Chat now with support
Chat with Support

Foglight for Exchange 5.8.2 - Release Notes

System requirements

System requirements

Before installing Foglight for Exchange, ensure your system meets the following minimum hardware and software requirements:

Platform

Any supported Foglight, Foglight Evolve, or Foglight for Virtualization, Enterprise Edition platform.

For complete information, see the System Requirements and Platform Support Guide.

Memory

As specified in Foglight, Foglight Evolve, or Foglight for Virtualization, Enterprise Edition documentation.

Hard Disk Space

As specified in Foglight, Foglight Evolve, or Foglight for Virtualization, Enterprise Edition documentation.

Operating System

As specified in Foglight, Foglight Evolve, or Foglight for Virtualization, Enterprise Edition documentation.

Monitored Servers

Domain Controllers specified in Foglight for Exchange agent properties must be Windows Server® 2008 or later.

Small Business Systems (SBS) versions have not been tested.

Foglight for Exchange version 5.7.2.5 and subsequent releases support Microsoft® Exchange Server 2010, 2013, and 2016, including all service packs, unless otherwise noted.

Minimum Domain and Forest levels should be Windows Server 2008.

 


Prerequisites

Prerequisites

The following prerequisite conditions must be in place in order to successfully initialize an Exchange agent. Failure to meet these prerequisites may result in missing metrics in Foglight for Exchange dashboards.

Important: All prerequisite steps must be completed on the Exchange server as well as the Active Directory® server because the Exchange agent collects information from the Active Directory server and requires access permissions.

Note: The Remote Access Diagnostics utility, provided with this cartridge, checks the connectivity between the Foglight Agent Manager (FglAM) and Active Directory and Exchange servers that are being monitored. It also tests for the prerequisite conditions that must be met in order to initialize an Exchange agent. This utility requires .NET® 2.0 libraries to run. For more information on running the Remote Access Diagnostics utility, see the Remote Access Diagnostics User Guide.

Account privileges

Exchange account privileges:

Note: Make sure to give minimum required privilege to your agent; otherwise this agent cannot start data collection.

  • Exchange server Local Administrator privilege (DCOM, WinRm).
  • Running Exchange PowerShell cmdlet with the following privileges:
    • Server Management
    • Organization Management
    • View-Only Organization Management

Domain Controller account privileges: a domain user account with the following privileges (LDAP):

  • Organization Management (Exchange 2010, 2013)

DCOM prerequisites for the Exchange server

  1. Enable the Distributed COM (DCOM) on the Exchange server:
    1. Click Start | Run.
    2. In the Run dialog, enter dcomcnfg and click OK.
    3. Expand Component Services and then Computers.
    4. Right-click the My Computer object and select Properties.
    5. On the Default Properties tab, check the Enable Distributed COM on this computer option.
      • Select "Default Authentication Level" as "Connect.
      • Select "Default Impersonation Level" as "Identify".
  2. The Remote Registry Service must be running on each Exchange server being monitored by Foglight for Exchange, to allow agents remote access to the registry.
  3. The Exchange account specified in the agent properties must have Full Control permissions on following registry keys:
    • HKEY_CLASSES_ROOT\CLSID 72C24DD5-D70A-438B-8A42-98424B88AFB8 (Windows Script Host Shell Object)
    • HKEY_CLASSES_ROOT\CLSID 76A64158-CB41-11d1-8B02-00600806D9B6 (WBEM Scripting Locator)
    • HKEY_CLASSES_ROOT\CLSID 0D43FE01-F093-11CF-8940-00A0C9054228 (Windows Script FileSystem Object)

      For a 64-bit OS, also grant the permissions for these two additional registry keys
    • HKEY_CLASSES_ROOT\Wow6432Node\CLSID 72C24DD5-D70A-438B-8A42-98424B88AFB8
    • HKEY_CLASSES_ROOT\Wow6432Node\CLSID 76A64158-CB41-11D1-8B02-00600806D9B6
    • HKEY_CLASSES_ROOT\Wow6432Node\CLSID 0D43FE01-F093-11CF-8940-00A0C9054228

      Note: For instructions on how to configure the registry keys, see the To grant permissions on the registry keys section.

