Navigation basics
Foglight browser interface panels
Drill down actions
Breadcrumb trail
Time range
Lists
Alarms and state indicators
Mouse-over actions
Foglight for Exchange roles
Exploring the Foglight for Exchange dashboards
Accessing the Foglight for Exchange dashboards
Exchange Alarms dashboard
Exchange Environment dashboard
Managing Exchange agents
Reporting on your Exchange environment
Foglight for Exchange views
Exchange Environment > Health Check tab
Exchange Environment > Monitoring tab
Exchange Environment > Administration tab
Exchange Environment > Reports tab
Exchange Environment > FAQts tab
Exchange Explorer dashboard
Exchange Rule Management dashboard
Role views
Foglight for Exchange rules
Exchange Roles Environment Summary (All Exchange Roles) view
Client Access Role Environment Summary view
Edge Transport Role Environment Summary view
Hub Transport Role Environment Summary view
Mailbox Role Environment Summary view
Unified Messaging Role Environment Summary view
Exchange Roles Explorer Summary (All Roles) view
Client Access Role Explorer Summary view
Edge Transport Role Explorer Summary view
Hub Transport Role Explorer Summary view
Mailbox Role Explorer Summary view
Unified Messaging Role Explorer Summary view
Exchange Server views
Exchange Servers Environment Summary (All Exchange Servers) view
Exchange Server Environment Summary view
Exchange Servers Explorer Summary (All Exchange Servers) view
Exchange Server Explorer Summary view
Resource Utilization Details view
Exchange Server Roles view
Exchange Server AD Health view
Exchange Server Managed Availability view
Site views
Exchange Sites Environment Summary (All Sites) view
Exchange Site Environment Summary view
Exchange Sites Explorer Summary (All Sites) view
Exchange Site Explorer Summary view
Cluster views
Exchange Cluster Environment Summary view
Exchange Clusters Explorer Summary (All Clusters) view
Exchange Cluster Explorer Summary view
Description of Embedded views
Agent State view
Alarms view
Auto Attendant Calls view
Auto Attendant Directory Access view
Auto Attendant General view
Auto Attendant Transfers view
Cached LDAP Searches/sec view
CAS AB Load view
CAS AB Service view
CAS ActiveSync view
CAS Control Panel Load view
CAS Load view
CAS OAB Download view
CAS RPC Client Access view
CAS RPC Client Access Load view
CAS RPC HTTP view
Client Access Features view
Cluster Database Details view
Cluster Storage Group Details view
Cluster Summary and Resource Information view
Cluster Summary view
Clusters Listing view
CPU view
Disk view
Domain Controllers view
Edge Agent view
Edge Transport Features view
Exchange Roles Server Summary view
Exchange Server Roles view (reference information)
Exchange Servers in This Cluster view
Exchange Servers view (Exchange Cluster Environment Summary)
Exchange Servers view
Host Monitor view
Hub Transport Features view
IP Address view
Mailbox Features view
Mailbox Store Assistant view
Managed Availability Recovery Action Results view
Memory view
Network view
Processes LDAP Read Time view
Resource Utilization view
Roles Listing view
Roles Explorer view
Role Features State view
Roles Top 3 view
Server Health view
Server Listing view
Servers in Site view
Servers In This Site view
Site By Category view
Site Listing view
Store Calendar Attendant view
Store Client Search view
Store Content Indexing view
Store Database view
Store Public Load view
Store Resource Booking view
Store RPC Client Throttling view
Store Transport view
Store User Load view
Summary and Resource Information view
Top 3 CPU Consumers view
Top 3 Memory Consumers view
Top 3 Network Consumers view
Top 3 Storage Consumers view
Total LDAP Read Time On All DCs view
Total Long-Running LDAP Operations On All DCs view
Transport Dumpster view
Transport Edge Sync view
Transport Extensibility Agent view
Transport Load Store Drivers view
Transport Queues view
UM Availability view
UM Call Answer General view
UM Call Answer view
UM Fax view
UM General Current view
UM General view
UM Subscriber Access Calendar view
UM Subscriber Access Directory view
UM Subscriber Access General view
UM Subscriber Access Message view
Unified Messaging Features view
Windows Services view
Rules dashboard
Exchange Rule Management dashboard
Managing Foglight for Exchange rules
Rules reference
Running diagnostic tests
Managing Exchange metrics
Agent Management view
Figure 16. Agent Management view
|
|
|
|
Displays the name of the servers being monitored by an Exchange agent instance. | |
|
Displays the name of the agent instance created for an Exchange server. | |
|
Displays the name of the Foglight Agent Manager Host assigned to each Exchange agent instance. | |
|
Displays the number of alarms outstanding for a select Exchange agent. Clicking an alarm opens the Alarms for <agent_name> view, which provides more details about these alarms. | |
|
Click the Edit icon in this column to update the private agent properties using the Agent Edit wizard. For more information, see Edit private agent properties. | |
|
Click the Edit icon in this column to open the Shared Properties dialog box and review the properties defined. To enable / disable a powershell cmdlet, select / clear the Monitor check box for that cmdlet. | |
|
Displays the agent version. A green check mark icon indicates that the agent version is up to date. |
The Agent Setup wizard guides you through the process of adding and configuring Exchange agent instances on one or more servers.
