Management

Subscribe to Blog via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 785 other subscribers

Social

  • LinkedIn
  • RSS Feed for Posts
  • Twitter
  • StumbleUpon

Enable protocol logging for better troubleshooting.

Here you find a powershell script which was very useful for me.

All scripts are free of charge, use them at your own risk :


Protocol logging is very useful, when troubleshooting e-mail problems.

When you enable protocol logging, every communication between 2 servers is logged.
In these logs you can check what the mail flow errors are between the 2 servers.

You need to enable protocol logging on the send or receive connector.
Before you enable the logging, you need to set the logging Quota on the transport server

Set a 2 GB Quota on server XCH01 :

Set-TransportServer XCH01 -SendProtocolLogMaxDirectorySize 2GB -ReceiveProtocolLogMaxDirectorySize 2GB

First check the Quota setting

Get-TransportServer XCH01 | select *protocollog*

Output :

IntraOrgConnectorProtocolLoggingLevel : None
ReceiveProtocolLogMaxAge : 30.00:00:00
ReceiveProtocolLogMaxDirectorySize : 2 GB (1,073,741,824 bytes)
ReceiveProtocolLogMaxFileSize : 10 MB (10,485,760 bytes)
ReceiveProtocolLogPath : C:\Program Files\Microsoft\Exchange Server\V14\TransportRoles\Logs\ProtocolLog\SmtpReceive
SendProtocolLogMaxAge : 30.00:00:00
SendProtocolLogMaxDirectorySize : 2 GB (1,073,741,824 bytes)
SendProtocolLogMaxFileSize : 10 MB (10,485,760 bytes)
SendProtocolLogPath : C:\Program Files\Microsoft\Exchange Server\V14\TransportRoles\Logs\ProtocolLog\SmtpSend
HttpProtocolLogEnabled : False
HttpProtocolLogFilePath :
HttpProtocolLogMaxAge : 7.00:00:00
HttpProtocolLogMaxDirectorySize : 250 MB (262,144,000 bytes)
HttpProtocolLogMaxFileSize : 10 MB (10,485,760 bytes)
HttpProtocolLogLoggingLevel : None

Check the receive connector

Get-ReceiveConnector | select server,name,*protocollogginglevel | sort server | ft -auto

server Name     ProtocolLoggingLevel
—— —-          ——————–
XCH01 test                                       None
XCH01 SharePoint                        None
XCH01 Receive-connector1     None
XCH01    Receive-connector2  None

Check the Send connector

Get-SendConnector | select server,name,*protocollogginglevel | sort server | ft -auto

server Name      ProtocolLoggingLevel
—— —-          ——————–
XCH01 test                                    None
XCH01 SharePoint                     None
XCH01 Send-connector1        None
XCH01    Send-connector2     None

Enable the logging for the receive connector Receive-connector1

Set-ReceiveConnector “Receive-connector1” -ProtocolLoggingLevel Verbose

Enable the logging for the receive connector Send-connector1

Set-SendConnector “Send-connector1” -ProtocolLoggingLevel Verbose

Check the receive connector

Get-ReceiveConnector | select server,name,*protocollogginglevel | sort server | ft –auto

server Name     ProtocolLoggingLevel
—— —-          ——————–
XCH01 test                                            None
XCH01 SharePoint                             None
XCH01 Receive-connector1          Verbose
XCH01    Receive-connector2       None

Check the Send connector

Get-SendConnector | select server,name,*protocollogginglevel | sort server | ft –auto

server Name     ProtocolLoggingLevel
—— —-         ——————–
XCH01 test                                         None
XCH01 SharePoint                          None
XCH01 Send-connector1             Verbose
XCH01    Send-connector2          None

Change the directory :
(Use SmtpReceive or SmtpSend for send or receive loggin)

cd C:\Program Files\Microsoft\Exchange Server\V14\TransportRoles\Logs\ProtocolLog\SmtpSend

Search the log files in this directory, for the Sending of Receiving domain (vspbreda.nl)

[PS] C:\Program Files\Microsoft\Exchange Server\V14\TransportRoles\Logs\ProtocolLog\SmtpSend>Get-ChildItem | Select-String -Pattern “vspbreda.nl”

Output:
SEND20130704-1.LOG:32:2013-07-04T19:38:36.535Z,Send-connector1,08D018A6EF8DF0FD,9,172.16.1.16:9206,172.16.1.18:25,>,RCPT TO:<NoReply@vspbreda.nl>,
SEND20130704-1.LOG:33:2013-07-04T19:38:36.535Z,Send-connector1,08D018A6EF8DF0FD,10,172.16.1.16:9206,172.16.1.18:25,<,250 recipient ok <NoReply@vspbreda.nl>,