 

To grant permissions on the registry keys:

  1. Log in to the Exchange server with an Administrator account that you are comfortable having ownership over these keys.
  2. Start the Windows Registry Editor (run regedit.exe).
  3. If asked to allow the Regedit program to make changes to the computer, click Yes.
  4. Navigate to the registry item: HKEY_CLASSES_ROOT\CLSID\{clsid} or HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{clsid}, as necessary.
  5. Right-click the registry key and select Permissions.
  6. Click Advanced.
  7. Open the Owner tab.
  8. In the Change Owner to box, select one of the following entries:
    • the user account that is used by the Exchange agent
    • the administrative group for the account you currently belong to
  9. Select the Replace the owner on subcontainers and objects check box.
  10. If the account is not listed, click Other user or groups to add the account.
  11. Click OK.
  12. Under Group or user names, select the account that will be specified in the agent properties. If the account is not listed, click Add to add the account.
  13. Under Permission for account, select the Allow Full Control check box and click OK.
  14. Close the Registry Editor.

SmbServerNameHardeningLevel in Exchange Server should be 0 (the default)

 Exchange servers that have to be accessed by clients not supporting GSS authentication must have SmbServerNameHardeningLevel set to 0 (the default). For more information, see http://support.microsoft.com/kb/2345886.

Firewall settings for the Exchange Server

Rule #1: need local ports 135, 139, 389 (or 636) and 445 opened.

Rule #2: need "Dynamic RPC" local ports opened.

For more information, see the following article: https://support.quest.com/kb/SOL85903.

Configure Windows Remote Management (WinRM)

For details about this topic, refer to the "Configuring Windows Remote Management (WinRM)" section in the Foglight Agent Manager Guide.  

Kerberos settings for the Agent Manager

The Kerberos configuration file specifies the KDC from which tickets are obtained. Operating systems sometimes have their own Kerberos configuration files. If present, the Agent Manager uses them by default. They can be found in the following locations:

  •  Windows: %WINDIR%\krb5.ini which typically translates to C:\Windows\krb5.ini
  •  UNIX:
    /etc/krb5.conf
    Or:
    /etc/krb5/krb5.conf

If none of these files are found, the Agent Manager attempts to create its own kerberos configuration file, based on the detected settings. The detection can only be done on Windows, so on Unix, the file is not generated. On Unix platforms, you need to create your own Kerberos configuration files to establish WinRM connections using Negotiate authentication.

The krb5.ini or krb5.conf file should contain the realm info and hostname of the KDC for this realm. For example:

[libdefaults]
default_realm = <REALM_NAME_IN_CAPS>
[realms]
<REALM_NAME_IN_CAPS> = {
kdc = <fully_qualified_kdc_name>
}
[domain_realm]
.<domain_in_lower_case> = <REALM_NAME_IN_CAPS>

Agent must be able to reach the target host

Server objects do not appear until at least one piece of data has been collected and recorded. If communication fails completely, you will not see objects.

Configuration steps:

  1. Test Ping by IP. You must be able to ping the collection target from the FglAM hosting the agent instance. If ping by IP fails, there are routing issues.
  2. Test Ping by host name. A DNS server or Hosts file must be available to the FMS server in order to resolve names. If ping by host name fails, there are DNS or Hosts file issues.
  3. If a Hosts file is used, it should contain an entry for each domain where hosts reside. For example:
    10.10.10.100 domain.local
    10.10.10.200 childdomain.domain.local
  4. In addition, individual servers must resolve to the NetBIOS names and the FQDN. For example:
    10.10.10.101 server server.domain.local
    The Hosts file is located at %windir%\system\drivers\etc.

Additional configuration settings

  1. Enable Remote Shell for the user account used to monitor the Exchange environment. For more information, see Manage Exchange Management Shell access.

  2. If your Exchange environment is running on Windows Server 2012 or below, make sure to download and install KB2842230 from Microsoft Updated Catalog to avoid the "Out of memory" error. For more information, see "Out of memory" error on a computer that has a customized MaxMemoryPerShellMB quota set and has WMF 3.0 installed.

  3. Execute the Set-ExecutionPolicy RemoteSigned command for all of your Exchange environments.

PowerShell configurations required for feature state queries (for Exchange servers only)

The new-TestCasConnectivityUser.ps1 PowerShell script must be run on each Exchange Server to configure a test account for the OWA connectivity user tests. This aids in the collection of OWA metrics. The script is located in the Scripts folder of your Exchange install directory. For example, if Exchange is installed in C:\Program Files\Microsoft\Exchange, then the script is located in C:\Program Files\Microsoft\Exchange\Scripts.

 


Troubleshooting

Troubleshooting

This section provides information about problems that you might encounter while monitoring your environment with Foglight for Exchange, and describes the solutions available to troubleshoot these problems.