|
1 |
At the top of the Agent Management view, click Add to launch the Agent Setup wizard. |
|
2 |
On the Prepare page, carefully read the instructions about the steps that you need to take before proceeding with the wizard. |
You can either manually configure your Exchange environment for monitoring, or download and run a script that automatically configures the Exchange servers. To download the script, click Script for configuring the Exchange settings.
When done, click Next.
|
3 |
On the Auto-Discovery or Manual page, indicate if you want to manually configure an agent to monitor a single Exchange server, or search your domain and auto-discover Exchange servers and create one or several agents. Click Next. |
|
• |
|
• |
|
4 |
On the Select the Search Domain page, specify the domain to be used to search for Exchange servers where Exchange agent instances are to be created and activated. |
|
• |
Domain: Type the fully qualified name (myDomain.com) of a domain to search for Exchange servers. |
|
• |
User Name: Type the user principal name of the account to be used to query Active Directory® on the selected domain.The following formats are accepted for the user principal name: myUser@myDomain.com, myUser, and myDomain.com\myUser. |
|
• |
User Password: Enter the password associated with the above user account. |
|
• |
Enable SSL For LDAP: Selecting this check box if security LDAP is required. |
Click Next.
|
NOTE: 1. When selecting Enable SSL For LDAP, import the root certificate of the monitoring domain into both FglAM and Foglight keystore. 2. Ensure that the Subject Alternative Name of the certificate used by LDAP service includes both server FQDN and Domain name. For detailed information on how to import certificate into both FMS and FglAM keystore in FIPS-compliant mode, refer to Managing certificates for FglAM and Managing certificates for FMS in FIPS-compliant mode . For detailed information on how to import certificate into both FMS and FglAM keystore in non-FIPS mode, refer to Managing certificates for FglAM and Managing certificates for FMS in non-FIPS mode . |
|
5 |
On the Select Servers page, select one or more Exchange servers that you want to monitor. |
|
• |
Exchange Server: The name of the Exchange server found on the selected domain. |
|
• |
Exchange Agent Exists: Indicates whether an Exchange agent instance has already been created for an Exchange server. A green check mark in this check box indicates that an agent instance is already created to monitor the Exchange server. Servers already monitored by other Exchange agents are unavailable for selection in the list. |
Click Next.
