Maintaining a consistent message tracking configuration across all of your Exchange servers is important. Without it you’ll potentially miss out on important information during message tracking log searches.

Although message tracking is enabled by default on Exchange servers the default configuration that is applied is often not suitable. For example, the default log retention of 30 days is often too short for investigations, and the default maximum folder size of 1Gb is often too small for organizations with high volumes of email traffic.

I’ve published a PowerShell script, Get-MessageTrackingConfig.ps1, that will generate a CSV file showing the current message tracking configuration of your Exchange servers. The script currently supports Exchange Server 2013, with support for Exchange Server 2010 coming in the future.

get-messagetrackingconfig-report

A few important points to note about the CSV file that the script generates. On an Exchange 2013 server there are four types of message tracking logs generated:

  • MSGTRK – tracking logs generated by the Transport service
  • MSGTRKMA – tracking logs generated by moderated transport actions (ie, approvals and rejectsion)
  • MSGTRKMD – tracking logs generated by the Mailbox Transport Delivery service
  • MSGTRKMS – tracking logs generated by the Mailbox Transport Submission service

For more about those services you may like to read about Exchange 2013 mail flow.

Each of the logs files has the message tracking log retention max directory size settings applied individually. This means that if the max directory size is 1Gb (1000Mb), up to 3000Mb of log files will be stored in the directory. Why 3000 and not 4000? Microsoft says:

On Exchange 2013 Mailbox servers, the maximum size of the message tracking log directory is three times the specified value. Although the message tracking log files that are generated by the four different services have four different name prefixes, the amount and frequency of data written to the MSGTRKMA log files is negligible compared to the three other log file prefixes.

As such, the script assumes a 3x multiplier in the results that it outputs. In the example screenshot above the server MELEX1 has 38MB of Transport logs, 28Mb of Delivery logs, and 18Mb of Submission logs for a total of 84Mb of logs. This is well under the configured maximum directory size of 1000Mb, and the server can comfortably store the 30 days of logs if is configured to retain.

How to use this script in your Exchange Server 2013 environment:

  1. Run the script from a computer or server that has the Exchange Management Shell installed
  2. Review the CSV file to:
    • Confirm that your message tracking log configuration is consistent across your servers
    • Confirm that the max directory size is high enough to store the number of days of logs you want to retain
    • Consider whether the server has sufficient storage to hold the estimated maximum amount of data that might be retained

This script is available for download from the TechNet Script Gallery and Github. Comments are welcome below. If you find a bug please consider raising it as an issue on Github.

About the Author

Paul Cunningham

Paul is a former Microsoft MVP for Office Apps and Services. He works as a consultant, writer, and trainer specializing in Office 365 and Exchange Server. Paul no longer writes for Practical365.com.

Comments

  1. Rayeski M

    I try to run the script, but there is no csv exported, please help.
    We use Exchange 2016.

  2. Roy

    Hello,
    Does the script work under Exchange 2016 server?

    Regards

  3. Mendim

    Hi Paul

    Any News regarding the compatibility to EX2010?

    Thank you for your reply.

  4. Pradeep Rajora

    Hi Paul,

    Please help me get what is maximum limit of Log directory size and log file size in Exchange 2013

  5. Dan Gurney

    Hi,
    As always a great script and good explanation. However, I have a problem.

    The script tells me my MaxAge (Days) is set at 90 and my configured max size set to 4096. This is what I want; we need to keep 90 days for compliance reasons. The script also tells me my oldest log file is 42 days (which is about right).

    My problem is that the MSGTRKMD files are being removed after 30 days. Why would this be? Theres only 240Mb of them.

    1. edu

      Please. We have the same issue

  6. Marcus

    Hi Paul

    Can you help with powershell to track message eventID = Defer in office 365?

    I wanted to track all message where the eventid is defer from the cloud.

    Thank you for your help.

  7. Ves

    Hello,
    this is the result:

    You cannot call a method on a null-valued expression.
    At D:Get-MessageTrackingConfig.ps1:190 char:92
    + … (MB)” -Value $($E15TransportRole.MessageTrackingLogMaxDirectorySize.Value.ToMb() …
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo : InvalidOperation: (:) [], RuntimeException
    + FullyQualifiedErrorId : InvokeMethodOnNull

    You cannot call a method on a null-valued expression.
    At D:Get-MessageTrackingConfig.ps1:191 char:91
    + … (MB)” -Value $($E15TransportRole.MessageTrackingLogMaxDirectorySize.Value.ToMb() …
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo : InvalidOperation: (:) [], RuntimeException
    + FullyQualifiedErrorId : InvokeMethodOnNull

    1. Brett Radburn

      Same error as above

  8. Rene

    Nice script indeed. May I know when we can expect it will work for Exchange 2010? cheers

Leave a Reply