Exchange Monitoring: Built in Tools for CAS Monitoring in Exchange
Built-in tools for CAS Monitoring in Exchange 2016/2019
With some small and medium size businesses...
Microsoft Exchange Server 2013 has a very different server role architecture than its previous versions. Exchange 2007 and 2010 had 5 server roles: the Mailbox Server role, Client Access role, Hub Transport role, Edge Transport role, and the Unified Messaging role. That is a lot of roles to need to backup. However, Exchange 2013 has greatly reduced the number of server roles down to two: the Mailbox Server Role and the Client Access Server role. All of the other roles, except the edge transport role which is run on a standalone , have been combined within those two roles. When it comes to backing up and restoring Exchange 2013 this makes Exchange Monitoring much easier for administrators.
The Client Access Server role in Exchange Server 2013 is now just a proxy server which handles incoming client connections. The role handles all client requests and routes them to their correct mailbox database. The Client Access Server provides authentication, redirection, as well as proxy services. It supports HTTP, IMAP, POP, and SMTP client access protocols. It will provide some security in which it enforces SSL when communicating with clients. This role does not store any user data or provide any message support of any kind.
This role is also now stateless. That means that it does not matter which Client Access server the client connects to (requests) when there is an array of Client Access servers. All mailbox processing now happens on the Mailbox Server role only. When you are load balancing connections, you can now use cheaper layer 4 load balancing and move away from expensive layer 7 load balancers. Hardware load balancers can now also support many more concurrent connections.
The Mailbox Server role has absorbed many of the previous roles and functionality from Exchange 2010. The role includes functionality from Client Access protocols, mailbox databases, the hub transport service, and the unified messaging components. The mailbox, hub transport, and unified messaging roles now all combined into the Mailbox Server role in Exchange 2013. The main function of this role is now to store mailbox and public folder data, and also provide Unified Messaging functionality and message queuing. The Mailbox Server will communicate with the Client Access Server role and Active Directory and global catalogs; however, the Mailbox Server role will no longer communicate directly with clients.
Exchange Server backups are a critical component of Exchange Monitoring for any organization. The first thing you need to do when planning your Exchange Server 2013 backups is that you need to consider what data you may actually need to restore. When you limit the size of the data that you want to back up, it will decrease the time it takes for the backups to complete, and allows you to have more flexibility with your backup scheduling.
So what is actually required when backing up? Well, let’s go through each role. Starting with the Mailbox server role, you will need to have:- mailbox databases
All this data needs to be restored if you lose a mailbox database server or if there is a corruption in the mailbox server databases. You also need to restore the tracking logs for analysis purposes.
The Client Access server does not need nearly as much data backed up as the mailbox server. This role only needs two pieces in information backed up:- Any server certificates used for Secure Sockets Layer (SSL)
When you replace a Client Access server, you will need to restore the certificates and the IIS configuration to the new server.
You will need to also need to back up the System state and the Active Directory database on Domain Controllers. The system state has local configuration data of the machine and AD DS stores a lot of Exchange server configuration information. That information is required whenever you want to rebuild the server using the Setup /m:RecoverServer switch.
The Volume Shadow Copy Service (VSS) is the backup infrastructure for Windows Server 2008 and new operating systems. This is the mechanism when creating point-in-time copies of your data. You may know this as shadow copy. VSS is used by Exchange Server 2013 to backup and restore the active and passive database copies. In order to backup and restore Exchange databases, both the Microsoft Exchange Information Store service and the Microsoft Exchange Replication service need to be running.
The Exchange server creates the backup with the shadow copy as opposed to the working disk. This way the backup does not interrupt your normal Exchange operations. VSS produces a backup of a volume that will reflect the volume’s state. Meaning that even if data changes while the backup is in progress, the data will reflect the backup will still reflect the single point in time. VSS notifies other services and applications that a backup is about to occur and will be able to prepare by cleaning up the on-disk structures and flushing any caches.
A limitation of VSS is that when using Windows Server Backup, you are only allowed to back up volumes with active mailbox database copies. You will not be able to backup any volumes with passive mailbox database copies. You would most likely need to use a third-party VSS-based application.
When it comes to Windows Server backup, here is a specific list of event IDs that you should be monitoring:
Your Exchange monitoring solution should be tracking all of these event IDs to ensure successful backups.
If you are using a third-party to backup your Exchange 2013 solution, you will need to refer to the vendor documentation. They will provide you with any necessary log information/locations and support.
You need to be monitoring the Microsoft Exchange Information Store and the Microsoft Exchange Replication services. As mentioned previously, both of these services need to be running in order for backups to complete successfully. You should be implementing Exchange monitoring for all Exchange services regardless. Here is a full list of the services, descriptions, dependencies, and requirements for all three roles:
Mailbox Server role:
Client Access Server role:
Edge Transport Server role:
VSS event IDs:
Watch all aspects of your Exchange environment from a single pane of glass: client access, mailbox, and Edge servers; DAGs and databases; network, DNS, and Active Directory connectivity; Outlook, ActiveSync, and EWS client access.
Jonathan is an Information Technology consultant and instructor that specializes in migrations, security audits, new Microsoft technology implementations, and support contracts for Microsoft technologies. Jonathan also has expertise in Office 365 Services including, but not limited to, Azure Active Directory, Exchange Online, Skype for Business/Teams, SharePoint Online/OneDrive, Microsoft Azure/Office 365 Security and Compliance features including alerts, permissions, information classification, data loss prevention, information governance, threat management, data privacy, and reporting.