0

I got bit in the rear again by the Back Pressure feature in Exchange 2010 this week. I want to set something up to alert me in the future when this happens again.

Background

Some people had been reporting delays receiving emails from people outside the organization for the past couple of weeks, but it was transient enough to not throw up any concrete red flags. Yesterday, finally, we had a solid outage where no external emails were coming in, and upon troubleshooting I found that Back Pressure was in force on our Edge Transport server. The problem was RAM overutilization, and a quick reboot solved the problem. After going back through the Event Logs, however, I realized that the Edge server had been slipping in and out of Back Pressure repeatedly over the past couple of weeks, thus the intermittent delays people were seeing with receiving email from the outside.

What I've tried

Whenever Exchange detects an overutilization condition (e.g., not enough free RAM or disk space), it logs Event ID 15004 in the Application event log. In the Event Viewer, I used the built-in "Attach Task To This Event..." feature to set up a Scheduled Task with the Action "Send an email..." that would email me whenever this event was logged (initially BackPressure only blocks external emails but allows internal emails to keep flowing). However, the "Send an email..." action requires you to specify an SMTP server. The problem is that our Edge server is not domain-joined and is out on the perimeter of our network, so I couldn't use our internal domain-joined SMTP server. I also had no success using the Edge server's own SMTP server ("localhost") as I couldn't figure out how to authenticate to it (where do you even configure it and what username/password would you use?). I was, however, able to use Gmail's SMTP relay to send the notification messages, but the Catch-22 is that once BackPressure is applied, all emails from the outside are blocked, so the notification messages relayed via Gmail are also blocked as being from the outside and I never see them.

I have a couple of things in place to help, but neither is foolproof. The first is a daily test email that gets sent to me every day at 8 AM...if I don't see it I know there's a problem, but instead of just a once-a-day test I want to know as soon as the Edge server starts having problems. I also have Nagios monitoring a few metrics on the Edge server, but it can't cover all the scenarios that Exchange uses to trigger a BackPressure situation.

Being notified whenever Event ID 15004 is logged on the Edge server is the Holy Grail, now I just need to figure out a way to make that happen reliably.

Is there a way to set up BackPressure email notifications from a non-domain-joined perimeter Edge server?

RSW
  • 233
  • 3
  • 9
  • Why don't you address the root of the problem rather than the symptom of the problem? – joeqwerty Jan 04 '17 at 18:40
  • @joeqwerty At first your comment came across as saying "why do you want to monitor for errors when you can simply fix the problems that cause the errors in the first place"...but I know that can't be what you're saying. What are you saying? =) – RSW Jan 04 '17 at 19:23
  • I would suggest you roll your Send an Email via Task Scheduler over to a Powershell script since the Send an Email option is deprecated. Doing this should allow you save a properly formatted file into the Pickup directory and deliver the message. I haven't tried this but seems reasonable so that's why I'm not submitting an answer. – JBaldridge Jan 04 '17 at 23:14
  • @JBaldridge I had looked at sending the email via Powershell but like the other options it still required me to specify an SMTP server, thus back to my Catch-22. (the "Send an Email" option is still fully supported in Server 2008 R2...it didn't get deprecated until Server 2012 AFAIK) – RSW Jan 05 '17 at 01:48
  • If you write the file to the pickup directory that would negate the smtp server need. It would go into the queue in exchange. I would think that would be considered internal but I cannot confirm that. – JBaldridge Jan 05 '17 at 01:52
  • @JBaldridge ooohh...I did not know that...if so that's a great idea...I'll try it and report back – RSW Jan 05 '17 at 01:54
  • I no longer have an environment that has an edge transport so I can't test. Plus you would need to see how it behaves during the back pressure situation. – JBaldridge Jan 05 '17 at 01:59
  • @JBaldridge Bummer! What a creative idea you had, and for a minute I thought it was going to work. I was able to successfully drop an email into the Pickup directory and have it delivered. I then taxed the server to put it into Back Pressure mode and that's when it refused to use the Pickup directory. The event log error confirmed it, saying: "The following components are disabled due to back pressure: Inbound mail submission from the Internet, Mail submission from Pickup directory, Mail submission from Replay directory" – RSW Jan 05 '17 at 02:22
  • 1
    Generally speaking, using email to warn for email server problems is likely to not be failsafe. – Jenny D Jan 05 '17 at 12:01
  • @JennyD Good point. I'm open to other methods of being notified when Event ID 15004 is logged. – RSW Jan 05 '17 at 13:12
  • 1
    I would recommend using a monitoring system. – Jenny D Jan 05 '17 at 16:01

0 Answers0