|
6 |
On the Configure Agent Properties page, review the Exchange agent properties, and edit them, as necessary. |
|
• |
Exchange Server(s): The name of one or more Exchange servers found on the selected domain. |
|
• |
Domain Controller: The name of the domain controller found on the selected domain. |
|
• |
Communication Protocol: Selects to run the WMI query through DCOM or WinRM. |
|
• |
WinRM Port: The WinRM port number on the monitored server. This property only appears if the Communication Protocol is set to WinRM through HTTP or WinRM through HTTPS. |
|
NOTE: 1. When setting Communication Protocol as WinRM through HTTPs, import the root certificate of the monitoring domain into FglAM keystore. 2. Ensure that the Subject Alternative Name of the certificate used by LDAP service includes both server FQDN and Domain name. For detailed information on how to import certificate into FglAM keystore, refer to Managing certificates for FglAM . |
|
• |
LDAP Authentication Mechanism: The authentication scheme used to connect to the LDAP server: Simple (default) or Kerberos. |
|
• |
Enable SSL For LDAP: Indicates if the LDAP connection is secure or not (default). |
|
NOTE: 1. When selecting Enable SSL For LDAP, import the root certificate of the monitoring domain into both FglAM and Foglight keystore. 2. Ensure that the Subject Alternative Name of the certificate used by LDAP service includes both server FQDN and Domain name. For detailed information on how to import certificate into both FMS and FglAM keystore in FIPS-compliant mode, refer to Managing certificates for FglAM and Managing certificates for FMS in FIPS-compliant mode . For detailed information on how to import certificate into both FMS and FglAM keystore in non-FIPS mode, refer to Managing certificates for FglAM and Managing certificates for FMS in non-FIPS mode . |
|
• |
Is a Virtual Host?: Indicates if the selected Exchange server runs on a virtual host. If it runs on a physical host, by default the Windows Agent is delegated to collect host metrics |
|
• |
Virtual Environment: The type of the virtual environment: VMware or Hyper-V. This property only appears if the selected Exchange server runs on a virtual host. |
|
• |
Enable ActiveSync Collection: Indicates if the collection of ActiveSync Top N users is disabled or enabled. |
|
• |
IIS Log Folder: The file path to the IIS log on the Exchange Client Access Server. |
|
• |
ActiveSync Collection Time: The time when the ActiveSync collection task starts. |
|
• |
Top N Users: The number of top N users for which data is submitted to the Management Server. |
Click Next.
|
7 |
On the Select the Agent Manager Host page, select the Foglight Agent Manager host to be used for the new Exchange agent instances. |
|
• |
|
• |
The Exchange Agent Package Deployed column indicates whether the Exchange agent package is already deployed to the Agent Manager host(s). A green check in this column indicates that the Exchange agent package has been deployed. |
|
• |
The Windows Agent Package Deployed column indicates whether the Windows agent package is already deployed to the Agent Manager host(s). A green check in this column indicates that the Windows agent package has been deployed. This column is displayed only if the Exchange server runs on a physical host. |
Click Next.
|
8 |
On the Assign and Validate Credentials page, review the available credentials, and edit them, as necessary. |
|
• |
To create a new credential, click Add host(s) to a new credential. |
|
• |
In the Create New Credential and Assign dialog box, create a credential that you want to use to access the monitored resource. Type a new credential name, domain, user name, password, and lockbox, and click Submit. |
|
• |
To select an existing credential, click Add host(s) to an existing credential. |
|
• |
|
• |
To bypass the prerequisites verification, select the Do not check for prerequisites check box. |
Click Next.
|
9 |
On the Summary page, review the configuration settings chosen for the new agent, and its prerequisite diagnostics, including: |
|
• |
Exchange Agent: The name of the selected Exchange agent instance. |
|
• |
Windows Agent: The name of the selected Windows agent instance. |
|
• |
Success: The agent instance can connect to the monitored Exchange server and collect data. |
|
• |
Error: The agent instance cannot connect to the monitored Exchange server instance and collect data. Click this link to find out what causes this error. Carefully review the information in the popup that appears in order address the problem. |
Click Finish.
The Agent Setup wizard closes. The Exchange agent is now added and configured, and appears in the Agent Management view, on the Administration tab.