This means that you have to open the file(s) SEND20130704-1.LOG

[PS] C:\Program Files\Microsoft\Exchange Server\V14\TransportRoles\Logs\ProtocolLog\SmtpSend>

Open the SEND20130704-1.LOG file retrieved in the Get-ChildItem command

Search for the Domain vspbreda.nl
2013-07-04T19:38:36.535Z,Send-connector1,08D018A6EF8DF0FD,0,,172.16.1.18:25,*,,attempting to connect
2013-07-04T19:38:36.535Z,Send-connector1,08D018A6EF8DF0FD,1,172.16.1.16:9206,172.16.1.18:25,+,,
2013-07-04T19:38:36.535Z,Send-connector1,08D018A6EF8DF0FD,2,172.16.1.16:9206,172.16.1.18:25,<,220 mail.Domain.com ESMTP Send-connector1 (v6.9.9.4075) Ready,
2013-07-04T19:38:36.535Z,Send-connector1,08D018A6EF8DF0FD,3,172.16.1.16:9206,172.16.1.18:25,>,EHLO mail.Domain.com,
2013-07-04T19:38:36.535Z,Send-connector1,08D018A6EF8DF0FD,4,172.16.1.16:9206,172.16.1.18:25,<,250-mail.Domain.com Hello mail.Domain.com (172.16.1.16),
2013-07-04T19:38:36.535Z,Send-connector1,08D018A6EF8DF0FD,5,172.16.1.16:9206,172.16.1.18:25,<,250 SIZE,
2013-07-04T19:38:36.535Z,Send-connector1,08D018A6EF8DF0FD,6,172.16.1.16:9206,172.16.1.18:25,*,4287459,sending message
2013-07-04T19:38:36.535Z,Send-connector1,08D018A6EF8DF0FD,7,172.16.1.16:9206,172.16.1.18:25,>,MAIL FROM:<NoReply@Domain.com> SIZE=38558,
2013-07-04T19:38:36.535Z,Send-connector1,08D018A6EF8DF0FD,8,172.16.1.16:9206,172.16.1.18:25,<,250 sender ok <NoReply@Domain.com>,
2013-07-04T19:38:36.535Z,Send-connector1,08D018A6EF8DF0FD,9,172.16.1.16:9206,172.16.1.18:25,>,RCPT TO:<NoReply@vspbreda.nl>,
2013-07-04T19:38:36.535Z,Send-connector1,08D018A6EF8DF0FD,10,172.16.1.16:9206,172.16.1.18:25,<,250 recipient ok <NoReply@vspbreda.nl>,
2013-07-04T19:38:36.535Z,Send-connector1,08D018A6EF8DF0FD,11,172.16.1.16:9206,172.16.1.18:25,>,DATA,
2013-07-04T19:38:36.535Z,Send-connector1,08D018A6EF8DF0FD,12,172.16.1.16:9206,172.16.1.18:25,<,”354 send the mail data, end with .”,
2013-07-04T19:38:36.613Z,Send-connector1,08D018A6EF8DF0FD,13,172.16.1.16:9206,172.16.1.18:25,<,250 B51d5cf3c0000 Message accepted for delivery,
2013-07-04T19:38:36.613Z,Send-connector1,08D018A6EF8DF0FD,14,172.16.1.16:9206,172.16.1.18:25,>,QUIT,
2013-07-04T19:38:36.613Z,Send-connector1,08D018A6EF8DF0FD,15,172.16.1.16:9206,172.16.1.18:25,<,221 mail.Domain.com closing connection,
2013-07-04T19:38:36.613Z,Send-connector1,08D018A6EF8DF0FD,16,172.16.1.16:9206,172.16.1.18:25,-,,Local

In this case the message has been delivered successfully.

For better reading possibility, you can use the export to csv option :

$results = Get-ChildItem | Select-String -Pattern “vspbreda.nl”
$results | select line | Export-Csv -NoTypeInformation c:\scripts\results.csv

Output:
“Line”
“2013-07-04T19:38:36.535Z,Send-connector1,08D018A6EF8DF0FD,9,172.16.1.16:9206,172.16.1.18:25,>,RCPT TO:<NoReply@vspbreda.nl>,”
“2013-07-04T19:38:36.535Z,Send-connector1,08D018A6EF8DF0FD,10,172.16.1.16:9206,172.16.1.18:25,<,250 recipient ok <NoReply@vspbreda.nl>,”

1 comment to Enable protocol logging for better troubleshooting.

  • Marco Weatherford

    This site really has all thee information I wanted concerning this subject and didn’t know who to ask.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.