Keeping tabs on your network and making sure everything's running right can be quite a difficult task, especially when you're talking about something as complex as Exchange. That's where the Microsoft Operations Manager (MOM) comes in. Here's how you can use it to monitor Exchange.
When I was first studying for my MCSE exams, many moons ago, I distinctly remember that one of the things that impressed me most about Windows NT was the Performance Monitor. I thought that it was a really great idea to have a tool that would allow you to analyze the operating system's internal metrics.
Today, the Performance Monitor still exists, but over time I have begun to realize that using it is a bit impractical except in troubleshooting situations. For one thing, there are hundreds of performance monitor counters that you can monitor. It can be tough to remember what all of those counters mean, and in what situation it's appropriate to look at which counter. More importantly though, I don't know anybody who has the time to do any serious performance monitoring.
The good news is that Microsoft has automated the performance monitoring process with a product named Microsoft Operations Manager, or MOM. MOM runs on a dedicated server and watches over the performance monitor counters on your servers. MOM looks for things like service unavailability, performance threshold, and long term server resource consumption trends. If MOM detects a problem or a condition that could soon cause a problem, it will either take corrective action or alert you to the problem.
One of the best things about MOM though is the fact that it's extensible. Through the use of Management Packs, it is possible to configure MOM to monitor not just Windows, but applications that are running on top of Windows. Some companies, such as HP and Bindview, even make Management Packs that can monitor the server's hardware. In fact, there are over 120 Management Packs available today for various applications, and Microsoft now has a policy of creating a Management Pack for each new server application that they produce.
One of the first Management Packs created for MOM allowed MOM to monitor Microsoft Exchange Server. This really makes sense when you think about it, because I have often heard Exchange Server referred to as the most complicated product that Microsoft makes. Personally, I think that ISA Server is probably Microsoft's most complicated server application, but I digress. In any case, Exchange Server is a complex server application. If you have one or more Exchange Servers in your organization, then it's a really good idea to have MOM watch over them.
MOM tends to be a little on the pricey side (unless you buy the Workgroup Edition), but the Management Packs are free. A MOM Server will set you back $729, plus an extra $539 for every device that you manage. Of course MOM has to run on top of the Windows operating system and also requires SQL Server, so you will need licenses for those as well.
The Workgroup Edition that I mentioned earlier has a limit of ten managed devices (including virtual servers). A copy of MOM Workgroup Edition costs $499.
Configuring MOM to manage Exchange Server
Now that I have talked about what MOM is and how much it'll cost you, you are probably curious about how you can use the Management Packs to manage applications. I'll be up front with you and tell you that some Management Packs are a lot easier to deploy than others. The Exchange Server 2003 Management Pack is one of the most useful Management Packs, but it is also one of the most complicated Management Packs to deploy.
Although it's tempting to simply download and install the Management Pack for Exchange Server, it's better to create some test mailboxes first. The Management Pack can work without the test mailboxes, but you will be able to monitor your Exchange organization in a much more comprehensive manner if you go ahead and create the test mailboxes. The test mailboxes allow MOM to test things like the server's ability to send and receive mail. The idea is that MOM will be able to test and confirm that Exchange Server is working properly, not just infer that the server is working correctly based on information from Performance Monitor counters.
Creating a test mailbox
The first thing that you will have to do is to create a user account. For the purposes of this article, I will be referring to this user account as the mailbox access account. You can call this account anything that you want, but it's a good idea to give some thought to the name that you use for a couple of reasons,
First, you will have to create some other MOM related accounts later on. The account that you are creating right now is special though and you will need to be able to distinguish it from your other MOM related accounts. The other reason why you need to give the name some thought is because the account's password never expires. You don't want to give the account a name like MOM Mailbox Access Account, because any hacker who knows anything about MOM will instantly know that the account is an easy target. I recommend using a name that blends in with the rest of your organization's user account names, such as John Doe.
Initially, you will create this account the same way that you would create any other account. The only things special that you will need to do during the creation phase is to make sure that you create an Exchange mailbox for the account and that you set the account's password to never expire.
After creating the mailbox access account is up and running, you must delegate the account Exchange View Only Administrator privileges. To do so, open the Exchange System Manager, and right click on the Exchange organization. Next, select the Delegate Control command from the shortcut menu. This will cause Windows to launch the Exchange Administration Delegation Wizard. When the wizard opens, click Next to bypass the wizard's Welcome screen. On the following screen, click the Add button and add the mailbox access account to the list as an Exchange View Only Administrator. Click OK, followed by Next and Finish to complete the operation.
You must now create some other mailbox accounts that MOM can use to monitor the various information stores. You will disable the accounts that own the mailboxes, but the mailbox access account that you just created will use the mailboxes to test mail flow across your Exchange organization.
To create the necessary accounts, select a domain controller that has the Exchange System Manager installed and open the Active Directory Users and Computers console When the console opens, right click on the Users folder and select the New | User commands from the resulting shortcut menus. Windows will now open the New Object â€" User dialog box.
You will now be prompted to enter a name for the account that you are creating. Although you could call the mailbox access account anything that you wanted, you have to abide by a certain naming convention here. The logon name will have to be server_nameMOM, where server_name is the name of the server. For example, if you were creating a test mailbox for an Exchange Server named Tazmania, you'd use the logon name TazmaniaMOM.
If your Exchange Servers contain multiple mailbox stores, then you should create one user account for each store. This will allow MOM to verify that each store is functioning properly. You will still have to use the naming convention that I showed you earlier when creating the accounts, but once the first user account is created on each server, you can follow the account names for the remaining accounts on the server with numbers. For example, if the server Tazmania had two stores, then you could create user accounts named TazmaniaMOM and TazmaniaMOM2. Just make sure that the account names do not exceed 20 characters.
