Thursday, July 29, 2010

Using the Microsoft Exchange Server User Monitor (ExMon) tool


Why use ExMon?

There’re several reasons why you would want to use ExMon in your environment, like mentioned above you can view, evaluate and gather real-time data about your users, which can be quite handy as it will help you as an Exchange Administrator better understand current client usage patterns and plan ahead by being proactive and perform the proper upgrades for the future.
Although ExMon is capable of showing you quite a comprehensive set of information about your users, you should bear in mind the tool at the time of this writing only is capable of showing MAPI traffic and load, not other protocols such as OWA, POP3 and IMAP.
ExMon is capable of showing information such as IP addresses used by clients, Outlook versions and mode (cached mode or classic online mode) , Outlook client-side monitoring data and resource use (CPU usage, Server-side processor latency, total latency for network and processing with Outlook 2003 MAPI clients and network bytes.

Installing Microsoft Exchange Server User Monitor

Start by grabbing a copy of ExMon here.
Note:ExMon is supported on Exchange 2000 Server SP2 and higher, or Exchange Server 2003 SP1.
Now navigate to C:\Program Files\ExMon and execute ExMon.msi. The ExMon Installation wizard will fire up (seeFigure 1) and you can simply click Next.

Figure 1: Executing the ExMon Installation Wizard
Read and accept the agreement and click Next as shown in Figure 2

Figure 2: 
Reading and accepting the End User Agreement
Now select the Installation folder (default should be just fine) then click Next as in Figure 3.

Figure 3: Specifying the Installation Directory
Let the installation process complete and click Finish.
Figure 4: Finishing the Installation Wizard
Before we can move on and begin playing with the ExMon tool we need to do one more thing, and that is to add two registry keys - RpcEtwTracing and UsePerformanceClock to the registry (see Figure 5). Luckily you don’t have to do this manually as the ExMon installation throws an ExMon.reg file into the installation directory, which you can simply double-click on or run through a command prompt window. It’s mandatory to add these keys in order for ExMon to collect data, and my guess is they will be added automatically as part of the installation wizard in a later ExMon build.

Figure 5: ExMon registry keys

Using ExMon

Now that we got ExMon properly installed let’s fire up the tool by executing the ExMon.exe file from the installation directory (C:\Program Files\ExMon). This will bring us the screen you see in Figure 6 below. As you can see we, when the first update occurs, gets a list of currently connected MAPI clients listed by resource usage.

Figure 6: Tracing MAPI clients in ExMon
As shown in Figure 6 above ExMon by default collects data in one-minute intervals, however this can easily be adjusted by clicking the up and down buttons to the right of Update Interval (min) in the ExMon toolbar. The update interval can be anything between 1 and 30 minutes, if you want it do be more than 30 minutes you should use another data collection method. You can stop or start traces by using the play and stop buttons in the toolbar or alternatively click File > Stop or Start. You can save statistics by clicking the floppy disk icon in the toolbar or File > Save Statistics in the menu.
As you can see in Figure 6 above there are 3 different views to choose between:
View type
Description
By User
Aggregates data about individual user’s consumption of server resources
By Version
Aggregates data about the client MAPI version
By Clientmon
Aggregates data which can help Exchange administrators quantify individual user’s experience with Outlook 2003 (previous Outlook versions is not supported with Clientmon).
Table 1: ExMon View types
Note:Although this article demonstrates how you collect data directly with ExMon (which is the simplest method for short-term data collection) you can as well configure ExMon to collect data with the System Monitor or by using command-line tools. For more details on how this is accomplished see the ExMon documentation located in the ExMon installation directory.
The data collected by ExMon is by default saved in Event Trace Log (.ETL) files in the installation directory (C:\Program Files\ExMon), as can be seen in Figure 7 below.

Figure 7: ExMon Data Collection to Event Trace Log (.ETL) Files

Exporting Data with ExMon

All the data collected by ExMon can be exported to a comma-separated text file (.CSV) which again can be manipulated with a program such as Excel, Access or even SQL Server. This is done by running ExMon in a Command Prompt window with either -SU, -SV or -SC. For example the below command exports the By User data to a .CSV file in a directory named Data under the ExMon installation directory:
ExMon.exe –SU “C:\Program Files\ExMon\data\ByUser.csv”
For further details on exporting ExMon data, again see the ExMon documentation.

The dreaded Unknown StartTrace Error (183) Message

Before you start using the ExMon tool I thought I would tell you about an issue you should be aware of. There have been several cases where different Exchange administrators, when executing ExMon.exe, got an Error 183 message (shown in Figure 8), and actually I also had the pleasure of dealing with it on one of the Exchange 2003 SP1 servers, I’ve been using the tool on (after testing it out in my test lab of course).

Figure 8: Unknown StartTrace Error (183)
The Error 183 message can happen if ExMon crashes or is killed while collecting data, the reason being the Exchange trace continues. Personally I got a bit scared when I saw the trace just continued, but fortunately I later found out it had a limit of 512 MB where the trace will stop collecting automatically. The reason for the 183 error message is quite simple, it’s because when you try to execute ExMon (after a crash or after the process somehow got killed) it will start a new trace, while the old one is still tracing (ExMon only supports one trace at a time).
Alright I don’t want to use this tool unless I know how to fix this problem without rebooting my Exchange production server, I hear you grumble.
I fully understand! I personally had big problems finding out how to stop the Exchange trace, until I was informed of a comment (thanks to Exchange MVP Michael B. Smith) to the ExMon blogpost at You Had Me at EHLO (aka Exchange team blog), where Chris Mitchell (Software Design Engineer from the Microsoft Exchange Performance Engineering Team) did a great comment informing how you can stop a trace using Tracelog.exe which can be found in the Microsoft Driver Development Kit (DDK) for Windows 2000 Server or the Windows Server 2000 Resource Kit. You simply open a command prompt window and execute the following command:
Tracelog -stop “Exchange Event Trace”
Also see Figure 9 below.

Figure 9: Stopping an ExMon trace using Tracelog.exe
Note:Make sure the ExMon.exe process isn’t running while stopping the trace.

No comments:

Post a Comment