Exchange Server 2010 Logs

Whenever you get a problem in Exchange 2010, I guarantee that one of the logs will provide vital clues to find the root cause. The hidden agenda of this article is to open your eyes to the numerous types of Exchange logs, and to show you where to find them.

Location and Types of Exchange Logs

Microsoft is not perfect. However, I have always felt that from the earliest Windows operating systems Microsoft provides lots of troubleshooting information in their logs.

The reason that Exchange 2010 has so many logs in so many locations is simply because it has so many components. On an Exchange server there are database logs for the mailstore, Windows 2008 application logs, SMTP protocol logs and virus logs. If that is not enough, you can create your own performance logs.

Unfortunately there is no central location to view all these Exchange related logs, therefore you have to start exploring locations such as the \exchsrvr folder, Event Viewer and even the root of the C:\ or D:\ drive.

Event Viewer: Application Log

Whenever I get an email problem, I try and make myself look in the Event Viewer earlier, rather than later in the troubleshooting process. Therefore in the case of Exchange 2010, I urge you to begin with the Application Log. People often say "finding the problem is like looking for a needle in a haystack." My reply is: "master Event Viewer's Filter." Click on the View Menu, Filter and select one of these from the Event Source box.

• MSExchangeAL - Addressing Email
• MSExchangeIS - IIS Access
• MSExchangeSA - Active Directory related
• MSExchangeTransport - SMTP Routing
• POP3Svc

Event Viewer: System Log

Using the same technique that I described above for the Application log, investigate these categories; remember the key menu is Filter source:

• SMTPSVC - SMTP Service
• W3SVC - IIS
• MSExchangeIS Mailbox Store
• ClusSvc - Cluster Service

Setup.log and Exchange Server Setup Progress.log

Exchange also has two setup logs to troubleshoot install programs. These files are created in the root of the drive where the Exchange 2010 binaries are installed. For example look in C:\ or D:\. These files give reasons why setup failed. Perhaps Exchange 2010 could not extend the schema, or encountered problems overwriting priv1.edb in the MDBDATA folder. I once used the progress log to solve a replication problem when migrating from Exchange 5.5.

Guy Thomas is a computer consultant and writer with attitude and a great sense of humor.