Microsoft Exchange Server Best Practices Analyzer Tool
© 2005 Microsoft Corporation. All rights reserved.
This Readme file for the Microsoft® Exchange Server Best Practices Analyzer consists of three sections as follows.
- A section that outlines the enhancements and changes for this new release of Exchange Server Best Practices Analyzer v2.0.
- A section that addresses frequently asked questions
- A section that describes the known issues around the tool
What's New in Exchange Server Best Practices Analyzer v2.0
|Back to Top
This section provides an overview of the new features and funtionality in the Exchange Server Best Practices Analyzer v2.0.
- Support for Microsoft Operations Manager (MOM) 2005
For customers who have deployed MOM to their Exchange servers, Exchange Server Best Practices Analyzer can now be run automatically as part of the MOM agent. This enables MOM to alert configuration problems found by Exchange Server Best Practices Analyzer through to the MOM console. This means that customers using MOM do not need to manually run the tool.
Details: Exchange Server Best Practices Analyzer can be deployed locally to all Exchange servers in the organization. The MOM agent will run the command-line version of Exchange Server Best Practices Analyzer (this is ExBPACmd) as a task at regular intervals. The command-line tool collects and analyzes data from the local Exchange server and writes each triggered rule as an event to the Application log of the server. The Exchange Server Best Practices Analyzer Management Pack for MOM 2005 will then find these events and send them to the MOM console.
Note When run in this mode, the Exchange Server Best Practices Analyzer requires the Microsoft .NET Framework 1.1 to be installed on each Exchange server. This software is pre-installed as part of the Exchange Server 2003 Setup program, but it is not installed with Exchange 2000 Server.
- Availability in all server languages
The complete tool, including rules and documentation, has been localized into French, Italian, German, Spanish, Japanese, Cheinese simplified, Chinese traditional, and Korean.
There are new capabilities to look up domain name system records. Because Exchange server depends on DNS, Exchange Server Best Practices Analyzer can make sure that all records have been published correctly.
Besides exporting the results of a scan in XML and HTML, the new version of the tool allows comma-separated value (CSV) format reports.
- More flexibility in the command-line version
The command-line version of the tool has been updated to more closely align with its user interface counterpart. The command-line switches are now more intuitive, and it now supports automatic update checking.
In earlier versions of Exchange Server Best Practices Analyzer, it was not possible to collect the global configuration data (such as the Exchange organization) without scanning every Exchange server in the topology. With this new version, scanning an individual server (or specified collection of servers) also collects and analyzes global configuration and Active Directory data.
- New ‘Best Practice’ category
Exchange Server Best Practices Analyzer warns administrators about potential problems and best practices that are not being adhered to. Earlier versions of the tool would report both of these cases with a yellow warning triangle. A new ‘best practice’ category (indicated by a blue circular warning) has been implemented in the new release to help administrators prioritize the urgency of issues.
- Group expansion collector
The tools can now take an Active Directory group object and expand the whole membership tree, including other child groups. This function is useful to verify that special Exchange groups have the correct membership assigned.
- Last backup times collector
Make sure that Exchange databases are backed up regularly. A new function of the tool is to determine the last backup time for Exchange 2000 Server and Exchange Server 2003 databases.
- Permission checking infrastructure
In security-sensitive environments, it is a good idea to lock down Active Directory permissions as tightly as possible. However, this can make troubleshooting more difficult. Exchange Server Best Practices Analyzer has new capabilities to collect and analyze security structures. The rules for identifying permission related problems will be supplied in a future XML update for the tool.
The underlying data collection and rules processing engine now supports performance sampling and analysis. The rules for identifying performance issues will be in a future XML update for the tool.
The administrator can now instruct the tool to run unattended at set intervals. Through the user interface, you can set the frequency. Behind the scenes, Exchange Server Best Practices Analyzer creates a new ‘Scheduled Task’ for the local workstation.
Following are descriptions of the controls.
- Enable scan scheduling If this is selected, scanning will be performed on a scheduled basis. If this is not selected, this feature will be disabled, as will all the other controls on the screen except the exit link. Note that this check box will be available only if credentials have been entered and validated on the Connect to Active Directory screen, and you have local administrator permissions. This is because, in order to run Exchange Server Best Practices Analyzer in unattended mode, it must run as the local system on the computer on which it is installed. That computer probably will not have access to an Exchange Server deployment, so credentials are required to allow it to have access. These credentials are stored, encrypted, in a secure registry key on the local computer.
- Start time This is the starting time and date when the tool should next be run.
- Run frequency This is how frequently to run Exchange Server Best Practices Analyzer. It may be a once-only run, or it can be set to daily, weekly, or monthly.
