Some of the common method for Exchange Server Performance Diagnosing and trace &logs collection method.

Here I am explaining some of the common method to Diagnosing Performance Issues and trace &logs collection method.

ExPerfWiz:

ExPerfWiz is a PowerShell based script to help automate the collection of performance data on Exchange 2007, 2010 and 2013 servers.  Supported operating systems are Windows 2003, 2008, 2008 R2, 2012 and 2012 R2.

The default behavior of the script is to create a rolling BLG file that will roll to a new log when the maximum size of the log has been reached up to a maximum of 8 hours. For Windows 2008 servers, this is based on time as the -max parameter for logman.exe stops the data collection when the maximum log file size has been reached. There is logic in the script to prevent you from changing the maximum size of the BLG files on Windows 2008 servers.

.\experfwiz.ps1 -threads -duration 24:00:00 -interval 5 -filepath <location>

Netstat:

Netstat is a tool we can use to tracking down which process identifier (PID) has a port open is quite easy when netstat is run with the -a -n -o combination of parameters

Eg: netstat –ano

We can create scheduler task to run the netstat tool.

Create a scheduled task - run task.bat every 5 minutes whether they are logged on or not
In task.bat, put these 3 lines
set day=%date:~0,2%
echo %time% %date% >> %day%.txt
netstat -ano >> %day%.txt

NETSH:-

Netsh use to trace the network trace to capture the network traffic.

Steps to collect netsh trace from server.

1. Open command prompt as administrator on the server and the client machine

2. Issue the following command to start the network trace on the server and the client machine

a. netsh trace start scenario=netconnection fileMode=circular maxsize=2048 tracefile=c:\traceinfo.etl capture=yes

<< Once we simulate the issue, then we can stop the trace>>
netsh trace stop

To capture on particular address example as below

'netsh trace start capture=yes Ethernet.Type=IPv4  IPv4.Address=192.168.1.1'

Procdump:

ProcDump is a command-line utility whose primary purpose is monitoring an application for CPU spikes and generating crash dumps during a spike that an administrator or developer can use to determine the cause of the spike. ProcDump also includes hung window monitoring (using the same definition of a window hang that Windows and Task Manager use), unhandled exception monitoring and can generate dumps based on the values of system performance counters. It also can serve as a general process dump utility that you can embed in other scripts.

Eg:Procdump -mp store.exe -s 30 -n 3 -accepteula c:\file_name.dmp

RCA logs collection:-

These log files have connection information for the various clients

Location:-

%ExchangeInstallDir%\Logging\RPC Client Access

Memory Dump:-

Memory dump primarily identifies a problem or error within the operating system or any installed application within the system. Typically, memory dump provides information about the last state of the programs, applications and system before they were terminated or crashed. This information consists of memory locations, program counters, program state and other related details. It is displayed on-screen and also creates a system log file for viewing/referencing later. After memory dump, the computer is generally unavailable or inaccessible until it’s rebooted. Memory dump can also be caused by memory leak, when the system is out of memory and can no longer continue its operations.

Please check here to know how to generate memory dump manually.

How to read memory dump:-

Please read here and using X64 Debuggers And Tools-x64_en-us.msi