The latest version of Foglight for Exchange is 5.7.2. You can upgrade to version 5.7.2 of Foglight for Exchange from version 5.6.9 and later.
Important: When data collection starts up, the Exchange agent installs a "Quest Remote Command Service" service in monitored server, to execute a PowerShell script. This service is uninstalled automatically when data collection stops.
To upgrade the Foglight for Exchange to the latest version:
Important: For a list of issues that you may encounter after upgrading the Foglight for Exchange to version 5.7.2, and ways to troubleshoot these issues, see section Potential issues after upgrading the cartridge to version 5.7.2.
Note: If you are also running Foglight for Active Directory, you must upgrade the Active Directory agents as well. It is strongly recommended that you run the same version and patch level of both cartridges.
The following is a list of product versions and platforms compatible with this release.
|
Product Name |
Product Version |
Platform |
| Foglight Management Server | 5.9.2 | All platforms supported by this version of the Foglight Management Server |
| Foglight Agent Manager | 5.9.2 | All platforms supported by this version of the Foglight Agent Manager |
| Foglight For Virtualization, Enterprise Edition | 8.7 8.7.5 |
All platforms supported by these versions of the Foglight For Virtualization, Enterprise Edition |
Before installing Foglight for Exchange, ensure your system meets the following minimum hardware and software requirements:
| Platform |
Any supported Foglight or Foglight for Virtualization, Enterprise Edition platform. For complete information, see the System Requirements and Platform Support Guide. |
| Memory |
As specified in Foglight or Foglight for Virtualization, Enterprise Edition documentation. |
| Hard Disk Space |
As specified in Foglight or Foglight for Virtualization, Enterprise Edition documentation. |
| Operating System |
As specified in Foglight or Foglight for Virtualization, Enterprise Edition documentation. |
| Monitored Servers |
Domain Controllers specified in Foglight for Exchange agent properties must be Windows Server® 2008 or later. Small Business Systems (SBS) versions have not been tested. Foglight for Exchange version 5.6.5 and subsequent releases support Microsoft® Exchange Server 2007 or later, including all service packs, unless otherwise noted. Minimum Domain and Forest levels should be Windows Server 2008. Foglight for Office 365 support Microsoft Active Directory Federation Service 2.0 or later. Active Directory Federation Service 2.0 only can be monitored via WinRm. For ADFS agents: If the monitored host is a physical machine, it requires a host agent for host information collection. If the monitored host is a virtual machine, it requires a VMware/Hyper-V agent to collect host information collection. |
The following prerequisite conditions must be in place in order to successfully initialize an Exchange agent. Failure to meet these prerequisites may result in missing metrics in Foglight for Exchange dashboards.
Important: All prerequisite steps must be completed on the Exchange server as well as the Active Directory® server because the Exchange agent collects information from the Active Directory server and requires access permissions.
Note: The Remote Access Diagnostics utility, provided with this cartridge, checks the connectivity between the Foglight Agent Manager (FglAM) and Active Directory and Exchange servers that are being monitored. It also tests for the prerequisite conditions that must be met in order to initialize an Exchange agent. This utility requires .NET® 2.0 libraries to run. For more information on running the Remote Access Diagnostics utility, see the Remote Access Diagnostics User Guide.
Exchange account privileges:
Note: Make sure to give minimum required privilege to your agent; otherwise this agent can not start data collection.
Domain Controller account privileges: a domain user account with the following privileges (LDAP):
ADFS account privileges:
Office 365® account privileges:
To add the Log on as a service Right to an account:
To grant permissions on the registry keys:
Exchange servers that have to be accessed by clients not supporting GSS authentication must have SmbServerNameHardeningLevel set to 0 (the default). For more information, see http://support.microsoft.com/kb/2345886.
Rule #1: need local ports 135, 139, 389 (or 636) and 445 opened.
Rule #2: need "Dynamic RPC" local ports opened.
For more information, see the following article: https://support.quest.com/kb/SOL85903.
For details about this topic, refer to the "Configuring Windows Remote Management (WinRM)" section in the Foglight Agent Manager Guide.