- Exit this tool This link just exits exit. None of the changes made to this screen will be saved, and the scheduling options will remain whatever they were before.
- Save and Exit this tool This saves the changes. All currently selected scan options (scan type, servers to scan, and so on) will be saved as the options to use for the scheduled runs. Also, all the schedule options themselves will be saved.
As soon as scheduling is enabled, the Exchange Server Best Practices Analyzer can still be used to do independent runs without affecting the scheduled runs (one exception to this is the baseline options – if those are changed the change will also affect scheduled runs). The Exchange Server Best Practices Analyzer can also be used to view the results of the scheduled runs. The scheduled scan data files are stored in the same way manually run scan files are so they will appear in the select scan screen as they are created.
- New baseline capabilities
Baseline options are used to generate a report of certain properties that deviate from user-specified values. This screen will be shown if the Baseline scan type is selected from the scan options screen (a link on the scan options screen will take you there). This screen looks similar to this.
Following are descriptions of the controls.
- Enter the label for this compare or select an existing one This is an editable combo box that will let you select an existing compare set or type the name of a new one to be created. A compare set essentially groups a set of properties and values to be tested against a set of servers. You can have any number of compare sets defined. For example, you might create a Front End compare set and then select the properties and values that you want to verify on front end servers. You then also select the servers in your organization that are front ends. This forms one compare set. You can set up a separate compare set for mailbox servers, gateways, and so on, or you can divide items up however you want. If you have created a new compare set name, that compare set will be created as soon as you move off this control. When this screen first appears after Exchange Server Best Practices Analyzer v2.0 is installed, it will have a single compare set called Baseline options, and all values will either be disabled or enabled and provided with a likely default value. Any changes made after that will be saved immediately and persisted to the registry.
- The compare set label check box
This appears on the gray title bar. As you change the compare set selection in the previous control, this name will change to reflect that. If the box is selected, the compare set will be enabled for scan runs. If it is not selected, all other controls will be disabled, and that compare set will not be used in baseline scans. However, the values will remain.
- The compare set label deletion icon
This is the white X that appears on the right side of the gray title bar. It will appear only if you have more than one compare set defined – you cannot delete the last compare set. If you click this icon, the currently selected compare set will be completely deleted.
- The source values check box
This provides a convenient way to select or clear all the properties at the same time.
- The properties check boxes
Each baseline property defined in the configuration appears in this section. You cannot define your own properties, but you can decide which of the provided properties to enable for the compare set.
- The property values text boxes
For each enabled baseline property, you can enter a value that the property will be compared to on the select servers. If the property value is not equal to the specified value, an issue is created. These issues can be viewed using the Baseline Report in the view scan screen.
- The test objects tree view
All servers within the set currently enabled for the run (these are set in the scan options screen) will appear in this tree view. They can be enabled or disabled as you want per compare set. Note that the organization and administration group nodes are there for organizational purposes and to allow for checking or unchecking several servers at a time. However, they are not actually used in a baseline scan.
- The Start scanning link
This starts the baseline scan. Processing will occur similarly to a regular health check, but only the baseline properties will be retrieved and tested.
- The Schedule a scan link
This takes you to the schedule scan screen, where the baseline can be regularly run in unattended mode.
The questions and answers have been categorized as follows:
- Command-Line Version (ExBPACmd.exe)
- Q. What kinds of configuration data does the tool check?
A. Exchange Server Best Practices Analyzer processes data from the Active Directory directory service, Windows Management Instrumentation (WMI), the system registry, Internet Information Services (IIS) metabase, performance monitor counters, files on disk, system ports, and Domain Name System (DNS). The ExBPA.Config.xml file lists the objects and settings for collection and defines the rules that test the returned values.
- Q. Can I use the tool for troubleshooting problems?
A. Exchange Server Best Practices Analyzer can be used for both troubleshooting current problems and providing a proactive health check for Exchange Server. However, because the tool relies on server connectivity to collect configuration data, the server that is running Exchange Server must be accessible from the network for the scan to complete.
- Q. What permissions do I need to successfully scan my Exchange Server topology?
A. Most of configuration scanning performed by Exchange Server Best Practices Analyzer is done through the registry and WMI calls. For these to succeed, the account used for scanning needs to be defined as an Administrator or equivalent on each Exchange server specified in the scan scope. You must be sure that:
- The account being used for scanning is a member of the built-in Administrators group on each Exchange server.
- You have permissions to read the Exchange Server configuration from Active Directory. The account used for this function needs at least View Only permissions on the Exchange Server organization container.
