Das Event unter ProbeResult zeigt nicht auf den ersten Blick das Problem
![Computergenerierter Alternativtext: A ActiveMonitoring A \[ProbeResult Number of events: 525,624 (!) New events available MaintenanceDefinition MaintenanceResult MonitorDefinition MonitorResult ProbeDefinition ProbeResult ResponderDefinition ResponderResult Compliance l Z DxStoreHA l Ei ESE Ei HighAvailability Z MailboxAssistants l E. MailboxDatabaseFailureltems A J ManagedAvailability lnvokeNowRequest \[\] lnvokeNowResult Monitoring RecoveryActionLogs RecoveryActionResults RemoteActionLogs StartupNotification ThrottlingConfig Z PushNotifications Z Troubleshooters Z Office Server L J Windows MSExchange Management \_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_ Windows PowerShell ; j Subscriptions General Details 4/12/2016 6:33:28 PM 4112/2016 6:32:59 PM 4/12/2016 6:27:59 PM 4/12/2016 6:26:09 PM 4/12/2016 6:23:28 PM 4/12/2016 6:22:59 PM Probe result (Name= MSExchangeDagMgmt/EdbAndLogVolSpace/DBO1 DAGOO1) Log Name: Microsoft-Exchange-ActiveMonitoring/ProbeResult Source: ActiveMonitoring Logged: 4/12/20166:23:43 PM Event ID: 2 Task Category: Probe result Level: Error Keywords: User SYSTEM Computer PECXMXPO1A.FUN.PEC OpCode: Info More Information: Event Loa Online Helo ActiveMonitoring ActiveMonitoring ActiveMonitoring ActiveMonitorinci ActiveMonitoring ActiveMonitoring](/ralfk/zettelkasten/media/commit/5a108aa2b4135af0e72d7a64654b59c91b3e7032/OneNoteExport/Kommunikationstechnologie/Exchange/media/image3.png)
{width="12.072916666666666in" height="6.03125in"}
Log Name: Microsoft-Exchange-ActiveMonitoring/ProbeResult
Source: Microsoft-Exchange-ActiveMonitoring
Date: 4/12/2016 5:53:43 PM
Event ID: 2
Task Category: Probe result
Level: Error
Keywords:
User: SYSTEM
Computer: PECXMXP01A.FUN.PEC
Description:
Probe result (Name=MSExchangeDagMgmt/EdbAndLogVolSpace/DB01DAG001)
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Exchange-ActiveMonitoring" Guid="{ECD64F52-A3BC-47B8-B681-A11B7A1C8770}" />
<EventID>2</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>2</Task>
<Opcode>0</Opcode>
<Keywords>0x800000000000000</Keywords>
<TimeCreated SystemTime="2016-04-12T15:53:43.655194400Z" />
<EventRecordID>5331156</EventRecordID>
<Correlation />
<Execution ProcessID="5028" ThreadID="16608" />
<Channel>Microsoft-Exchange-ActiveMonitoring/ProbeResult</Channel>
<Computer>PECXMXP01A.FUN.PEC</Computer>
<Security UserID="S-1-5-18" />
</System>
<UserData>
<EventXML xmlns:auto-ns2="http://schemas.microsoft.com/win/2004/08/events" xmlns="myNs">
<ResultId>5454135</ResultId>
<ServiceName>MSExchangeDagMgmt</ServiceName>
<IsNotified>1</IsNotified>
<ResultName>MSExchangeDagMgmt/EdbAndLogVolSpace/DB01DAG001</ResultName>
<WorkItemId>-334007459</WorkItemId>
<DeploymentId>0</DeploymentId>
<MachineName>PECXMXP01A</MachineName>
<Error>'DB01DAG001' is low on log volume space [D:\Data\LOG\DB01DAG001]. Current=14.58 GB, Threshold=175.78 GB
'DB01DAG001' is low on EDB volume space [D:\Data\DB\DB01DAG001]. Current=48 GB, Threshold=175.78 GB</Error>
<Exception>[null]</Exception>
<RetryCount>0</RetryCount>
<StateAttribute1>'DB01DAG001' is low on log volume space [D:\Data\LOG\DB01DAG001]. Current=14.58 GB, Threshold=175.78 GB
'DB01DAG001' is low on EDB volume space [D:\Data\DB\DB01DAG001]. Current=48 GB, Threshold=175.78 GB</StateAttribute1>
<StateAttribute2>[null]</StateAttribute2>