Foglight for Active Directory and Foglight for Exchange integration

The following domain controller specific metrics are not available in Foglight for Exchange unless an Active Directory agent is monitoring the domain controller:

  • Exchange | Environment | Servers | AD Dependencies (LDAP, Replication, Database)
  • Exchange | Exchange Explorer | AD Health | Domain Controllers |
    • Replication Queue Length
    • Replication Failures

Symptom: Some domain controller specific metrics do not display in the Foglight for Exchange views.

Resolution: Install Foglight for Active Directory.

Exchange Server discovery feature

Foglight for Exchange now detects when an Exchange server is added or removed. Alarms are generated for the following cases:

  • A new Exchange 2007/2010 server is detected and there is no agent monitoring it.
  • A new Exchange server is detected, but the Exchange version on this server is not supported for monitoring.
  • An existing Exchange server is removed and an associated agent still exists.

Symptom: Alarms are not being generated when an Exchange server is added or removed.

Resolution:

There are two rules used for the Exchange Server Discovery feature. Disabling either one of these rules will disable alerting on server discovery. Ensure that the following rules are not disabled:

  • EXC Server Discovery Search
  • EXC Server Discovery Alert

The EXC Server Discovery Search rule fires every 24 hours and an LDAP query is made once for every domain that has an active, collecting agent. Therefore, depending on when the server was added or removed, there may be a delay in seeing the alarm. Also, if the agent is deactivated or not collecting data, the new or removed server will not be detected until the next server discovery search interval after the agent is re-activated and collecting data.

RPCs Failed (Server Too Busy) performance metric

The RPCs Failed (Server Too Busy) performance metric is a client-reported value. In order to send this type of data to the server in Outlook 2003 or later, the Exchange server’s registry must contain the ClientMonitoringReportLevel registry key with a value of either one or two.

Symptom: RPCs Failed (Server Too Busy) performance metric is not being collected.

Resolution:

Ensure that the server’s registry contains the ClientMonitoringReportLevel registry key with a value of either one or two.

  • In Exchange 2007, the default behavior is to collect performance data only from Outlook clients that have high-speed network connectivity. (Functionally the same as when the value of the ClientMonitoringReportLevel registry key is set to one.)
  • For clients that are using a low-bandwidth connection, set the value of the ClientMonitoringReportLevel to two.

To modify the client-side monitoring levels for Outlook 2003 or later clients:

Tip: It is recommended that you create a backup copy of the Registry that you can revert to prior to making any changes.

  1. On the Exchange server that contains the client mailboxes to be monitored, run: regedit.
  2. If you are asked to allow the Regedit program to make changes to the computer, click Yes.
  3. Navigate to the following registry key:
    HKLM\System\CurrentControlSet\Services\MSExchangeIS\ParametersSystem
  4. Right-click ParametersSystem and click New | DWORD Value.
  5. Name the new DWORD value ClientMonitoringReportLevel.
  6. Double-click ClientMonitoringReportLevel.
  7. In the Value data field, enter the appropriate value:
    0 = do not collect data from any Outlook 2003 and later clients
    1 = collect performance data only from high-bandwidth Outlook 2003 and later clients (default)
    2 = collect performance data from all Outlook 2003 or later clients
  8. Close the registry editor.
    The Exchange Information Store service automatically detects the changes. You do not need to restart the computer or any services.

Monitoring Microsoft Exchange Monitoring service

The Microsoft Exchange Monitoring service is not monitored and alarms will not be raised for this service by default. However, if you use this service in your Exchange organization, you can enable monitoring.

Symptom: Microsoft Exchange Monitoring service is not being monitored.

Resolution: Enable monitoring of this service:

  1.  Navigate to Dashboards > Administration > Agents > Agent Status.
  2. Under Monitor, select a Monitored Service and click Edit.
  3. Click Add Row in the ExchangeMonitoring - ExchangeAgent - monitoredServicesList table.
  4. Enter the Server Role and the Service Name for the service to be monitored. All entries are case sensitive.
    win2k3\MicrosoftExchangeMonitoring
    or
    win2k8\MicrosoftExchangeMonitoring
  5. Click Save Changes.

Recommended best practices

The following procedure is a best practice that is recommended for optimal performance.

Disable automatic updates on Foglight Management Server

Do NOT allow Microsoft® automatic update feature to force an update of the server hosting the Foglight Management Server. This automatic update feature does not allow enough time for the Foglight Management Server to shutdown gracefully, which may leave your agents in a broken state.

Symptom: Cartridge agents will appear to be deactivated on the Agent Status dashboard.

Resolution: Using the Agent Status dashboard, select the deactivated agent and select the Activate button. If you cannot activate the selected agent, delete and reinstall the agent.

