Exchange 2016 Statistics with PowerShell

This SAM application monitor template tracks the statistics of Exchange mailboxes and the mailbox databases of Exchange 2016 server with the Mailbox role using PowerShell scripts.

Prerequisites

Exchange Management Tools are installed on target Exchange server.

Windows Authentication is enabled for PowerShell on the Exchange server. This can be configured in IIS mmc:
Start > Administrative Tools > Internet Information Services (IIS) Manager.

In the IIS console, expand Your Server, Sites, Default Web Site.
Select PowerShell application.
On the central panel, open Authentication.
Select Windows Authentication and Enable it from the right panel.

Credentials

The credentials must be that of an Exchange Administrator account (Organization Manager) with at least view-only permissions. Credentials should be provided with the domain part in the login field – domain\user.

Component monitors

Click here for an overview about SAM application monitor templates and component monitors. SAM API Poller templates are also available.

These component monitors are based on the following information:

Exchange 2007: Database Statistics in PowerShell:
http://exchangeshare.wordpress.com/2009/07/27/exchange-2007-database-statistics-in-powershell/
Getting Mailbox Statistics in Exchange 2007:
http://www.msexchange.org/articles_tutorials/exchange-server-2007/management-administration/getting-mailbox-statistics-exchange-2007.html.

Total mail size (MB)

This component monitor returns the total mail size on the server in MB.

You must specify the correct arguments in the Script Arguments field of the corresponding PowerShell Monitor. If you fail to do this, the counter will return with an error of "Undefined" status. This monitor requires the following argument:

Server_name

where:
Server_name – hostname or FQDN of target Exchange server;

Example: xchng2010

To see the names of your Exchange servers, run the following command in the Exchange Management Shell: Get-ExchangeServer

Total mailboxes

This component monitor returns the total number of mailboxes on the server.

Server_name

where:
Server_name – hostname or FQDN of target Exchange server;

Example: xchng2010

To see the names of your Exchange servers, run the following command in the Exchange Management Shell: Get-ExchangeServer

Total items in mailboxes

This component monitor returns the total number of emails on the server.

Server_name

where:
Server_name – hostname or FQDN of target Exchange server;

Example: xchng2010

To see the names of your Exchange servers, run the following command in the Exchange Management Shell: Get-ExchangeServer

Total size of specified database file (MB)

This component monitor returns the total size of all mailboxes in the specified database in MB.

Database_name

where:
Database_name – target mailbox database name;

Example: Mailbox Database

To see the names of your mailbox databases, run the following command in the Exchange Management Shell: Get-MailboxDatabase

Total mailboxes in specified database file

This component monitor returns the number of mailboxes in the specified database.

Database_name

where:
database_name – target mailbox database name;

Example: Mailbox Database

To see the names of your mailbox databases, run the following command in the Exchange Management Shell: Get-MailboxDatabase

Items in mailbox of specified user

This component monitor returns the number of emails for the specified user.

user_name

where:
user_name – target username;

Example: john

To see the names of your mailbox databases, run the following command in the Exchange Management Shell: Get-Mailbox

Mailbox size of specified user (MB)

This component monitor returns the mailbox size for the specified user in MB.

user_name

where:
user_name – target username;

Example: john

To see the names of your mailbox databases, run the following command in the Exchange Management Shell: Get-Mailbox

Average items per mailbox

This component monitor returns the average number of emails per mailbox based on a mathematical count.

Server_name

where:
server_name – hostname or FQDN of target Exchange server;

Example: xchng2010

To see the names of your Exchange servers, run the following command in the Exchange Management Shell: Get-ExchangeServer

Size of largest user mailbox (MB)

This component monitor returns the size of the largest mailbox. You can see the user name for the assigned mailbox in the message field.

Server_name

where:
server_name – hostname or FQDN of target Exchange server;

Example: xchng2010

To see the names of your Exchange servers, run the following command in the Exchange Management Shell: Get-ExchangeServer

Dismounted mailbox databases

This component monitor returns the number of dismounted mailbox databases. Dismounted databases are displayed in the message field.

The name of the last dismounted database is taken from the list of databases and is not based on the actual time the database was dismounted. There is no database attribute that records the time it was dismounted.