- Q. I don't have an overall administrator account in my organization that can access both Exchange Server and Active Directory data. Can I still use the tool?
A. Yes. By default, to log on to gain access to all data, Exchange Server Best Practices Analyzer uses the same credentials that you use. However, when connecting to Active Directory, if you select Show advanced login options on the Connect to Active Directory page, you can specify the credentials used for accessing Active Directory and Active Directory domain controller configuration, in addition to another set of credentials for gaining access to the Exchange Server configuration.
- Q. My Exchange Server administrator account does not have access to all Exchange servers. What should I do?
A. During the scan configuration, you can clear the check box for the servers for which you do not have access. However, organization-level data such as global message limits are not scanned if you clear the check boxes for the servers or administrative groups. To collect organization-wide data, choose to scan the entire organization, including all servers, and let the tool fail as it discovers servers where you do not have access.
- Q. There's a firewall between my Exchange servers. How do I scan all servers?
A. On the Start a New Exchange Scan page, you can select the individual servers to include or exclude from the scan. Alternatively, leave all servers selected and allow the tool to fail against the servers on the other side of the firewall. The first operation performed against a server is a registry call to a well-known registry key. If this operation fails, the server is regarded as unreachable (indicated by a Completed icon in the scan summary) and no further collection operations are performed against this server.
To collect all server data, you have to run the tool on each side of the firewall.
Note It is not currently possible to merge scan output files.
- Q. Where does the tool store its output files?
A. By default, output files are stored in drive:\Documents and Settings\user name\Application Data\Microsoft\ExBPA. For every scan performed, two output files are generated:
- The .log file contains the scan progress and any error messages returned during the scan.
- The .xml file contains all the data collected during the scan.
- Q. How does the Exchange Server Best Practices Analyzer update facility work?
A. When the tool starts and during manual update checks, Exchange Server Best Practices Analyzer tries to read the file located at http://www.microsoft.com/exchange/code/exbpa/2.0//ExBPA.Config.xml. The file contains an attribute, ConfigVersion. If the version identifier for the file on the Web is greater than the local copy, you are prompted to download the newer version. If you accept the download, the ExBPA.Config.xml file and associated ExBPA.chm file is downloaded from the Web location. The existing versions of these files (usually at drive:\Program Files\ExBPA\culture) are renamed. The updated files are used immediately; you do not have to restart the tool.
- Q. If I download an update from the Web and open a scan report that was created before the update, what happens?
A. Reanalysis of the old scan occurs if the ConfigVersion is compatible between the update and existing scan. Reanalysis can result in better problem identification. Data compatibility is determined through the ConfigVersion attribute which exists in the input and output .xml files. It consists of four integers in the format of W.X.Y.Z:
- W = Major application version
- X = Major configuration version
- Y = Minor configuration version
- Z = Release type
If the major application and configuration versions (W and X) are the same between the previous scan and Web update, the data is compatible and is reanalyzed. If the data file is not a candidate for reanalysis, the previous scan results are shown.
- Q. It appears that the tool uses resources from the Web for retrieving updates and displaying content. I'm working in a closed environment and don't have an Internet connection. Can I still use the tool?
A. Yes. View the Exchange Server Best Practices Analyzer Tool page at http://go.microsoft.com/fwlink/?linkid=39502 for updates to the tool. These updates can be manually downloaded and applied to an existing installation of Exchange Server Best Practices Analyzer.
For each rule output of Error, Warning, or Nondefault types in the scan report, there is a Tell me more about… link. By default, the content behind the link is retrieved from the Web. Where Internet connectivity is not available, the content is retrieved from the local Help file (ExBPA.chm).
- Q. There are some numbers displayed in the About box. What do these mean?
A. When you click About, the Microsoft Exchange Server Best Practices Analyzer Tool box appears. This box lists two version identifiers, each in the format of W.X.Y.Z.
- The first number identifies the build of the application and its binary files, for example, 2.0.7520.0.
- The second number identifies the ConfigVersion from the current ExBPA.Config.xml file being used, such as 18.104.22.168. If updates are applied to the installation of the tool, the ConfigVersion number changes.
- Q. Does Exchange Server Best Practices Analyzer write any data to Exchange servers or to Active Directory?
A. The tool only reads data, with one exception. As part of the Simple Mail Transfer Protocol (SMTP) test, the tool tries to submit a test message to the postmaster account. The body of the test message clearly identifies that it was generated by Exchange Server Best Practices Analyzer.
- Q. Does the tool use any registry parameters? If it does, what do they do?