<StateAttribute3>[null]</StateAttribute3>
<StateAttribute4>[null]</StateAttribute4>
<StateAttribute5>[null]</StateAttribute5>
<StateAttribute6>0</StateAttribute6>
<StateAttribute7>0</StateAttribute7>
<StateAttribute8>0</StateAttribute8>
<StateAttribute9>0</StateAttribute9>
<StateAttribute10>0</StateAttribute10>
<StateAttribute11>[null]</StateAttribute11>
<StateAttribute12>[null]</StateAttribute12>
<StateAttribute13>[null]</StateAttribute13>
<StateAttribute14>[null]</StateAttribute14>
<StateAttribute15>[null]</StateAttribute15>
<StateAttribute16>0</StateAttribute16>
<StateAttribute17>0</StateAttribute17>
<StateAttribute18>0</StateAttribute18>
<StateAttribute19>0</StateAttribute19>
<StateAttribute20>0</StateAttribute20>
<StateAttribute21>[null]</StateAttribute21>
<StateAttribute22>[null]</StateAttribute22>
<StateAttribute23>[null]</StateAttribute23>
<StateAttribute24>[null]</StateAttribute24>
<StateAttribute25>[null]</StateAttribute25>
<ResultType>4</ResultType>
<ExecutionId>0</ExecutionId>
<ExecutionStartTime>2016-04-12T15:53:43.6551944Z</ExecutionStartTime>
<ExecutionEndTime>2016-04-12T15:53:43.6551944Z</ExecutionEndTime>
<PoisonedCount>0</PoisonedCount>
<ExtensionXml>
</ExtensionXml>
<SampleValue>0</SampleValue>
<ExecutionContext>[null]</ExecutionContext>
<FailureContext>[null]</FailureContext>
<FailureCategory>-1</FailureCategory>
<ScopeName>[null]</ScopeName>
<ScopeType>[null]</ScopeType>
<HealthSetName>[null]</HealthSetName>
<Data>[null]</Data>
<Version>65536</Version>
</EventXML>
</UserData>
</Event>
Unter Monitoring kommt das Event klar rüber
![Computergenerierter Alternativtext: Z ActiveMonitoring " Monitoring Number of events: 1004 ri Level Date and Time Source Event ID Task Category \[1 MaintenanceResult \[1 MonitorDefinition 4/1112016 Œ0&44 PM ManagedAvailability 4 Monitoring r MonitorResult O Error 4/12/2016 5:08:59 PM ManagedAvailability 4 Monitoring L ProbeDefinition (»Information 4/1212016 5:08:44 PM ManagedAvailability 1 Monitoring ProbeResult (»Information 4/12/2016 5:08:44 PM ManagedAvailability 1 Monitoring L ResponderDefinition (»Information 4/12/2016 5:08:44 PM ManagedAvailability 1 Monitoring L ResponderResult (»Information 4/12/2016 5:08:44 PM ManagedAvailability 1 Monitoring t, Ei Compliance (»Information 4/12/2016 5:08:44 PM ManagedAvailability 1 Monitoring g\> i DxStoreHA (»Information 4/12/2016 5:08:44 PM ManagedAvailability 1 Monitoring I\> Z ESE E (»Information 4/12/2016 5:08:44 PM ManagedAvailability 1 Monitoring t, HighAvailability (»Information 4/12/2016 5:08:44 PM ManagedAvailability 1 Monitoring L\> MailboxAssistants ! g\> j MailboxDatabaseFailureltems Event 4, ManagedAvailability X A ManagedAvailability General Details L InvokeNowRequest L InvokeNowResult Database 'DBOlDAGOOl' is low on log volume space. DBO1DAGOO1' is low on log volume space \[D:\\Data\\LOG\\DBO1DAGOO1\]. Current=14.58 GB, Monitoring Threshold= 175.78 GB L RecoveryActionLogs I DBO1DAGOO1 is low on EDB volume space \[D:\\Data\\DB\\DBO1DAGOO1\]. Current=48 GB, Threshold=175.78 GB L RecoveryActionResults E L RemoteActionLogs Log Name: Microsoft-Exchange-ManagedAvailability/Monitoring L StartupNotification Source: ManagedAvailability Logged: 4/12120166:08:44 PM L ThrottlingConfig g\> j PushNotifications Event ID: 4 Task Category: Monitoring g\> Troubleshooters Level: Error Keywords: g\> Ei Office Server User SYSTEM Computer PECXMXPO1A.FUN.PEC g\> i Windows OpCode Info MSExchange Management More Information: Event Loci Online HeIn ri Windows PowerShell ; Subscriptions L](/ralfk/zettelkasten/media/commit/5a108aa2b4135af0e72d7a64654b59c91b3e7032/OneNoteExport/Kommunikationstechnologie/Exchange/media/image4.png)