Server_name

where:
server_name – hostname or FQDN of target Exchange server;

Example: xchng2010

To see the names of your Exchange servers, run the following command in the Exchange Management Shell: Get-ExchangeServer

Mounted mailbox databases

This component monitor returns the number of mounted mailbox databases. Mounted databases are displayed in the message field.

Server_name

where:
server_name – hostname or FQDN of target Exchange server;

Example: xchng2010

To see the names of your Exchange servers, run the following command in the Exchange Management Shell: Get-ExchangeServer

Troubleshooting Mounted mailbox databases monitor

Message: ERROR: Please check target server argument and credentials (should be domain\user). [192.168.1.206] Connecting to remote server failed with the following error message : Access is denied.

Resolution: This error could occur when you use the wrong credentials. Check the credentials and verify the credentials are in the following format: (domain\user). The user should be Exchange Organization Manager.

Error: The operation couldn't be performed because object 'Mailbox Database 10580933221\*' couldn't be found on 'xchng2010.apmteam.sw'.

Resolution: Provide the correct database name.

Message: [192.168.1.206] Connecting to remote server failed with the following error message : The WinRM client cannot process the request. The WinRM client tried to use Negotiate authentication mechanism, but the destination computer (192.168.1.206:443) returned an 'access denied' error. Change the configuration to allow Negotiate authentication mechanism to be used or specify one of the authentication mechanisms supported by the server. To use Kerberos, specify the local computer name as the remote destination. Also verify that the client computer and the destination computer are joined to a domain. To use Basic, specify the local computer name as the remote destination, specify Basic authentication and provide user name and password.

Resolution:This error indicates that Windows Authentication is not enabled for the PowerShell application on IIS on the Exchange server.

Message: [192.168.1.206] Connecting to remote server failed with the following error message : The WinRM client received an HTTP status code of 403 from the remote WS-Management service.

Resolution: If you get this error, you should check your SSL settings for the PowerShell application in IIS on the Exchange server.

You should use one of the following configurations:

Require SSL unchecked

Require SSL checked and Client Certificates is set to Accept

Require SSL checked and Client Certificates is set to Ignore

Message: ERROR: Please check target server argument and credentials (should be domain\user). [xchng2010] Connecting to remote server failed with the following error message : The WS-Management service cannot process the request. This user allowed a maximum number of 5 concurrent shells, which has been exceeded. Close existing shells or raise the quota for this user.

Resolution: This error could occur when you use more than five remote PowerShell sessions (set by default) at the same time. If you get this error, it is recommended that you increase the number of concurrent shells on the Exchange server. Open a windows Command Line as Administrator and run the following command:
winrm set winrm/config/winrs @{MaxShellsPerUser="30"}

Backup and Restore Functionality Problems

This monitor returns the number of events that occur when:

The backup operation for the cluster configuration data has been aborted because quorum for the cluster has not yet been achieved;
The restore request for the cluster configuration data has failed during the "pre-restore" or "post-restore" stage.

Type of event: Error. Event ID: 1541, 1542, 1543.

Check for the following pre-conditions to make sure they have been met, and then retry the backup or restore operation:

The cluster must achieve quorum. In other words, enough nodes must be running and communicating (perhaps with a witness disk or witness file share, depending on the quorum configuration) that the cluster has achieved a majority, that is, quorum.
The account used by the person performing the backup must be in the local Administrators group on each clustered server, and must be a domain account, or must have been delegated the equivalent authority.

During a restore, the restore software must obtain exclusive access to the cluster configuration database on a given node. If other software has access (open handles to the database), the restore cannot be performed.

Cluster Network Connectivity Problems

This monitor returns the number of events that occur when:

The Cluster network interface for some cluster node on a special network failed.
The Cluster network is partitioned and some attached failover cluster nodes cannot communicate with each other over the network.
The Cluster network is down.
The Cluster IP address resource failed to come online.
Attempting to use IPv4 for a special network adapter failed.

Type of event: Warning and Error. Event ID: 1127, 1129, 1130, 1360, 1555.

Run the Validate a Configuration Wizard, selecting only the network tests. Also check network devices (adapters, cables, hubs, switches, etc) and quorum configuration.

