Skip to main content

Building a Better Link Monitor using WMI – Exchange 2003

Someone asked me a question last week about using the Queue class’s in Exchange 2003 and this got me thinking about link monitors. Link monitors are a little bit old terminology these days although I really used to like the old site and link monitors in Exchange 5.5 especially the visual representation. Now there are monitors on Exchange 2003 and while useful they are really lacking in being able to tell you if there actually is a problem and what that problem might be.

So I decided to see if I could build a better link monitor that would one tell me when there is a problem and also let me know in the warning email what that problem might be. Eg if there are lot of messages queuing up send me a dump of what the message queues looks like and tell me what messages are in the queue. Then with any luck I can tell from the email if there really is a problem that I might need to look at or if its just a temporarily large volume of email being sent. Eg the first thing you do when you get a warning about a problem with mail queues is to go and check what’s in them so I was trying to cut this step out.

So the solution I put together was a script that would listen for modification events on the Exchange_SMTPQueue Wmi class with a filter so it would only take action when the number of message in any of the queues went over a configured threshold. When the threshold is reached it would query all queues on the box and build a html table of the results and it would also then enumerate the messages in the queues that were over threshold and create a html table of the result of this enumeration. The html tables would then form the body of an alert email which would be sent. To stop the script sending email every update period which is about every 15 seconds or so the script tracks the last time an alert was sent so it will only send 1 alert per hour if the queues are still over threshold.

The script itself uses 3 WMI queries the first query listens for the Queue modification events. The second query enumerates the queues the third query enumerates the messages within a queue that are over threshold. A mail is then sent over SMTP using CDOEX/CDOSYS. The script itself can be run locally or remotely as long as there is CDOEX or CDOSYS installed on avaible on the machine to send the message.

To use the script you need to configure four things within the script the first is the computer name the second is the email address its sending from the email address its sending to and the server its sending through so the following 4 lines needs to be customised.

cComputerName = "."
objEmail.From = "Queuewarnings@yourdomain.com"
objEmail.To = "somebody@yourdomain.com"
objEmail.Configuration.Fields.Item("http://schemas.microsoft.com/cdo/configuration/smtpserver") = "Servername"
I’ve put a download copy of the script here the script itself looks like

cComputerName = "."
MessageThreshold = 5
LastAlertSent = dateadd("h",-1,now())
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate}!\\" & _
cComputerName & "\root\MicrosoftExchangeV2")
Set colMonitoredEvents = objWMIService.ExecNotificationQuery _
("SELECT * FROM __InstanceOperationEvent WITHIN 10 WHERE " _
& "Targetinstance ISA 'Exchange_SMTPQueue' and TargetInstance.MessageCount >= "
& MessageThreshold)
Do
Set objLatestEvent = colMonitoredEvents.NextEvent
Wscript.echo now() & " " & objLatestEvent.TargetInstance.LinkName & " " &
objLatestEvent.TargetInstance.MessageCount & " " &
objLatestEvent.TargetInstance.Size
if LastAlertSent < dateadd("h",-1,now()) then
call EnumSMTPQueues()
LastAlertSent = now()
end if
Loop