The Agent Edit wizard guides you through the process of editing private agent properties.
|
1 |
In the Agent Management view, in the row containing the agent whose properties you want to edit, click the Private Properties column. |
|
2 |
In the Agent Edit wizard, on the Configure Agent Properties page, review the Exchange agent properties, and edit them, as necessary. |
|
• |
Exchange Server(s): The name of one or more Exchange servers found on the selected domain. |
|
• |
Domain Controller: The name of the domain controller found on the selected domain. |
|
• |
Communication Protocol: Selects to run the WMI query through DCOM or WinRM. |
|
• |
WinRM Port: The WinRM port number on the monitored server. This property only appears if the Communication Protocol is set to WinRM through HTTP or WinRM through HTTPS. |
|
NOTE: 1. When setting Communication Protocol as WinRM through HTTPs, import the root certificate of the monitoring domain into FglAM keystore. 2. Ensure that the Subject Alternative Name of the certificate used by LDAP service includes both server FQDN and Domain name. For detailed information on how to import certificate into FglAM keystore, refer to Managing certificates for FglAM . |
|
• |
LDAP Authentication Mechanism: The authentication scheme used to connect to the LDAP server: Simple (default) or Kerberos. |
|
• |
Enable SSL For LDAP: Indicates if the LDAP connection is secure or not (default). |
|
NOTE: 1. When selecting Enable SSL For LDAP, import the root certificate of the monitoring domain into both FglAM and Foglight keystore. 2. Ensure that the Subject Alternative Name of the certificate used by LDAP service includes both server FQDN and Domain name. For detailed information on how to import certificate into both FMS and FglAM keystore in FIPS-compliant mode, refer to Managing certificates for FglAM and Managing certificates for FMS in FIPS-compliant mode . For detailed information on how to import certificate into both FMS and FglAM keystore in non-FIPS mode, refer to Managing certificates for FglAM and Managing certificates for FMS in non-FIPS mode . |
|
• |
Is a Virtual Host?: Indicates if the selected Exchange server runs on a virtual host. |
|
• |
Virtual Environment: The type of the virtual environment: VMware or Hyper-V. This property only appears if the selected Exchange server runs on a virtual host. |
|
• |
Host Info Provider: Indicates the host metrics collected by the Windows agent or the Exchange agent. |
|
• |
Enable ActiveSync Collection: Indicates if the collection of ActiveSync Top N users is disabled or enabled. |
|
• |
IIS Log Folder: The file path to the IIS log on the Exchange Client Access Server. |
|
• |
ActiveSync Collection Time: The time when the ActiveSync collection task starts. |
|
• |
Top N Users: The number of top N users for which data is submitted to the Management Server. |
Click Next.
|
3 |
On the Assign and Validate Credentials page, review the available credentials, and edit them, as necessary. |
|
• |
To create a new credential, click Add host(s) to a new credential. |
|
• |
In the Create New Credential and Assign dialog box, create a credential that you want to use to access the monitored resource. Type a new credential name, domain, user name, password, and lockbox, and click Submit. |
|
• |
To select an existing credential, click Add host(s) to an existing credential. |
|
• |
Click Next.
|
4 |
The Agent Edit wizard closes. The private properties are now updated.
If any monitoring agents are unable to collect data or connect to the monitored Exchange servers, you can inspect the underlying cause using the Prerequisites Diagnostic button on the Agent Management toolbar.
|
1 |
In the Agent Management view, select the row containing the agent whose prerequisites you want to examine, and click Prerequisites Diagnostic on the toolbar. |
|
2 |
Review the results in the Prerequisites Diagnostic dialog box. |
|
• |
Agent Name: The name of the selected Exchange agent instance. |
|
• |
Monitored Host: The name of the host on which the monitored Exchange server is running. |
|
• |
Success: The agent instance can connect to the monitored Exchange server and collect data. |
|
• |
Error: The agent instance cannot connect to the monitored Exchange server instance and collect data. Click this link to find out what causes this error. Carefully review the information in the popup that appears in order address the problem. |
Managing certificates
|
• |
<foglight_home> is a placeholder that represents the path to the Foglight Management Server installation. |
|
• |
<foglight_agent_mgr_home> is a placeholder that represents the path to the Foglight Agent Manager installation. This can be the location of the Foglight Agent Manager installation on a monitored host, or the home directory of the Foglight Agent Manager that comes embedded with the Foglight Management Server. For example: |
All the certificate-related command line options require that FglAM be up and running.