You won't be able to move on to the wizard's next screen until you give the user account a first name. I recommend giving the account a name such as MOM Test Mailbox for the First Mailbox Store on Server Tazmania.
Â Click Next and you will be prompted to enter a password for the account. Don't enter a password. Instead, select the User Cannot Change Password, Password Never Expires, and Account is Disabled check boxes. You must clear the User Must Change Password at Next Login check box.
Click Next and select the Create an Exchange Mailbox. While you are on this screen, make sure that the correct Exchange Server and mailbox store is selected. Click Next to continue. You will now see a summary of the options that you have selected. If everything looks good then click Finish. Repeat this process for any other test mailboxes that you need to create.
Now that you have created the necessary accounts and mailboxes, select the Advanced Features command from the Active Directory Users and Computers console's View menu. Now, right click on one of the accounts that you have just created and select the Properties command from the resulting shortcut menu. When you see the account's properties sheet, select the Exchange Advanced tab and click the Mailbox Rights button, followed by the Add button. Add the mailbox access account that you created earlier and click OK. Grant the mailbox access account Full Mailbox Access rights
At this point, select the Self account from the list. Assign the Associated External Account right to Self and click OK. Next, select the properties sheet's Security tab and click the Add button. Add the mailbox access account to the group or username list. Next, select the mailbox access account and then select the Send As and Receive As check boxes. Click OK and repeat these steps for other test mailboxes that you might have created.
Now that you have created all of the necessary accounts, it's time to get started setting up your MOM Server. As a first step, I recommend installing the Exchange System Manager onto the machine that will be running MOM. Having the System Manager available on this server allows you to fix problems that MOM might report without having to go to a different server.
This would also be a good time to install SQL 2000 (with SP3) if Necessary. SQL 2000 with SP3 is a MOM requirement, but SQL Server doesn't have to be running directly on the MOM Server. If anything, MOM performs better if SQL is running on a different box.
To install MOM, insert the MOM installation CD. When the MOM splash screen appears, click the Check Prerequisites link to make sure that your server is ready for the installation. Once your server passes the prerequisite tests, click the Install Microsoft Operations Manager 2005 link. When Setup begins, click Next to bypass the Setup wizard's Welcome screen. Now, accept the license and click Next once again. You will now be prompted to enter your product key. Enter the key and then click Next and Setup will ask you what type of installation you want to perform. For the purposes of this article, select the Typical option and click Next. Setup will now do one more fast prerequisite check and will prompt you to enter the name of the SQL Server database instance that you want to use for MOM. After making your selection, Setup will ask you for the size and the location of the database files.
At this point, Setup will require you to enter the name of a MOM management group. In case you are wondering, a management group is a collection of at least one MOM Server, the MOM database, and at least one managed computer. You can call the management group anything that you want. Keep in mind though that the name that you choose is permanent, so pick the name carefully.
The next screen that you will see prompts you for a set of user credentials for the Management Server Action Account. This is basically just an account that MOM will use to interact with the computers in the management group. You can use any account you want as long as it has domain admin permissions. After entering these credentials, MOM will prompt you for a set of credentials that it can use to log into the SQL database.
The following screen asks whether you want to send error information to Microsoft. This is entirely up to you. Click Next and you will be asked to confirm that all of the computers in the Active Directory trust each other (they almost always do). Click Next, followed by Install and Setup will begin copying the necessary files. Click Finish when Setup completes.
Deploying MOM agents
Now that you have installed MOM it's time to configure it to manage your Exchange Servers. The first step in doing so is to deploy an agent to each of your Exchange Servers. The default MOM console screen contains an option for installing agents. Click the Install Agents link and MOM will launch the Install / Uninstall Agents wizard. Click Next and a wizard will ask you if you want to browse for a computer or if you would rather enter search criteria. Select the Browse or Type computer names option and then enter the NetBIOS name or the fully qualified domain name of each computer that you want to manage (separate computer names with a space, comma, or semi-colon). After entering the computer names, click Next and you will be asked which account you want to use to deploy the agents with. Enter the credentials for a domain administrator account. You will now be asked which account you want to use as an agent action account. Select the Local System option and click Next. Click Next once more to accept the default installation path and then click Finish. The agents should now be installed. Click Close when agent installation completes.
Installing the Exchange Server Management Pack
If you haven't already downloaded the Exchange Server Management Pack, now is the time to do so. You can download the Exchange Management Pack from http://www.microsoft.com/management/mma/catalog.aspx Keep in mind that there are several different Management Packs for different versions of Exchange. For example, there is a Management Pack for Exchange Server 2003, but you will have to use a different Management Pack if you have a mixture of Exchange 2000 and 2003 servers.
Now it's time to import the Exchange Server Management Pack. To do so, go back to the MOM console and click the Import Management Packs link. When the Management Pack Import wizard starts, click Next, select the Import Management Packs option and click Next again. Select the Exchange Management Pack and click Next again. Click Finish and the Management Pack will be imported. Click Close when the Import operation completes.
The final step in the process is to make MOM aware of the mailbox access account. To do so, click the Start button, followed by All Programs | Exchange Management Pack | Exchange Management Pack Configuration Wizard. The Exchange Management Pack Configuration Wizard is a very simple wizard that among other things will give you the opportunity to specify the login name and password for your mailbox access account. Once the wizard completes and MOM has some time to synchronize, MOM will begin to monitor your Exchange organization.