sub EnumSMTPQueues()
Const cWMINameSpace = "root/MicrosoftExchangeV2"
Const cWMIInstance = "Exchange_SMTPQueue"
HtmlMsgbody = "<table border=""1"" width=""100%"" cellpadding=""0"" bordercolor=""#000000""><tr><td
bordercolor=""#FFFFFF"" align=""center"" bgcolor=""#000080"">" _
& "<b><font color=""#FFFFFF"">Queue Name</font></b></td><td bordercolor=""#FFFFFF""
align=""center"" bgcolor=""#000080""<b><font color=""#FFFFFF"">Message
Count</font></b></td>" _
& "<td bordercolor=""#FFFFFF"" align=""center"" bgcolor=""#000080""><b><font
color=""#FFFFFF"">Queue Size</font></b></td></tr>"
strWinMgmts = "winmgmts:{impersonationLevel=impersonate}!//"& _
cComputerName&"/"&cWMINameSpace
Set objWMIExchange = GetObject(strWinMgmts)
If Err.Number <> 0 Then
WScript.Echo "ERROR: Unable to connect to the WMI namespace."
Else
Set listExchange_PublicFolders = objWMIExchange.InstancesOf(cWMIInstance)
For Each objExchange_SMTPQueue in listExchange_PublicFolders
HtmlMsgbody = HtmlMsgbody & "<tr><td>" & objExchange_SMTPQueue.LinkName &
"</td><td>" & objExchange_SMTPQueue.MessageCount _
& "</td><td>" & objExchange_SMTPQueue.size & "</td></tr>"
WScript.echo objExchange_SMTPQueue.LinkName & " " &
objExchange_SMTPQueue.MessageCount & " " & objExchange_SMTPQueue.size
if objExchange_SMTPQueue.MessageCount >= MessageThreshold then
wql ="Select * From Exchange_QueuedSMTPMessage Where LinkId='" &
objExchange_SMTPQueue.LinkID
wql = wql & "' And LinkName='" & objExchange_SMTPQueue.Linkname & "' And
ProtocolName='SMTP' And "
wql = wql & "QueueId='" & objExchange_SMTPQueue.QueueID & "' And QueueName='" &
objExchange_SMTPQueue.Queuename &"' And"
wql = wql & " VirtualMachine='" & objExchange_SMTPQueue.VirtualMachine & "'"
wql = wql & " And VirtualServerName='" & objExchange_SMTPQueue.VirtualServerName
& "'"
quehtml = quehtml & getmess(wql)
end if
next
End If
HtmlMsgbody = HtmlMsgbody & "</table><BR><B>Message Queues</B><BR>" & quehtml
Set objEmail = CreateObject("CDO.Message")
objEmail.From = "Queuewarnings@yourdomain.com"
objEmail.To = "somebody@yourdomain.com"
objEmail.Subject = "Queue Threshold Exceeded"
objEmail.HTMLbody = HtmlMsgbody
objEmail.Configuration.Fields.Item("http://schemas.microsoft.com/cdo/configuration/sendusing")
= 2
objEmail.Configuration.Fields.Item("http://schemas.microsoft.com/cdo/configuration/smtpserver")
= "Servername"
objEmail.Configuration.Fields.Item("http://schemas.microsoft.com/cdo/configuration/smtpserverport")
= 25
objEmail.Configuration.Fields.Update
objEmail.Send
wscript.echo "message sent"
End sub

function getmess(wql)
quehtml = "<table border=""1"" width=""100%""><tr><td bgcolor=""#008000""
align=""center""><b><font color=""#FFFFFF"">Date Sent</font></b></td>" _
& "<td bgcolor=""#008000"" align=""center""><b><font color=""#FFFFFF"">Sent
By</font></b></td>"_
& " <td bgcolor=""#008000"" align=""center""><b><font color=""#FFFFFF"">Recipients</font></b></td>"_
& " <td bgcolor=""#008000"" align=""center""><b><font color=""#FFFFFF"">Subject</font></b></td>"_
& " <td bgcolor=""#008000"" align=""center""><b><font color=""#FFFFFF"">Size</font></b></td></tr>"
Const cWMINameSpace = "root/MicrosoftExchangeV2"
strWinMgmts = "winmgmts:{impersonationLevel=impersonate}!//" & cComputerName &
"/" & cWMINameSpace
Set objWMIExchange = GetObject(strWinMgmts)
Set listExchange_MessageQueueEntries = objWMIExchange.ExecQuery(wql)
For each objExchange_MessageQueueEntries in listExchange_MessageQueueEntries
recieved =
dateadd("h",toffset,cdate(DateSerial(Left(objExchange_MessageQueueEntries.Received,
4), Mid(objExchange_MessageQueueEntries.Received, 5, 2),
Mid(objExchange_MessageQueueEntries.Received, 7, 2)) & " " &
timeserial(Mid(objExchange_MessageQueueEntries.Received, 9,
2),Mid(objExchange_MessageQueueEntries.Received, 11,
2),Mid(objExchange_MessageQueueEntries.Received,13, 2))))
Wscript.echo recieved & " " & objExchange_MessageQueueEntries.Sender & " " &
objExchange_MessageQueueEntries.Subject _
& " " & objExchange_MessageQueueEntries.size & " " &
replace(replace(objExchange_MessageQueueEntries.Recipients(0),vbcrlf,""),"Envelope
Recipients:","")
quehtml = quehtml & "<tr><td>" & recieved &"</td><td>" &
objExchange_MessageQueueEntries.Sender & "</td><td>" &
replace(replace(objExchange_MessageQueueEntries.Recipients(0),vbcrlf,""),"Envelope
Recipients:","") & "</td><td>" _
& objExchange_MessageQueueEntries.Subject & "</td><td>" &
objExchange_MessageQueueEntries.size & "</td></tr>"
next
quehtml = quehtml & "</table>"
getmess = quehtml
end function