bin/fglam --add-certificate "user alias 1"=/path/to/certificate/file
|
• |
FglAM requires the Base64 format. To verify if the certificate file is encoded with Base64, open the certificate with a notepad and the certificate should be similar to the following example: -----BEGIN CERTIFICATE----- XXXXXXXX= -----END CERTIFICATE----- |
|
NOTE: If the certificate is not Base64 format, use openssl command to convert the certificate file into a Base64 file. Use either of the following commands depending on the source form: openssl x509 -inform DER -in xxx.cer -out xxx.crt or openssl x509 -inform PEM -in xxx.cer -out xxx.crt |
|
• |
The alias is required and is used in the list and delete operations to refer to the certificate. It can be anything. |
Print out a list of certificates and the aliases that refer to them.
Refer to the example output below:
Remove a certificate referred to by an alias.
bin/fglam --delete-certificate "user alias 1"
Use the keytool utility shipped with Foglight to create, import, or export certificates. This utility can be found at: <foglight_home>\jre\bin\keytool.
There are two FMS running modes:
The KeyStore Foglight used under non-FIPS mode is located at: <foglight_home>/jre/lib/security/cacerts (default password: changeit)
Use the keytool command in FMS JRE located in <foglight>/jre/bin
|
• |
<alias>: The alias is required and is used in the list and delete operations to refer to the certificate. It can be anything. |
|
• |
<foglight_home>: The folder path where the Foglight is installed. |
|
• |
<certificate path>: Your custom certificate path. |
keytool -list -keystore <foglight_home>/jre/lib/security/cacerts -storepass changeit
Remove a certificate referred to by an alias.
The KeyStore Foglight used in FIPS-compliant mode is located at: <foglight_home>/config/security/trust.fips.keystore (default password: nitrogen)
Use the keytool command in FMS JRE located in <foglight>/jre/bin.
|
• |
<alias>: The alias is required and is used in the list and delete operations to refer to the certificate. It can be anything. |
|
• |
<Foglight_home>: The folder path where Foglight is installed. |
|
• |
<certificate path>: Your custom certificate path. |
Prints out a list of certificates and the aliases that refer to them.
Refer to the example output below:
Remove a certificate referred to by an alias.
Issuer: CN=CA, DC=ca, DC=local
Valid from: Sun Jan 06 23:07:06 CST 2019 until: Wed Apr 06 23:07:06 CST 2022
Trust this certificate? [no]: yes
Certificate was added to keystore
Exchange agent properties
To display an agent’s properties page, use one of the following methods:
|
• |
From the navigation panel, navigate to Dashboards > Administration > Agents > Agent Properties. On the Agent Properties dashboard, select an agent. The Properties panel is displayed, showing the current properties for the selected agent instance. |
|
• |
From the navigation panel, navigate to Dashboards > Administration > Agents > Agent Status. On the Agent Status dashboard, select an agent from the list and click Edit > Edit Properties. The Agent Status dashboard refreshes, showing the current properties for the selected agent instance. |
Figure 17. Exchange agent properties
For more information on using the Agent Status dashboard to edit agent properties, see the Foglight Administration and Configuration Help.
The following tables describe the properties that can be modified for either an individual or all Exchange agent instances, by clicking Modify the private properties for this agent or Modify the properties of all ExchangeAgent agents links, respectively.
|
• |
Configuration
|
The fully qualified domain name (myServer.myDomain.com) of the target server from which data is to be collected. | ||||||||||
|
The fully qualified domain name (myServer.myDomain.com) of a domain controller, in the same domain where the Exchange server(s) reside. This domain controller is used to capture Active Directory® related information which Exchange is dependant upon. | ||||||||||
|
Select the host collector to be used to collect host metrics:
| ||||||||||
|
Selects to run the WMI query through DCOM, WinRM Through HTTP, or WinRM Through HTTPS. | ||||||||||
|
Supports both Basic and Kerberos authentication schemes, when connected to LDAP server. | ||||||||||
|
Defines the IIS log path in the Exchange Client Access Server. | ||||||||||
|
Determines the number of top N users for which data is submitted to the Management Server |