Wednesday, July 17, 2013

Exchange User Monitor tracing via the command line



For troubleshooting Exchange user performance related issues or to help plan your design for Exchange, Exchange User Monitor (Exmon) is a great utility to have in your tool bag and contains a wealth of knowledge on your current user activities.
Exmon tracing uses the ETW (Event Tracing for Windows) facility of Windows to send internal application event data to .etl files for later analysis.

Prerequisite
Before enabling ExMon tracing, the following registry keys must be added to the registry to allow Exmon to collect data in the ETL file.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSExchangeIS\ParametersSystem]
"RpcEtwTracing"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WMI\Trace]
"UsePerformanceClock"=dword:00000001
To enable tracing on any given server, there is essentially 2 methods that can be used to create and start/stop Exmon tracing.
Method
Tracelog
2. Create a directory called Tracing (ex. C:\tracing)
3. Copy tracelog.exe to this directory from the default install location of c:\program files\Resource Kit.
4. Create a start_tracing.cmd file and add the following information to the file. Save this to the location created in Step 2.
tracelog.exe -start Exmon_Trace -f c:\Tracing\Exmon_trace.etl -seq 3500 -guid control.guid
5. Create a stop_tracing.cmd file and add the following information to the file. Save this to the location created in Step 2.
tracelog.exe -stop Exmon_Trace
6. Create a control.guid file and then add the appropriate GUID for Exmon tracing. Note: This GUID should be the only piece of information in this file. Save this to the location created in Step 2.
2EACCEDF-8648-453e-9250-27F0069F71D2
7. To verify if these batch files work successfully, run start_tracing.cmd and then run tracelog -l and look for an entry call Exmon_Trace. If this is found in the list, then the tracing has been enabled as shown below. 

Reference :
http://blogs.technet.com/b/exchange/archive/2005/04/06/403409.aspx

No comments:

Post a Comment