Popular posts from this blog

Testing and Sending email via SMTP using Opportunistic TLS and oAuth in Office365 with PowerShell

As well as EWS and Remote PowerShell (RPS) other mail protocols POP3, IMAP and SMTP have had OAuth authentication enabled in Exchange Online (Official announcement here ). A while ago I created  this script that used Opportunistic TLS to perform a Telnet style test against a SMTP server using SMTP AUTH. Now that oAuth authentication has been enabled in office365 I've updated this script to be able to use oAuth instead of SMTP Auth to test against Office365. I've also included a function to actually send a Message. Token Acquisition  To Send a Mail using oAuth you first need to get an Access token from Azure AD there are plenty of ways of doing this in PowerShell. You could use a library like MSAL or ADAL (just google your favoured method) or use a library less approach which I've included with this script . Whatever way you do this you need to make sure that your application registration  https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-register-

How to test SMTP using Opportunistic TLS with Powershell and grab the public certificate a SMTP server is using

Most email services these day employ Opportunistic TLS when trying to send Messages which means that wherever possible the Messages will be encrypted rather then the plain text legacy of SMTP.  This method was defined in RFC 3207 "SMTP Service Extension for Secure SMTP over Transport Layer Security" and  there's a quite a good explanation of Opportunistic TLS on Wikipedia  https://en.wikipedia.org/wiki/Opportunistic_TLS .  This is used for both Server to Server (eg MTA to MTA) and Client to server (Eg a Message client like Outlook which acts as a MSA) the later being generally Authenticated. Basically it allows you to have a normal plain text SMTP conversation that is then upgraded to TLS using the STARTTLS verb. Not all servers will support this verb so if its not supported then a message is just sent as Plain text. TLS relies on PKI certificates and the administrative issue s that come around certificate management like expired certificates which is why I wrote th

The MailboxConcurrency limit and using Batching in the Microsoft Graph API

If your getting an error such as Application is over its MailboxConcurrency limit while using the Microsoft Graph API this post may help you understand why. Background   The Mailbox  concurrency limit when your using the Graph API is 4 as per https://docs.microsoft.com/en-us/graph/throttling#outlook-service-limits . This is evaluated for each app ID and mailbox combination so this means you can have different apps running under the same credentials and the poor behavior of one won't cause the other to be throttled. If you compared that to EWS you could have up to 27 concurrent connections but they are shared across all apps on a first come first served basis. Batching Batching in the Graph API is a way of combining multiple requests into a single HTTP request. Batching in the Exchange Mail API's EWS and MAPI has been around for a long time and its common, for email Apps to process large numbers of smaller items for a variety of reasons.  Batching in the Graph is limited to a m
All sample scripts and source code is provided by for illustrative purposes only. All examples are untested in different environments and therefore, I cannot guarantee or imply reliability, serviceability, or function of these programs.

All code contained herein is provided to you "AS IS" without any warranties of any kind. The implied warranties of non-infringement, merchantability and fitness for a particular purpose are expressly disclaimed.