Compare the properties of the IP Address resource with the properties of the corresponding network to ensure that the network and subnet information match. If this is an IPv6 resource, make sure that the cluster network for this resource has at least one IPv6 prefix that is not link-local or tunnel.

Cluster Service Startup Problems

This monitor returns the number of events that occur when:

The Cluster service suffered an unexpected fatal error;
The Cluster service was halted due to incomplete connectivity with other cluster nodes;
The Cluster service was halted to prevent an inconsistency within the failover cluster;
The Cluster resource host subsystem (RHS) stopped unexpectedly;
The Cluster resource either crashed or deadlocked;
The Cluster service encountered an unexpected problem and will be shut down;
The Cluster service has prevented itself from starting on this node. (This node does not have the latest copy of cluster configuration data.)
The membership engine detected that the arbitration process for the quorum device has stalled.

Type of event: Error. Event ID: 1000, 1006, 1073, 1146, 1230, 1556, 1561, 1178.

There are various software or hardware related causes that can prevent the Cluster service from starting on a node. Sometimes the Cluster service can restart successfully after it has been interrupted by one of those causes. Review the event logs for indications of the problem.

Check network hardware and configuration. Use the Validate a Configuration Wizard to review the network configuration.

Check to see which resource DLL is causing the issue and report the problem to the resource vendor. Consider configuring the resource to run in its own Resource Monitor. Note that while a problem with a resource DLL will not stop the Cluster service from running, it can prevent other resource DLLs from running unless the resource runs in its own Resource Monitor.

Try starting the Cluster service on all other nodes in the cluster. If the Cluster service can be started on a node with the latest copy of the cluster configuration data, then the node that previously could not be started will probably be able to obtain the latest copy and then join the cluster successfully.

Cluster Shared Volume Functionality Problems

This monitor returns the number of events that occur when:

The Cluster Shared Volume is no longer available on this node;
The Cluster Shared Volume is no longer directly accessible from this cluster node;
The Cluster service failed to create the Cluster Shared Volumes root directory;
The Cluster service failed to set the permissions (ACL) on the Cluster Shared Volumes root directory;
The Cluster Shared Volume is no longer accessible from this cluster node;
The Cluster service failed to create a cluster identity token for Cluster Shared Volumes.

Type of event: Error. Event ID: 5120, 5121, 5123, 5134, 5135, 5142, 5200.

Review events related to communication with the volume.

Check storage and network configuration.

Check Cluster Shared Volumes folder creation and permissions.

Check communication between domain controllers and nodes.

Cluster Storage Functionality Problems

This monitor returns the number of events that occur when:

The Cluster Physical Disk resource cannot be brought online because the associated disk could not be found;
While the disk resource was being brought online, access to one or more volumes failed with an error;
The file system for one or more partitions on the disk for the resource may be corrupt;
The Cluster disk resource indicates corruption for specific volume;
The Cluster disk resource contains an invalid mount point.

Type of event: Error. Event ID: 1034, 1035, 1037, 1066, 1208.

Confirm that the affected disk is available.

Check the underlying storage hardware and confirm that the device is being presented correctly to the cluster nodes.

If you have problems with partitions on the disk or corruption, we recommend that you run Chkdsk so that it can correct any problems with the file system.

Confirm that the mounted disk is configured according to the following guidelines:

Clustered disks can only be mounted onto clustered disks (not local disks);

The mounted disk and the disk it is mounted onto must be part of the same clustered service or application. They cannot be in two different clustered services or applications, and they cannot be in the general pool of Available Storage in the cluster.

Cluster Witness Problems

This monitor returns the number of events that occur when:

The Cluster service failed to update the cluster configuration data on the witness resource due to resource inaccessibility;
The Cluster service detected a problem with the witness resource;
The File Share Witness resource failed a periodic health check;
The File Share Witness resource failed to come online;
The File Share Witness resource failed to arbitrate for the specific file share;
The node failed to form a cluster because the witness was not accessible.

Type of event: Error. Event ID: 1557, 1558, 1562, 1563, 1564, 1573.

Confirm witness accessibility by viewing the quorum configuration of a failover cluster and the status of a witness disk.