{width="12.083333333333334in" height="5.958333333333333in"}
Log Name: Microsoft-Exchange-ManagedAvailability/Monitoring
Source: Microsoft-Exchange-ManagedAvailability
Date: 4/12/2016 6:08:44 PM
Event ID: 4
Task Category: Monitoring
Level: Error
Keywords:
User: SYSTEM
Computer: PECXMXP01A.FUN.PEC
Description:
Database 'DB01DAG001' is low on log volume space. 'DB01DAG001' is low on log volume space [D:\Data\LOG\DB01DAG001]. Current=14.58 GB, Threshold=175.78 GB
'DB01DAG001' is low on EDB volume space [D:\Data\DB\DB01DAG001]. Current=48 GB, Threshold=175.78 GB
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Exchange-ManagedAvailability" Guid="{C424A887-A89F-455F-8319-960917152221}" />
<EventID>4</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>2</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2016-04-12T16:08:44.969105900Z" />
<EventRecordID>3004</EventRecordID>
<Correlation />
<Execution ProcessID="21428" ThreadID="22876" />
<Channel>Microsoft-Exchange-ManagedAvailability/Monitoring</Channel>
<Computer>PECXMXP01A.FUN.PEC</Computer>
<Security UserID="S-1-5-18" />
</System>
<UserData>
<EventXML xmlns:auto-ns2="http://schemas.microsoft.com/win/2004/08/events" xmlns="myNs">
<HealthSet>MailboxSpace</HealthSet>
<Subject>[DataProtection Alert] (PECXMXP01A) Database 'DB01DAG001' is low on log volume space</Subject>
<Message>Database 'DB01DAG001' is low on log volume space. 'DB01DAG001' is low on log volume space [D:\Data\LOG\DB01DAG001]. Current=14.58 GB, Threshold=175.78 GB 'DB01DAG001' is low on EDB volume space [D:\Data\DB\DB01DAG001]. Current=48 GB, Threshold=175.78 GB</Message>
<Monitor>StorageLogicalDriveSpaceMonitor/DB01DAG001</Monitor>
</EventXML>
</UserData>
</Event>
Warnungen (ID):
-
Event ID 1310
-
[Quelle:]{.underline} APS.NET 4.0.30319.0
-
[Aufgabenkategorie:]{.underline} Web Event
-
[Links:]{.underline}
-
-
[Prüfung:]{.underline}
-
IIS Manager starten
-
Server --> Sites --> Exchange Back Ende --> ecp --> /ecp Home --> Application Settings --> BinSearchFolders --> Value = C:\Program Files\Microsoft\Exchange Server\V15\bin;C:\Program Files\Microsoft\Exchange Server\V15\bin\CmdletExtensionAgents;C:\Program Files\Microsoft\Exchange Server\V15\ClientAccess\Owa\bin ??
-
%ExchangeInstallDir% in C:\Program Files\Microsoft\Exchange Server\V15\ClientAccess\Owa\web.config vorhanden ??
-
%ExchangeInstallDir% in
-
<!-- -->
-
[Lösung:]{.underline}
-
%ExchangeInstallDir% in Owa durch C:\Program Files\Microsoft\Exchange Server\V15\ ersetzen
-
UpdateCAS.ps1 ausführen (C:\Program Files\Microsoft\Exchange Server\V15\Bin)
-
UpdateConfigFiles.ps1 ausführen, sofern web.config File verändert wurde (C:\Program Files\Microsoft\Exchange Server\V15\Bin\UpdateConfigFiles.ps1)
-
DependentAssemblyGenerator.exe ausführen, um WebAssemblys wiederherzustellen (C:\Program Files\Microsoft\Exchange Server\V15\Bin\DependentAssemblyGenerator.exe)
-
Server neu starten (Warnung ist entfernt)
-
Geholfen hat :
Kopieren der Web.config von einem funktionierendem Exchange Server auf den fehlerhaften Server.