Potential issues after upgrading the cartridge to version 5.8.2

Insufficient heap memory

Symptoms:

When upgrading to version 5.8.2, you encounter an error message similar to the following message (actual values may vary):

Error deploying package … Cause: The addition of 2097152kb to the negotiated JVM Max heap size would adjust to 2359296kb, which would exceed the total available physical memory of 1780736kb. Rejecting memory request.

 

Resolution:

This message indicates that the Agent Manager does not have sufficient heap memory to allocate to the requesting Foglight for Exchange agent package. It is not possible to directly increase the amount of heap memory available to the Agent Manager, as it uses as much memory as the monitoring host can provide to it before issuing this message. The amount of memory available to be allocated to the Agent Manager must be increased, for example by adding more physical memory to the host. If the monitoring host is a virtual machine, more memory may be allocated to the VM.  

If this is not possible, consider moving some agents, or the Agent Manager and all agents, to another monitoring host which has more memory capacity.

Could not establish a connection to host xxx.xxxx.xxx

Symptoms:

  1. The following exception message may be found in the Exchange agent log.
    2013-12-19 13:39:12.669 ECHO    <ExchangeMonitoring/5.6.6/ExchangeAgent/EXC0-EX7.domain7.local-agent> INFO [Thread-20] com.quest.agent.service.auth.impl.CredentialManagerImpl - Begin to query credential for host:  EX7.domain7.local
    2013-12-19 13:39:26.707 ECHO    <ExchangeMonitoring/5.6.6/ExchangeAgent/EXC0-EX7.domain7.local-agent> INFO [Thread-20] com.quest.agent.exc.ExchangeAgentImpl - Validate credentials for host: EX7.domain7.local
    2013-12-19 13:39:26.708 ECHO    <ExchangeMonitoring/5.6.6/ExchangeAgent/EXC0-EX7.domain7.local-agent> ERROR [Thread-20] com.quest.agent.exc.ExchangeAgentImpl - Could not establish a connection to host : EX7.domain7.local.
    2013-12-19 13:39:26.708 ECHO    <ExchangeMonitoring/5.6.6/ExchangeAgent/EXC0-EX7.domain7.local-agent> ERROR [Thread-20] com.quest.agent.exc.ExchangeAgentImpl - Data collection failure.
    com.quest.glue.api.services.NoCredentialsException: Could not establish a connection to host : EX7.domain7.local      
    at com.quest.agent.exc.ExchangeAgentImpl.buidConfig(ExchangeAgentImpl.java:815)      
    at com.quest.agent.exc.ExchangeAgentImpl.buildConfigOnCredential(ExchangeAgentImpl.java:791)      
    at com.quest.agent.exc.ExchangeAgentImpl.access$000(ExchangeAgentImpl.java:84)      
    at com.quest.agent.exc.ExchangeAgentImpl$1.run(ExchangeAgentImpl.java:839)      
    at java.lang.Thread.run(Thread.java:662)  
  2. In Administrator > Credentials > Manage Credentials, the following alarm may be found: "A Credential with purpose xxxx has been encrypted with a lockbox that has not been granted to this Agent Manager".

Resolution 1:

  1. Ensure that the lockbox has been released to the related Agent Manager (check credential clients in the Credentials > Manage Lockboxes dashboard).
  2. If the Agent Manager is in the credential client list, it must be restarted to fix this issue.

Resolution 2: Update the Agent Manager to version 5.6.12 (or later).

Data merge error found in Foglight Management Server console

Symptom:

The following error message may be found in the Foglight Management Server console.

Failed to retain value of property instances when editing EXCADAccessDomainController object "null (EXCADAccessDomainController)" (39bb11e5-e952-4d63-8629-c4efc19a546d).
Failed to retain value of property instances when editing EXCADAccessCache object "null (EXCADAccessCache)" (16d56083-19b0-4370-af54-9b775a7f644e).
Failed to retain value of property instances when editing EXCADAccessProcessobject "null (EXCADAccessProcess)" (36b2c281-13b6-48ee-9dc0-7660e326fd50).
Failed to retain value of property instances when editing EXCDatabase object "null (EXCADAccessProcess)" (36b2c281-13b6-48ee-9dc0-7660e326fd50).