Configuration Availability Problems

This monitor returns the number of events that occur when:

The cluster configuration database could not be loaded or unloaded;
The cluster service cannot start due to failed attempts to read configuration data.

Type of event: Error. Event ID: 1057, 1090, 1574, 1575, 1593.

When the cluster configuration on a node is missing or corrupt, the Cluster service cannot load the configuration and therefore cannot start. Where possible, the Cluster service will obtain the latest cluster configuration from other nodes in the cluster. Ensure that other nodes are started. If the only node or nodes that can be started appear to have a missing or corrupt cluster configuration database, you will probably need to restore one of the nodes from a system state backup. (For a failover cluster node, the system state backup includes the cluster configuration.) Sometimes when the node attempts to unload the cluster configuration database, the action does not fully complete. Try stopping and restarting the Cluster service. If this does not succeed, restart the operating system on the affected node.

DFS Namespace Resource Availability Problems

This monitor returns the number of events that occur when:

The creation of DFS namespace root failed with error;
The resynchronization of DFS root target failed with error;
The cluster file share resource for DFS Namespace cannot be brought online due to error.

Type of event: Error. Event ID: 1138, 1141, 1142.

Check DFS namespace configuration.

Encrypted Settings for Cluster Resource Could not Applied

This monitor returns the number of events when encrypted settings for a cluster resource could not be successfully applied to the container on this node.

Type of event: Error. Event ID: 1121.

Close any application that might have an open handle to the registry checkpoint indicated by the event. This will allow the registry key to be replicated as configured with the resource properties. If necessary, contact the application vendor about this problem. You can use a utility called Handle with the -a option to view handles to the registry.

Failed to Form Cluster

This monitor returns the number of Failed to Form cluster events.

Type of event: Error. Event ID: 1092, 1009.

You might be able to correct this issue by restarting the Cluster service.

File Share Resource Availability Problems

This monitor returns the number of events that occur when:

The Cluster File Share cannot be brought online because a file share could not be created;
The retrieving of information for a specific share returned an error code;
The retrieving of information for a specific share indicated that the share does not exist;
The Creation of a file share failed due to an error;
The Cluster file share resource has detected shared folder conflicts;
The Cluster file server resource failed a health check because some of its shared folders were inaccessible.

Type of event: Warning and Error. Event ID: 1053, 1054, 1055, 1068, 1560, 1585, 1586, 1587, 1588.

Confirm that the share exists and that the permissions allow access to the share.

If possible, determine whether the path to the share has been changed. If so, recreate the share with the correct name.

View all the resources in the clustered file server instance to ensure that they are coming online, and review the dependencies among the resources. Reconfigure as necessary to correct any problems.

Ensure that no two shared folders have the same share name.

Check shared folder accessibility and the State of Server service.

Generic Application Could not be Brought Online

This monitor returns the number of events that occur when a generic application could not be brought online during an attempt to create the process due to; the application not being present on this node, an incorrect path name, or an incorrect binary name.

Type of event: Error. Event ID: 1039.

Confirm that the following are true for the application used by the clustered Generic Application instance:

The application is fully installed on all nodes that are possible owners of the Generic Application resource;
The configuration for the Generic Application resource specifies the correct application and path;
The configuration for the Generic Application resource specifies the appropriate parameters and settings for registry replication.

Generic Service Resource Availability Problems

This monitor returns the number of events that occur when:

The generic service is either not installed or the specified service name is invalid;
The specified generic service parameters might be invalid;
The generic service failed with an error.

Type of event: Error. Event ID: 1040, 1041, 1042.

Confirm that the correct service is specified in the configuration for the Generic Service resource and confirm that the service is fully installed on all nodes that are possible owners of the resource.

Check service operation and examine the application event log.

IP address Resource Availability Problems

This monitor returns the number of events that occur when:

The Cluster IP address resource cannot be brought online because the subnet mask value is invalid;
The Cluster IP address resource cannot be brought online because the address value is invalid;
The configuration data for the network adapter corresponding to the cluster network interface could not be determined;
The Cluster IP address resource cannot be brought online because a duplicate IP address was detected on the network;
The Cluster IP address resource cannot be brought online because WINS registration;
The lease of the IP address associated with the cluster IP address resource has expired or is about to expire, and currently cannot be renewed;
The IPv6 Tunnel address resource failed to come online because it does not depend on an IP Address (IPv4) resource;
The Cluster network associated with dependent IP address (IPv4) resource does not support ISATAP tunneling.