In folgenden Verzeichnissen wurde dies durchgeführt :
C:\Program Files\Microsoft\Exchange Server\V15\FrontEnd\HttpProxy\ews
C:\Program Files\Microsoft\Exchange Server\V15\FrontEnd\HttpProxy\sync
C:\Program Files\Microsoft\Exchange Server\V15\FrontEnd\HttpProxy\oab
die vorhandenen web.config Dateien wurden in web.config.sich umbenannt, damit wir noch eine Sicherung zur Verfügung haben.
-
[Durchgeführt:]{.underline}
-
Prüfungen durchgeführt
-
UpdateCAS ausgeführt
- erfolgreich
-
aktive Datenbanken auf dem Server geprüft
-
4
-
8
-
12
-
16
-
99
-
-
-
[ToDo:]{.underline}
-
Datenbanken verschieben / auf anderen Server aktiv schalten
-
Server neu starten (Freitagmorgen, 28.09.2018)
-
Fehlermeldung noch da? (mehrfaches minütliches Auftreten)
-
-
Event-ID: 1010
- [Quelle:]{.underline} MSExchangeFastSearch
- [Aufgabenkategorie:]{.underline} General
-
[Links:]{.underline}
-
[Fehlermeldung:]{.underline}
-
An Exception was received during a FAST operation (Ausnahme während einer FAST-Operation empfangen)
-
System.ServiceModel.EndpointNotFoundException
-
No Endpoint listening at net.tcp://localhost:3863/Management/98B4E8FF-77D2-4993-8BC2-340F36F5812B12Single.FastServer.FSIndex that could accept the message. (Kein Endpunkt unter net.tcp://localhost:3863/Management/98B4E8FF-77D2-4993-8BC2-340F36F5812B12Single.FastServer.FSIndex gelistet, der die Nachricht empfangen konnte.)
-
-
[Prüfung:]{.underline}
-
laufen die folgenden Dienste fehlerfrei?
-
Microsoft Exchange Search stellt die Indizierung von Postfachinhalten bereit, wodurch die Leistung der Inhaltssuche verbessert wird
-
Microsoft Exchange Search Host Controller stellt Bereitstellungs- und Verwaltungsdienste für Anwendungen auf dem lokalen Exchange-Server bereit
-
<!-- -->-
läuft der search index einwandfrei?
- Get-MailboxDatabaseCopyStatus | ft name,contentindexstate -AutoSize
<!-- -->- incorrect address or SOAP action. See InnerException, if present, for more details. (falsche Adresse oder SOAP-Aktion. Mehr Details in der InnerException.)
-
-
[Lösungsmöglichkeit:]{.underline}
-
Dienste neu starten
-
search index neu erstellen
-
falls Exchange-Server als Teil einer DAG
a. Update-MailboxDatabaseCopy -Identity DBX\MSX004 -CatalogOnly
<!-- -->-
manuell neu erstellen
a. Services stoppen (Stop-Service MSExchangeFastSearch, Stop-Service HostControllerService)
b. CI-Katalog-Ordner löschen oder verschieben (Get-MailboxDatabase DBX | ft edbfilepath)
c. Services starten
-
<!-- -->-
installconfig.ps1 durchführen
-
Dienste stoppen
-
Verzeichnisse unter C:\Program Files\Microsoft\Exchange Server\V15\Bin\Search\Ceres\HostController\Data\Nodes\Fsis löschen
-
in Power Shell Verzeichnis C:\Program Files\Microsoft\Exchange Server\V15\Bin\Search\Ceres\Installer aufrufen
-
Installationsbefehl ausführen: ./installconfig.ps1 -action I -datafolder "C:\Program Files\Microsoft\Exchange Server\V15\Bin\Search\Ceres\HostController\Data"
-
Dienste neu starten
-
-
- [Durchgeführt:]{.underline}
-
[ToDo:]{.underline}
- Fehlerbehebung noch vorhanden? (mehrfaches minütliches Auftreten)
- [[Fehlerbehebung erfolgreich durch:]{.underline}]{.mark}