Skip to main content

Building a Better Link Monitor using WMI – Exchange 2003

Someone asked me a question last week about using the Queue class’s in Exchange 2003 and this got me thinking about link monitors. Link monitors are a little bit old terminology these days although I really used to like the old site and link monitors in Exchange 5.5 especially the visual representation. Now there are monitors on Exchange 2003 and while useful they are really lacking in being able to tell you if there actually is a problem and what that problem might be.

So I decided to see if I could build a better link monitor that would one tell me when there is a problem and also let me know in the warning email what that problem might be. Eg if there are lot of messages queuing up send me a dump of what the message queues looks like and tell me what messages are in the queue. Then with any luck I can tell from the email if there really is a problem that I might need to look at or if its just a temporarily large volume of email being sent. Eg the first thing you do when you get a warning about a problem with mail queues is to go and check what’s in them so I was trying to cut this step out.

So the solution I put together was a script that would listen for modification events on the Exchange_SMTPQueue Wmi class with a filter so it would only take action when the number of message in any of the queues went over a configured threshold. When the threshold is reached it would query all queues on the box and build a html table of the results and it would also then enumerate the messages in the queues that were over threshold and create a html table of the result of this enumeration. The html tables would then form the body of an alert email which would be sent. To stop the script sending email every update period which is about every 15 seconds or so the script tracks the last time an alert was sent so it will only send 1 alert per hour if the queues are still over threshold.

The script itself uses 3 WMI queries the first query listens for the Queue modification events. The second query enumerates the queues the third query enumerates the messages within a queue that are over threshold. A mail is then sent over SMTP using CDOEX/CDOSYS. The script itself can be run locally or remotely as long as there is CDOEX or CDOSYS installed on avaible on the machine to send the message.

To use the script you need to configure four things within the script the first is the computer name the second is the email address its sending from the email address its sending to and the server its sending through so the following 4 lines needs to be customised.

cComputerName = "."
objEmail.From = ""
objEmail.To = ""
objEmail.Configuration.Fields.Item("") = "Servername"
I’ve put a download copy of the script here the script itself looks like

cComputerName = "."
MessageThreshold = 5
LastAlertSent = dateadd("h",-1,now())
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate}!\\" & _
cComputerName & "\root\MicrosoftExchangeV2")
Set colMonitoredEvents = objWMIService.ExecNotificationQuery _
("SELECT * FROM __InstanceOperationEvent WITHIN 10 WHERE " _
& "Targetinstance ISA 'Exchange_SMTPQueue' and TargetInstance.MessageCount >= "
& MessageThreshold)
Set objLatestEvent = colMonitoredEvents.NextEvent
Wscript.echo now() & " " & objLatestEvent.TargetInstance.LinkName & " " &
objLatestEvent.TargetInstance.MessageCount & " " &
if LastAlertSent < dateadd("h",-1,now()) then
call EnumSMTPQueues()
LastAlertSent = now()
end if

sub EnumSMTPQueues()
Const cWMINameSpace = "root/MicrosoftExchangeV2"
Const cWMIInstance = "Exchange_SMTPQueue"
HtmlMsgbody = "<table border=""1"" width=""100%"" cellpadding=""0"" bordercolor=""#000000""><tr><td
bordercolor=""#FFFFFF"" align=""center"" bgcolor=""#000080"">" _
& "<b><font color=""#FFFFFF"">Queue Name</font></b></td><td bordercolor=""#FFFFFF""
align=""center"" bgcolor=""#000080""<b><font color=""#FFFFFF"">Message
Count</font></b></td>" _
& "<td bordercolor=""#FFFFFF"" align=""center"" bgcolor=""#000080""><b><font
color=""#FFFFFF"">Queue Size</font></b></td></tr>"
strWinMgmts = "winmgmts:{impersonationLevel=impersonate}!//"& _
Set objWMIExchange = GetObject(strWinMgmts)
If Err.Number <> 0 Then
WScript.Echo "ERROR: Unable to connect to the WMI namespace."
Set listExchange_PublicFolders = objWMIExchange.InstancesOf(cWMIInstance)
For Each objExchange_SMTPQueue in listExchange_PublicFolders
HtmlMsgbody = HtmlMsgbody & "<tr><td>" & objExchange_SMTPQueue.LinkName &
"</td><td>" & objExchange_SMTPQueue.MessageCount _
& "</td><td>" & objExchange_SMTPQueue.size & "</td></tr>"
WScript.echo objExchange_SMTPQueue.LinkName & " " &
objExchange_SMTPQueue.MessageCount & " " & objExchange_SMTPQueue.size
if objExchange_SMTPQueue.MessageCount >= MessageThreshold then
wql ="Select * From Exchange_QueuedSMTPMessage Where LinkId='" &
wql = wql & "' And LinkName='" & objExchange_SMTPQueue.Linkname & "' And
ProtocolName='SMTP' And "
wql = wql & "QueueId='" & objExchange_SMTPQueue.QueueID & "' And QueueName='" &
objExchange_SMTPQueue.Queuename &"' And"
wql = wql & " VirtualMachine='" & objExchange_SMTPQueue.VirtualMachine & "'"
wql = wql & " And VirtualServerName='" & objExchange_SMTPQueue.VirtualServerName
& "'"
quehtml = quehtml & getmess(wql)
end if
End If
HtmlMsgbody = HtmlMsgbody & "</table><BR><B>Message Queues</B><BR>" & quehtml
Set objEmail = CreateObject("CDO.Message")
objEmail.From = ""
objEmail.To = ""
objEmail.Subject = "Queue Threshold Exceeded"
objEmail.HTMLbody = HtmlMsgbody
= 2
= "Servername"
= 25
wscript.echo "message sent"
End sub