If LDAP Authentication Schema is selected as Kerberos in the agent properties, the Agent Manager will search the following files for information about the location of the Key Distribution Center (KDC):
The krb5.ini or krb5.conf file should contain the realm info and hostname of the KDC for this realm. For example:
[libdefaults]
default_realm = MY.REALM
[realms]
MY.REALM = {
kdc = kdc.my.realm
} Important: Starting with version 5.7.1, Foglight for Exchange trusts (by default) any certificates for secure LDAP connections, and does not require users to import the SSL certificate any longer. The only case when users need to import the certificate is when they set the vm parameter "quest.ldap.ssl.trustAnyCert" as False to disable any certificate trust.
When collecting data using LDAP through SSL communication, a new Certificate Authority must be added to the Agent Manager’s Java® Runtime Environment (JRE). The JRE includes a command-line tool keytool which can be used to add the new Certificate Authority.
keytool -import -file <importCertPath> -alias <someName> -keystore <cacertsPath> -storepass <changeit>
keytool -list -alias <someName> -keystore <cacertsPath> -storepass <changeit>
Here are example commands that import and list a new root certificate:
<FMS_HOME>\jre\bin\keytool -import -file MySSL.cer –alias MySecuryLDAP.ca -keystore <FMS_HOME>\jre\lib\security\cacerts -storepass changeit
<FMS_HOME>\jre\bin\keytool -list -alias MySecuryLDAP.ca -keystore <FMS_HOME>\jre\lib\security\cacerts -storepass changeit
The initial password of the cacerts keystore file is changeit. System administrators should change this password and the default access permissions of this file when installing the SDK. The file can be found in the directory <FMS_HOME>\jre\lib\security\cacerts (embedded Agent Manager) or <FglAM_HOME>\jre\<JRE_VERSION>\jre\lib\security\cacerts (external Agent Manager).
Note: The certificate file that you want to import should be the public certificate for the Certificate Authority that signed the server's SSL certificate, not the SSL certificate itself. The Agent Manager must be restarted for the certificate to take effect. If security LDAP is enabled when creating the Exchange agent via the Agent Setup wizard, the root certificate also needs to be added to the Foglight Management Server’s Java Runtime Environment (JRE).
Server objects do not appear until at least one piece of data has been collected and recorded. If communication fails completely, you will not see objects.
Configuration steps:
The new-TestCasConnectivityUser.ps1 PowerShell script must be run on each Exchange Server to configure a test account for the OWA connectivity user tests. This aids in the collection of OWA metrics. The script is located in the Scripts folder of your Exchange install directory. For example, if Exchange is installed in C:\Program Files\Microsoft\Exchange, then the script is located in C:\Program Files\Microsoft\Exchange\Scripts.
This section provides information about problems that you might encounter while monitoring your environment with Foglight for Exchange, and describes the solutions available to troubleshoot these problems.
The following domain controller specific metrics are not available in Foglight for Exchange unless an Active Directory agent is monitoring the domain controller:
Symptom: Some domain controller specific metrics do not display in the Foglight for Exchange views.
Resolution: Install Foglight for Active Directory.
Foglight for Exchange now detects when an Exchange server is added or removed. Alarms are generated for the following cases:
Symptom: Alarms are not being generated when an Exchange server is added or removed.
Resolution:
There are two rules used for the Exchange Server Discovery feature. Disabling either one of these rules will disable alerting on server discovery. Ensure that the following rules are not disabled:
The EXC Server Discovery Search rule fires every 24 hours and an LDAP query is made once for every domain that has an active, collecting agent. Therefore, depending on when the server was added or removed, there may be a delay in seeing the alarm. Also, if the agent is deactivated or not collecting data, the new or removed server will not be detected until the next server discovery search interval after the agent is re-activated and collecting data.
The RPCs Failed (Server Too Busy) performance metric is a client-reported value. In order to send this type of data to the server in Outlook 2003 or later, the Exchange server’s registry must contain the ClientMonitoringReportLevel registry key with a value of either one or two.
Symptom: RPCs Failed (Server Too Busy) performance metric is not being collected.