Resolution:

  1. Stop the data collection.
  2. Run the following groovy script in the script console, to remove old topology objects: EXCADAccessDomainController, EXCADAccessCache, EXCADAccessProcess, and EXCDatabase.
    server["TopologyService"].deleteObjects(new java.util.HashSet(#!EXCADAccessDomainController#.topologyObjects)) 
    server["TopologyService"].deleteObjects(new java.util.HashSet(#!EXCADAccessCache#.topologyObjects)) 
    server["TopologyService"].deleteObjects(new java.util.HashSet(#!EXCADAccessProcess #.topologyObjects)) 
    server["TopologyService"].deleteObjects(new java.util.HashSet(#!EXCDatabase#.topologyObjects))
     

Cannot start the Exchange agent to monitor Exchange Edge Transport server

Symptoms:

  1. The monitored Exchange Edge Transport server is a stand alone host.
  2. In agent properties, communication Protocol is set as "WinRm Through HTTP" or "Winrm Through HTTPS".
  3.  The following exception message may be found in the Exchange agent log.
    2014-01-26 10:51:47.329 ECHO    <ExchangeMonitoring/5.6.7/ExchangeAgent/2901-agent> ERROR [Quartz[0]-10] com.quest.agent.service.winRm.WinRMEndPoint - Fail to establish the WinRM connection: com.quest.glue.api.services.RemoteConnectionException: a connection could not be established.
    2014-01-26 10:51:47.329 ECHO    <ExchangeMonitoring/5.6.7/ExchangeAgent/2901-agent> INFO [Quartz[0]-10] com.quest.agent.service.auth.impl.WinRmValidator - winRm connectivity test result: Failed.
    2014-01-26 10:51:47.330 ECHO    <ExchangeMonitoring/5.6.7/ExchangeAgent/2901-agent> ERROR [Quartz[0]-10] com.quest.agent.exc.ExchangeAgentImpl - Could not establish a connection to host : zhuvmfog2901. 2014-01-26 10:51:47.332 ECHO    <ExchangeMonitoring/5.6.7/ExchangeAgent/2901-agent> EERROR [Quartz[0]-10] com.quest.agent.exc.ExchangeAgentImpl - Data collection failure.
    com.quest.glue.api.services.NoCredentialsException: Could not establish a connection to host : XXXXXX                        
    at com.quest.agent.exc.ExchangeAgentImpl.buidConfig(ExchangeAgentImpl.java:718)                        
    at com.quest.agent.exc.ExchangeAgentImpl.buildConfigOnCredential(ExchangeAgentImpl.java:701)                        
    at com.quest.agent.exc.ExchangeAgentImpl.init(ExchangeAgentImpl.java:866)                        
    at com.quest.agent.exc.ExchangeAgentImpl.isReady(ExchangeAgentImpl.java:741)                        
    at com.quest.agent.exc.ExchangeAgentImpl.informationStoreDetailCollection(ExchangeAgentImpl.java:594)                       
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)                        
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)                        
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)                        
    at java.lang.reflect.Method.invoke(Method.java:597)                        
    at com.quest.glue.core.services.EquivalenceInvocationHandler.invoke(EquivalenceInvocationHandler.java:70)                        
    at com.quest.glue.core.agent.AgentInteractionHandler.invoke(AgentInteractionHandler.java:186)                        
    at com.sun.proxy.$Proxy51.informationStoreDetailCollection(Unknown Source)                        
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)                        
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)                        
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)                        
    at java.lang.reflect.Method.invoke(Method.java:597)                        
    at com.quest.glue.core.agent.scheduler.CollectorCallback.invokeCollector(CollectorCallback.java:162)                        
    at com.quest.glue.core.agent.scheduler.CollectorCallback.execute(CollectorCallback.java:130)                        
    at com.quest.glue.core.scheduler.quartz.QuartzScheduler$ScheduledTaskSequentialJob.execute(QuartzScheduler.java:716)                        
    at org.quartz.core.JobRunShell.run(JobRunShell.java:202)                        
    at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:895)                        
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:918)                        
    at java.lang.Thread.run(Thread.java:662)

Resolution:

  • Check the credential setting in Exchange Agent properties and ensure that the user is in local account format.

 


Product licensing

Product licensing

Foglight includes a licensing capability that restricts access to those features that are defined in the license. Any Management Server installation requires a license that grants access to server-specific parts of the browser interface and the features associated with them. Foglight cartridges are also license-protected. While some cartridges are covered by the base Foglight license (such as Foglight Agent Manager cartridges and the Cartridge for Infrastructure), others may require an additional license. Foglight for Exchange is covered by the Foglight Evolve Monitor, Operate, and Flex license.

To activate a trial or a purchased commercial license:

  1. On the navigation panel, under Dashboards, click Administration > Setup > Manage Licenses.
  2. Click Install.
  3. In the Install License dialog box, click Browse.
  4. In the file browser that appears, specify the location of the license file.
  5. In the Install License dialog box, click Install License.

 


Related Documents