Removing Symantec Mail Security for Microsoft Exchange 6.5 (SMSMSE) for Microsoft Exchange 2010/2007 after Add or Remove Programs does not work
Manual removal script for Symantec Mail Security for Exchange (SMSMSE) for all versions
When scanning documents through a copier to email, the created emails with the PDF attachments are going to built-in Junk Folder. On the Exchange server I ran the following command in the Exchange powershell Get-OrganizationConfig and look for SCLJunkThreshold this should be set to higher the SCL value the scanned email is coming in as.
The email’s in the Junk Folder had an SCL value of 5, so I ran the following command to change the SCLJunkThreshold.
Set-OrganizationConfig -SCLJunkThreshold 6
Run another Get-OrganizationConfig and confirm the changes took effect.
I needed to gather IOPS information for a Exchange 2010 deployment.
Open Exchange Server Performance Monitor on database server through Exchange Management Console, Toolbox.
Click the + to add counters for the following:
C: D: E:
It should look something like this:
I have been monitoring our Exchange servers on a daily basis for a few weeks, just making it part of my daily monitoring. I have been using the Exchange Server Performance Monitor. On the Mailbox server I have noticed that the Pages/sec has been spiking quite a lot, up to 300 at times. It is averaging about 50. Normally when counters start spiking, something isnt right so i started to look into the counter a little bit to see if i could pin point where the issue was. Since i know paging deals with RAM, this narrows it down quite a bit.
- Pages/sec—The values of this counter should range from 5 to 20. Values consistently higher than 10 are indicative of potential performance problems, whereas values consistently higher than 20 might cause noticeable and significant performance hits. The trend of these values is impacted by the amount of physical memory installed in the server.
- Page Faults/sec—This counter, together with the Memory—Cache Faults/sec and Memory—Transition Faults/sec counters, can provide valuable information about page faults that are not committed to disk. They were not committed to disk because the memory manager allocated those pages to a standby list. Most systems today can handle a large number of page faults, but it is important to correlate these numbers with the Pages/sec counter as well to determine whether Exchange Server is configured with enough memory.
I did some Google searching to try and get some guidelines to go off of as to where these counters should be, and the definitions above seem to be what i was looking for. Based on those numbers there is clearly an issue. Next I opened up Resource Monitor on the Mailbox Server and started watching the Memory. I was actually get some page faults also. Here are some screenshots.
I noticed that physical memory usage was 83% this seemed a little high, but was it causing the issue i was seeing with a lot of page spikes and page faults? I have done some reading on excessive paging in Exchange 2010 and believe the best spot to start off is by increasing the amount of RAM in our mailbox server from 10GB to 16GB. I will update next week with the outcome.
UPDATE: Since adding an additional 6GB of RAM to the mailbox server, pages/sec have dropped from about 50 pages/sec on average to about 10 pages/sec average. According to documentation the acceptable range is 5-20 so I will leave it at 16GB for now, and continue to monitor into the future.
MSExchangeTransport Queues(_total)Retry Remote Delivery Queue Length
-Shows the number of messages in a retry state in the remote delivery queues.
-Shouldn’t exceed 100. We recommend that you check the next hop to determine the causes for queuing.
In my daily monitoring of our Exchange 2010 servers, I glance at the Exchange Server Performance Monitor on both our CAS/HUB server, and the MBX server. This allows me to see any abnormal activity pretty easily with lines on a graph. If there are high spikes, or sustained heightened activity, I will usually investigate. Since ive been working with Exchange I have noticed there are always a substantial amount of messages stuck in the Retry Remote Delivery Queue Length. When I go into Queue Viewer and click the messages tab, I can view all of the messages that are causing the large queue size. Normally this is between 30 and 100 messages. These messages are addressed to recipients that do not exist in our organization with the error 400 4.4.7 Message Delayed, and keep retrying.
So what is causing these queued messages?
Last weekend I updated Exchange to SP2 and UR3 and have been keeping an eye on the server occacionally to make sure its running normal. Today I noticed in the Exchange Server Performance Monitor that there was a lot of spiking and more than normal activity. The extra activity was for the processing, so I went into the task manager to take a look at what process was using it all, as we normally run between 5-10% utilization on this server, and it was spiking up to 60% at times and consuming over 1GB of memory.
I checked out the Event Viewer and didn’t see any errors. There were quite a few warnings from ActiveSync for an iPad device for user dsims, could this be linked to the IIS process issue?
Next I downloaded Process Explorer and located the troubled process and gathered some more info. The IIS worker process was linked back to MSExchangeSyncAppPool. I went into the Performance Graph and noticed something odd, there was a lot of CPU usage and IO and then it stopped, and started again.
At this point, I did a google search for ‘MSExchangeSyncAppPool high memory usage’ and many pages linked back to an issue with iOS devices. Since I know who has the iPad in our company, I messaged them to see if they could take it offline for a while to see if that resolved the issue, which it did.
My concern is why was this process so heavily used? Was it a bug, was the user downloading all of their mail, what caused the issue?
Last weekend I installed SP2 and UR3 onto our Exchange 2010 CAS and Hub Transport servers, along with the mailbox server. Mail flow seemed fine afterwards and I was able to send and receive emails, but sometime over the weekend two services stopped. I started the services Monday morning before everyone got it, but some automated reports ended up not running over the weekend.
Solution 1: I put a powershell script in place that I found online that monitors the Exchange Servers and emails me daily at 8PM through a scheduled task. I will eventually be modifying it to show the hard drive space of all the partitions.
Solution 2: There is a command you can run in the Exchange Management Shell that will show you the status of all the Exchange Services on each server, and show which are running, and which are not. This command is Test-ServicesHealth.
Today I had to remotely wipe a users phone that was setup to our Exchange 2010 server through ActiveSync. I haven’t done this yet, since we are migrating from BlackBerry’s and usually just do a Remote Wipe on the BES server, so I figured I would try it out with ActiveSync and get a documented process and KB article created.
Ran the following commands in the Exchange Management Shell
Get-ActiveSyncDeviceStatistics -Mailbox bstollfus | fl Identity
Identity: internal.domain.com/Information_Systems/SystemsAdmins/Users/Brad Stollfus/ExchangeActiveSyncDevices/SAMSUNGPHD710SAMSUNGA00000F78349FA
Clear-ActiveSyncDevice -Identity internal.domain.com/Information_Systems/SystemsAdmins/Users/Brad Stollfus/ExchangeActiveSyncDevices/SAMSUNGPHD710SAMSUNGA00000F78349FA -NotificationEmailAddress “email@example.com
Initially the wipe didnt work so I rebooted the phone which didnt resolve the issue so I started to look into why. It turns out that because the way ActiveSync works with the remote wipe flag, if the user is disabled in Active Directory, the phone is unable to authenticate (obviously) and the remote wipe flag can not get received by the phone if it is unable to authenticate.
Here is an article that goes into the details a little bit more.