Resolution:
Ensure that the server’s registry contains the ClientMonitoringReportLevel registry key with a value of either one or two.
To modify the client-side monitoring levels for Outlook 2003 or later clients:
Tip: It is recommended that you create a backup copy of the Registry that you can revert to prior to making any changes.
The Microsoft Exchange Monitoring service is not monitored and alarms will not be raised for this service by default. However, if you use this service in your Exchange organization, you can enable monitoring.
Symptom: Microsoft Exchange Monitoring service is not being monitored.
Resolution: Enable monitoring of this service:
Symptom: The "Quest Remote Command Service" services is not started automatically.
Resolution: In the Update Credential Properties dialog box, change the value of Domain to the host name of Edge Transport server:
Note: This resolution is only applicable for the Edge Transport server, which means this resolution will not be available if the monitored server is not an Edge Transport server.
The following procedure is a best practice that is recommended for optimal performance.
Do NOT allow Microsoft® automatic update feature to force an update of the server hosting the Foglight Management Server. This automatic update feature does not allow enough time for the Foglight Management Server to shutdown gracefully, which may leave your agents in a broken state.
Symptom: Cartridge agents will appear to be deactivated on the Agent Status dashboard.
Resolution: Using the Agent Status dashboard, select the deactivated agent and select the Activate button. If you cannot activate the selected agent, delete and reinstall the agent.
Symptoms:
When upgrading to version 5.6.11, you encounter an error message similar to the following message (actual values may vary):
Error deploying package … Cause: The addition of 2097152kb to the negotiated JVM Max heap size would adjust to 2359296kb, which would exceed the total available physical memory of 1780736kb. Rejecting memory request.
Resolution:
This message indicates that the Agent Manager does not have sufficient heap memory to allocate to the requesting Foglight for Exchange agent package. It is not possible to directly increase the amount of heap memory available to the Agent Manager, as it uses as much memory as the monitoring host can provide to it before issuing this message. The amount of memory available to be allocated to the Agent Manager must be increased, for example by adding more physical memory to the host. If the monitoring host is a virtual machine, more memory may be allocated to the VM.
If this is not possible, consider moving some agents, or the Agent Manager and all agents, to another monitoring host which has more memory capacity.
Symptoms:
2013-12-19 13:39:12.669 ECHO <ExchangeMonitoring/5.6.6/ExchangeAgent/EXC0-EX7.domain7.local-agent> INFO [Thread-20] com.quest.agent.service.auth.impl.CredentialManagerImpl - Begin to query credential for host: EX7.domain7.local
2013-12-19 13:39:26.707 ECHO <ExchangeMonitoring/5.6.6/ExchangeAgent/EXC0-EX7.domain7.local-agent> INFO [Thread-20] com.quest.agent.exc.ExchangeAgentImpl - Validate credentials for host: EX7.domain7.local
2013-12-19 13:39:26.708 ECHO <ExchangeMonitoring/5.6.6/ExchangeAgent/EXC0-EX7.domain7.local-agent> ERROR [Thread-20] com.quest.agent.exc.ExchangeAgentImpl - Could not establish a connection to host : EX7.domain7.local.
2013-12-19 13:39:26.708 ECHO <ExchangeMonitoring/5.6.6/ExchangeAgent/EXC0-EX7.domain7.local-agent> ERROR [Thread-20] com.quest.agent.exc.ExchangeAgentImpl - Data collection failure.
com.quest.glue.api.services.NoCredentialsException: Could not establish a connection to host : EX7.domain7.local
at com.quest.agent.exc.ExchangeAgentImpl.buidConfig(ExchangeAgentImpl.java:815)
at com.quest.agent.exc.ExchangeAgentImpl.buildConfigOnCredential(ExchangeAgentImpl.java:791)
at com.quest.agent.exc.ExchangeAgentImpl.access$000(ExchangeAgentImpl.java:84)
at com.quest.agent.exc.ExchangeAgentImpl$1.run(ExchangeAgentImpl.java:839)
at java.lang.Thread.run(Thread.java:662)
"A Credential with purpose xxxx has been encrypted with a lockbox that has not been granted to this Agent Manager". Resolution 1:
Resolution 2: Update the Agent Manager to version 5.6.12 (or later).