Type of event: Error. Event ID: 1046, 1047, 1048, 1049, 1078, 1242, 1361, 1363.

Check the address, subnet, and network properties of the IP Address resource.

If the resource is an IPv6 Tunnel address resource, make sure it depends on at least one IP Address (IPv4) resource. Also make sure the network supports Intra-Site Automatic Tunnel Addressing Protocol (ISATAP) tunneling.

If the IP Address resource appears to be configured correctly, check the condition of network adapters and other network components used by the cluster.

Network Connectivity and Configuration Problems

This monitor returns the number of events that occur when:

The Cluster Service was unable to access the network adapter or the cluster node has no network connectivity;
The Cluster node has no network connectivity;
The Cluster node has lost all network connectivity;
The failover cluster virtual adapter failed to initialize the miniport adapter.

Type of event: Error. Event ID: 1289, 1553, 1554, 4871.

Correct any problems with the physical network adapters and the cluster virtual adapter. If a previous change in the configuration is interfering with the function of the cluster virtual adapter, it might be necessary to reinstall the failover clustering feature on the node. Also, use the Validate a Configuration Wizard to review the network configuration.

Node Failed to Join Cluster

This monitor returns the number of events that occur when the node failed to join the failover cluster due to an error.

Type of event: Error. Event ID: 1070.

You might be able to correct this issue by restarting the Cluster service.

Problems with Cluster Service

This monitor returns the number of events that occur when:

The cluster resource in the Clustered service or application failed;
The Cluster service failed to bring the Clustered service or application completely online or offline and one or more resources may be in a failed state.

Type of event: Warning and Error. Event ID: 1039, 1205.

Check and correct any problems with the application or service associated with the resource.

Check and correct any problems with cables or cluster-related devices.

Adjust the properties for the resource in the cluster configuration, especially the value for the Pending Timeout for the resource. This value must allow enough time for the associated application or service to start.

Check the state of all resources in the clustered service or application.

Quorum was Lost

This monitor returns the number of events that occur when the Cluster service is shutting down because quorum was lost.

Type of event: Error. Event ID: 1177.

This can occur when network connectivity is lost between some or all of the nodes in the cluster, or the witness disk fails over. It can also occur if you make a change in the cluster configuration such as increasing the number of nodes, when the number of nodes currently online is too few to achieve quorum in the new configuration. Run the Validate a Configuration Wizard, selecting only the network tests. Also check network devices (adapters, cables, hubs, switches, etc.) and quorum configuration.

Registry Checkpoint Could not be Restored to Registry Key

This monitor returns the number of events that occur when the Registry Checkpoint for Cluster resource could not be restored to a registry key.

Type of event: Error. Event ID: 1024.

System is not being Responsive

This monitor returns the number of events that occur when the Failover cluster virtual adapter has lost contact with the process.

Type of event: Error. Event ID: 4869, 4870.

Use Resource Monitor to determine, in real time, how many system resources a service or application is utilizing. This may take several minutes if the system is critically low on resources.

Network Messages: Bytes Received/sec

The Bytes Received/sec performance counter shows the number of new cluster message bytes received on the network per second.

Network Messages: Bytes Sent/sec

The Bytes Sent/sec performance counter shows the number of new cluster message bytes sent over the network per second.

Network Messages: Messages Received/sec

The Messages Received/sec performance counter shows the number of new cluster messages received on the network per second.

Network Messages: Messages Sent/sec

The Messages Sent/sec performance counter shows the number of new cluster messages sent over the network per second.

Global Update: Average Database Messages Execution Time

The Average Database Messages Execution Time performance counter shows the average time the database messages are executed across all nodes.

Global Update: Average Messages Execution Time

The Average Messages Execution Time performance counter shows the average time the messages are executed across all nodes.

Global Update: Database Messages Queue Length

The Database Messages Queue Length performance counter shows the number of new cluster database update messages waiting to be sent over the network.

Search SolarWinds Support

Exchange 2016 Statistics with PowerShell

Component monitors