A. The tool uses a small number of registry parameters to save default settings and user options. All registry parameters are stored under the following registry key:
||DCSpecified||reg_sz||Domain controller name last specified
||VersionCheckAlways||reg_dword||Set to 0x1 to always look for updates on startup
||SuppressionData||reg_sz||Contains rules that have been disabled
||ImportExportDirectory||reg_sz||Default folder for import and export XML files
||NetworkSpeed||reg_sz ||Last selected network speed
||ScreenRectangle||reg_dword||Last size of the screen
||ScreenState||reg_dword||Last state of the screen (minimized, maximized, normal)
||CompareSets||Key||Contains baseline server mappings
- Q. The baseline options have changed — what happened?
A. Based on feedback from the previous version of the tool, the functionality has been changed to be driven from a user-customizable set of values instead of keying the data off of another server. This area will continue to evolve in future releases of the tool.
- Q. In the Start a New Exchange Scan page, I can set a network speed. What effect does this actually have?
A. This option has two uses:
- It affects the time estimate for the total scan.
- It sets the underlying timeout to use when collecting data.
For example, if Fast WAN is selected, Exchange Server Best Practices Analyzer waits only a short time before timing out on a system call. Look in the .log file in the Exchange Server Best Practices Analyzer data folder (drive:\Documents and Settings\user name\Application Data\Microsoft\ExBPA) to view any timeout errors that occurred during the scan.
- Q. The estimated time to complete the scan appears to be incorrect. Why is this?
A. At the scan configuration stage, an approximate scan time is displayed. The total time it takes for a scan to complete is greatly affected by underlying network conditions. This includes the speed and latency between the Exchange Server Best Practices Analyzer workstation and Exchange servers. As soon as the scan is in progress, the time remaining indicator is updated every 60 seconds.
- Q. What is the baseline option for?
A. The baseline scan enables you to scan for configuration differences (such as registry settings) based on user-defined values. Configuration differences are displayed in the scan result list.
- Q. What do the Import and Export functions do?
A. Import enables you to import an externally generated, output .xml file that is displayed on the copy of the tool that is running on your workstation. During the import process, the .xml file is copied to your Exchange Server Best Practices Analyzer data folder (drive:\Documents and Settings\user name\Application Data\Microsoft\ExBPA) and reanalyzed if the ConfigVersion on your workstation is both newer and compatible with the data file being imported.
Export enables you to output the data in different file formats. For example, you can export to XML, HTML, or CSV format. When exporting to HTML or CSV, only the report on the screen is output to the destination file.
- Q. I have some questions about the issues raised by the tool in my topology. Where can I get help on these?
A. For general questions, we encourage you to participate in the microsoft.public.exchange.tools newsgroup at http://go.microsoft.com/fwlink/?linkid=14926. For more information, visit the Exchange Server Best Practices Analyzer Tool Web page at http://go.microsoft.com/fwlink/?linkid=39502. If you have general feedback about the tool and its rules, send an e-mail to the feedback address: Exchange ExBPA Feedback & Suggestions.
- Q. When I disable a rule from displaying, where is that configuration data held?
A. All disabled rule data is contained in the registry parameter:
If all instances of a rule have been disabled, the rule name is saved in the registry value. If only a single instance of a rule has been disabled, the rule and corresponding server name will be saved in the registry value. On the View Best Practices Report page, use the Disabled Issues List option to reactivate disabled rules.
Note Disabled rules data is saved on a per-workstation basis and not per scan/output file.
- Q. What can I use the Detailed View for?
A. Detailed view shows all collected data and rules. This view is designed for advanced users who want to manually analyze data collected by the tool.
- Q. How do I copy the list of issues from the tool to a separate file or application?
A. To copy text from a single rule, expand the rule and press CTRL+C on the keyboard. The text now is on the Clipboard and can be pasted into another application.
Alternatively, use the Export feature to create an HTML-formatted version of the current view.
- Q. I've created an HTML report, but I don't see any icons. Why not?
A. The icons are retrieved from the Internet. Verify that Internet connectivity is available on your workstation.
- Q. The Tell me more about… links don't appear to work. What could be wrong?
A. The Tell me more about… links are hyperlinked to articles on the Internet. Verify that Internet connectivity is available on your workstation.
Command-Line Version (ExBPACmd.exe)
- Q. What's the difference between the ExBPA.exe and ExBPACmd.exe files?
A. ExBPACmd.exe is a command-line version of the tool. Both the interface and command-line version call into a common code-path. Therefore execution functionality is virtually the same.
- Q. Can I run the command-line version of the tool as part of a script?
A. Yes, to view the different command-line options for the tool type:
During execution, the tool does not expect any input, so it is ideal for script processing.