Symptom:
The following error message may be found in the Foglight Management Server console.
Failed to retain value of property instances when editing EXCADAccessDomainController object "null (EXCADAccessDomainController)" (39bb11e5-e952-4d63-8629-c4efc19a546d).
Failed to retain value of property instances when editing EXCADAccessCache object "null (EXCADAccessCache)" (16d56083-19b0-4370-af54-9b775a7f644e).
Failed to retain value of property instances when editing EXCADAccessProcessobject "null (EXCADAccessProcess)" (36b2c281-13b6-48ee-9dc0-7660e326fd50).
Failed to retain value of property instances when editing EXCDatabase object "null (EXCADAccessProcess)" (36b2c281-13b6-48ee-9dc0-7660e326fd50).
Resolution:
server["TopologyService"].deleteObjects(new java.util.HashSet(#!EXCADAccessDomainController#.topologyObjects))
server["TopologyService"].deleteObjects(new java.util.HashSet(#!EXCADAccessCache#.topologyObjects))
server["TopologyService"].deleteObjects(new java.util.HashSet(#!EXCADAccessProcess #.topologyObjects))
server["TopologyService"].deleteObjects(new java.util.HashSet(#!EXCDatabase#.topologyObjects))
Symptoms:
2014-01-26 10:51:47.329 ECHO <ExchangeMonitoring/5.6.7/ExchangeAgent/2901-agent> ERROR [Quartz[0]-10] com.quest.agent.service.winRm.WinRMEndPoint - Fail to establish the WinRM connection: com.quest.glue.api.services.RemoteConnectionException: a connection could not be established.
2014-01-26 10:51:47.329 ECHO <ExchangeMonitoring/5.6.7/ExchangeAgent/2901-agent> INFO [Quartz[0]-10] com.quest.agent.service.auth.impl.WinRmValidator - winRm connectivity test result: Failed.
2014-01-26 10:51:47.330 ECHO <ExchangeMonitoring/5.6.7/ExchangeAgent/2901-agent> ERROR [Quartz[0]-10] com.quest.agent.exc.ExchangeAgentImpl - Could not establish a connection to host : zhuvmfog2901. 2014-01-26 10:51:47.332 ECHO <ExchangeMonitoring/5.6.7/ExchangeAgent/2901-agent> EERROR [Quartz[0]-10] com.quest.agent.exc.ExchangeAgentImpl - Data collection failure.
com.quest.glue.api.services.NoCredentialsException: Could not establish a connection to host : XXXXXX
at com.quest.agent.exc.ExchangeAgentImpl.buidConfig(ExchangeAgentImpl.java:718)
at com.quest.agent.exc.ExchangeAgentImpl.buildConfigOnCredential(ExchangeAgentImpl.java:701)
at com.quest.agent.exc.ExchangeAgentImpl.init(ExchangeAgentImpl.java:866)
at com.quest.agent.exc.ExchangeAgentImpl.isReady(ExchangeAgentImpl.java:741)
at com.quest.agent.exc.ExchangeAgentImpl.informationStoreDetailCollection(ExchangeAgentImpl.java:594)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at com.quest.glue.core.services.EquivalenceInvocationHandler.invoke(EquivalenceInvocationHandler.java:70)
at com.quest.glue.core.agent.AgentInteractionHandler.invoke(AgentInteractionHandler.java:186)
at com.sun.proxy.$Proxy51.informationStoreDetailCollection(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at com.quest.glue.core.agent.scheduler.CollectorCallback.invokeCollector(CollectorCallback.java:162)
at com.quest.glue.core.agent.scheduler.CollectorCallback.execute(CollectorCallback.java:130)
at com.quest.glue.core.scheduler.quartz.QuartzScheduler$ScheduledTaskSequentialJob.execute(QuartzScheduler.java:716)
at org.quartz.core.JobRunShell.run(JobRunShell.java:202)
at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:895)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:918)
at java.lang.Thread.run(Thread.java:662) Resolution:
© ALL RIGHTS RESERVED. 利用規約 プライバシー Cookie Preference Center