Here’s a brief introduction to the Exchange 2010 Event Logs. If you haven’t already so, be sure to check out Windows 2008 Event Log post as well. Combing the event
logs should be part of your daily system checks as an IT Professional.
First go to Administrative Tools on a Windows Server and open Event Viewer. There are many categories in the Event Viewer depending on what is installed on your server. We will focus on Application and System for now.
There are 3 types of events, Informational, Warning and Error for each category. Below are some important examples to be aware of in the Informational and Error catagories.
Most of the time the Information events are things to be aware of, but do not require action. An example of an Information event from the Application Log is Event ID 2080. This is a very important Event. It indicates that the Exchange 2010 is able to contact and communicate with a Domain Controller on the network. The Microsoft Exchange Active Directory Topology Service is responsible for checking in on Domain
Controller availability. You can see particular service if you open Administrative Tools and Services. If Exchange cannot contact a Domain Controller than services begins to fail and mail flow stops and this Error will appear in the Application Log Event ID 2104. Topology discovery failed…. That means it’s time to act, as is the case with most Errors in the Event Log. Check to make sure that the Domain Controller is powered on, if it is on, can you ping it from the Exchange Server, possibly restart the Topology Service and see if the error logs again. There are many more potential troubleshooting techniques for this such as a checking DNS resolution or has there been an IP change as well among the many.
Another useful Error in the System Log to be aware of is Event ID 7022. This error lets you know when a service failed to start and what service it is; it is most commonly seen after a reboot or an application crash. In this case it is the Exchange Transport Service. The next move is to go to Administrative Tools/Service and attempt to manually start it. If it does not immediately start backup check for other dependencies that are required to be running and possibly log in accounts/passwords that are set up in the Service Properties.
These are just a few among many Events from an Exchange 2010 Server Event Viewer. To be an effective IT Professional you must know your environment; be aware of what services are installed on your network and what systems they reside on. Look at the logs each day to know what is going on within the environment. It’s all right there at your finger tips.