How to take Exchange traces and dumps for Microsoft Engineers – Example for STORE and MSExchange Transport components

  • Article

Prerequisites

We’ll use the ExTra.exe (Exchange 2007/2010 only, not available anymore on Exchange 2013) and ProcDump Tools to take traces that will capture the issue.

To take memory dump of Store.exe and EdgeTransport.exe for deep code level analysis.

Download ProcDump: https://technet.microsoft.com/en-US/sysinternals/dd996900

The instructions

Scenario

Mails get stuck in some servers, not always the same, but the common point between the servers is that it’s always queues which point to the same database (messages for users in a particular database).

Event Log analysis does not show any issues, event with Event Logging set to “Expert” for MSExchange Transport and MSExchangeIS store delivery components.

We need to take traces that will capture what Exchange is trying to do, and that will enable Microsoft to tell what object is blocking the queue(s).

Traces

Traces: take both ExTra traces and Dumps from Store and Transport (or other process if it’s for a different scenario)

These will be analyzed by an accredited Microsoft Engineer.

1 of 2 > Extra.exe

Launch ExTra.exe (available by default on Exchange 2010 - With the introduction of Exchange 2013, this tool is no longer packaged with the product & is only available as a separate package from MS Support) and choose the “Trace Control” option

image

Then click on “Set manual trace tags” on the next screen:

image

Then select the components we with to trace (for our scenario example, Transport and StoreDriver)

image

and click on the below “Start Tracing” link.

To stop the tracing, when the issue will occur and when the Dumps below will be taken, click on “Stop Tracing now”

image

2 of 2> process memory dump - NOTE : do not copy/paste the below lines, just retype them as for some reason it takes invisible special characters:

  • On one HUB, run this from the ProcDump directory:

procdump.exe -ma edgetransport.exe –n 3 –s 15 -accepteula c:\dumps

  • On the Mailbox Server, run this from the ProcDump directory - NOTE the "-mp" parameter instead of the "-ma", because otherwise we'll get 10s GBs of data that we don't necessarily need for store.exe debug:

procdump.exe -mp store.exe –n 3 –s 15 -accepteula c:\dumps

Note: you may not want to place the dump output files in the C:\ drive, you can specify any path you want replacing c:\dumps by any other directory.

More great and very useful information on this link :

Procdump: How to PROPERLY gather dump (.dmp) files for crashes and hangs, CPU spikes, etc, including gathering PERF data, for Exchange issues – by Kris Waters, Premier Field Engineer in Microsoft US.

https://blogs.technet.com/b/kristinw/archive/2012/10/03/procdump-how-to-properly-gather-dump-dmp-files-for-crashes-and-hangs.aspx

Sam.