function getmess(wql)
quehtml = "<table border=""1"" width=""100%""><tr><td bgcolor=""#008000""
align=""center""><b><font color=""#FFFFFF"">Date Sent</font></b></td>" _
& "<td bgcolor=""#008000"" align=""center""><b><font color=""#FFFFFF"">Sent
& " <td bgcolor=""#008000"" align=""center""><b><font color=""#FFFFFF"">Recipients</font></b></td>"_
& " <td bgcolor=""#008000"" align=""center""><b><font color=""#FFFFFF"">Subject</font></b></td>"_
& " <td bgcolor=""#008000"" align=""center""><b><font color=""#FFFFFF"">Size</font></b></td></tr>"
Const cWMINameSpace = "root/MicrosoftExchangeV2"
strWinMgmts = "winmgmts:{impersonationLevel=impersonate}!//" & cComputerName &
"/" & cWMINameSpace
Set objWMIExchange = GetObject(strWinMgmts)
Set listExchange_MessageQueueEntries = objWMIExchange.ExecQuery(wql)
For each objExchange_MessageQueueEntries in listExchange_MessageQueueEntries
recieved =
4), Mid(objExchange_MessageQueueEntries.Received, 5, 2),
Mid(objExchange_MessageQueueEntries.Received, 7, 2)) & " " &
timeserial(Mid(objExchange_MessageQueueEntries.Received, 9,
2),Mid(objExchange_MessageQueueEntries.Received, 11,
2),Mid(objExchange_MessageQueueEntries.Received,13, 2))))
Wscript.echo recieved & " " & objExchange_MessageQueueEntries.Sender & " " &
objExchange_MessageQueueEntries.Subject _
& " " & objExchange_MessageQueueEntries.size & " " &
quehtml = quehtml & "<tr><td>" & recieved &"</td><td>" &
objExchange_MessageQueueEntries.Sender & "</td><td>" &
Recipients:","") & "</td><td>" _
& objExchange_MessageQueueEntries.Subject & "</td><td>" &
objExchange_MessageQueueEntries.size & "</td></tr>"
quehtml = quehtml & "</table>"
getmess = quehtml
end function

Popular posts from this blog

Downloading a shared file from Onedrive for business using Powershell

I thought I'd quickly share this script I came up with to download a file that was shared using One Drive for Business (which is SharePoint under the covers) with Powershell. The following script takes a OneDrive for business URL which would look like This script is pretty simple it uses the SharePoint CSOM (Client side object Model) which it loads in the first line. It uses the URI object to separate the host and relative URL which the CSOM requires and also the SharePointOnlineCredentials object to handle the Office365 SharePoint online authentication. The following script is a function that take the OneDrive URL, Credentials for Office365 and path you want to download the file to and downloads the file. eg to run the script you would use something like ./spdownload.ps1 '

A walk-though using the Graph API Mailbox reports in Powershell

Quite recently the Reporting side of the Graph API has moved in GA from beta, there are quite a number of reports that can be run across various Office365 surfaces but in this post I'm going to focus on the Mailbox related ones. Accessing Office365 Reports using Powershell is nothing new and has been available in the previous reporting endpoint however from the end of January many of these cmdlets are now being depreciated in favour of the Graph API . Prerequisites  In comparison to using the Remote PowerShell cmdlets where only the correct Office365 Admin permissions where needed, to use the new Graph API reports endpoint you need to use OAuth for authentication so this requires an Application Registration  that is then given the correct oAuth Grants to use the Reports EndPoin

How to test SMTP using Opportunistic TLS with Powershell and grab the public certificate a SMTP server is using

Most email services these day employ Opportunistic TLS when trying to send Messages which means that wherever possible the Messages will be encrypted rather then the plain text legacy of SMTP.  This method was defined in RFC 3207 "SMTP Service Extension for Secure SMTP over Transport Layer Security" and  there's a quite a good explanation of Opportunistic TLS on Wikipedia .  This is used for both Server to Server (eg MTA to MTA) and Client to server (Eg a Message client like Outlook which acts as a MSA) the later being generally Authenticated. Basically it allows you to have a normal plain text SMTP conversation that is then upgraded to TLS using the STARTTLS verb. Not all servers will support this verb so if its not supported then a message is just sent as Plain text. TLS relies on PKI certificates and the administrative issue s that come around certificate management like expired certificates which is why I wrote th
All sample scripts and source code is provided by for illustrative purposes only. All examples are untested in different environments and therefore, I cannot guarantee or imply reliability, serviceability, or function of these programs.

All code contained herein is provided to you "AS IS" without any warranties of any kind. The implied warranties of non-infringement, merchantability and fitness for a particular purpose are expressly disclaimed.