To run a health check against a single Exchange server named EX1, type the following command:
ExBPACmd –r Server =EX1 –rc GENERAL
To run a health check against all Exchange servers, type the following command:
- Q. What are the –to (timeout) and –th (max threads) parameters for?
A. These command-line parameters provide specific control over the data collection engine. Generally, you do not have to specify these parameters because the default values are used.
The timeout specifies how many seconds that the collection engine wait for a server to return data from any given request (default: 300 seconds). For the graphical user interface version, the network speed setting controls this time.
The max threads overrides the maximum number of simultaneous scanning threads that the tool uses when retrieving data from Exchange servers (default: 25). One scanning thread can scan one Exchange server at any one time.
This section describes issues known at the time of release and their workarounds for Exchange Server Best Practices Analyzer. Some of these issues are scheduled to be fixed in a future release of the tool.
- There is no reinstall option for the Microsoft Windows Installer package.
Workaround: In Control Panel, click Add or Remove Programs, and then click Remove. Reinstall Exchange Server Best Practices Analyzer.
- If you remove Exchange Server Best Practices Analyzer from your computer after you apply updates from the Web, older .xml and .chm files are not removed from the installation folder (typically, C:\Program Files\ExBPA\culture).
Workaround: If necessary, manually delete the files.
- When removing Exchange Server Best Practices Analyzer from the computer, registry parameters continue to exist under HKEY_CURRENT_USER\Software\Microsoft\Exchange\ExBPA.
Workaround: If necessary, manually delete the ExBPA key.
- New updates to the configuration file cannot be detected if the Web proxy server requires authentication.
Workaround Manually download new configuration updates. For more information, see the Exchange Server Best Practices Analyzer Tool page at http://go.microsoft.com/fwlink/?linkid=39502.
- It is difficult to read text presented on the screen when the color depth is set to 256.
Workaround: None. If it is possible, use a different graphics resolution.
- Accelerator keys and tab behavior within Exchange Server Best Practices Analyzer is irregular.
- The new scheduling and baseline capabilities are not documented in the Help file.
Workaround: Read the “What’s New in Exchange Server Best Practices Analyzer v2.0” section at the start of this Readme file.
- When Exchange Server Best Practices Analyzer is directly installed on an Exchange server and the logon credentials have been overridden, local access to Exchange Server data fails.
Workaround: Install Exchange Server Best Practices Analyzer on a workstation. Alternatively, use the RUNAS /netonly command to run the tool.
- As soon as the Exchange server scan has completed, the progress bar remains at 100 percent, but Exchange Server Best Practices Analyzer appears to continue processing.
Workaround: Wait for Exchange Server Best Practices Analyzer to complete processing of the Active Directory® directory service and the rules analysis.
- During data collection, scan errors appear in the status bar at the bottom of the screen even when all options and permissions have been set correctly.
Workaround: None. Some errors are expected. Exchange Server Best Practices Analyzer tries to gather all data from all servers regardless of operating system or Exchange Server version being used. Earlier Microsoft products do not support all query types that the tool issues.
- If a scan in progress is aborted by using the Stop Scanning option, rules are not processed and there are no issues listed in the report.
Workaround: This is by design; aborted scans are not analyzed.
- Even though the Remote Registry service is started, the tool produces the error “The network path was not found” when it tries to connect with the Exchange server.
Workaround: Make sure that ‘File and Print Services for Microsoft Networks’ is enabled on the network connection for the Exchange server.
- When using the import feature, the progress bar stays at 100 percent, but the Exchange Server Best Practices Analyzer tool appears to continue processing.
Workaround: Wait for Exchange Server Best Practices Analyzer to complete reanalysis of the data.
- After selecting the "Select a Best Practices report to view" option from the Welcome page, it takes a long time for the list of reports to display.
Workaround: Exchange Server Best Practices Analyzer is reading each file in the data directory. You can reduce wait times by deleting older scan reports.
- Rules that are disabled in one scan report affect other reports and output files.
Workaround: When you view different Exchange Server topologies on a single workstation, reactivate rules through the Disabled Issues List report.
Information in this document, including URL and other Internet Web site references, is subject to change without notice. Unless otherwise noted, the example companies, organizations, products, domain names, e-mail addresses, logos, people, places, and events depicted herein are fictitious, and no association with any real company, organization, product, domain name, e-mail address, logo, person, place, or event is intended or should be inferred. Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation.
Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property.
© 2005 Microsoft Corporation. All rights reserved.
Microsoft, Active Directory, Windows, and Windows Server are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries.
The names of actual companies and products mentioned herein may be the trademarks of their respective owners.