Monday, April 23, 2007

ESEUTIL for Microsoft Exchange, Part 1 The Basics

ESEutil (Extensible Storage Engine utility) is the sister EXE to NTDSutil (New Technology Directory Service I believe). There are three sides to this utility that any Microsoft Exchange administrator should know how to use. The harmless checking options, the hairier defragmentation option, and finally the scariest restore options.

On a side note it should be mentioned to any new Microsoft Exchange administrators that ESEUTIL is not a part of the PATH system variable, and as such must be run from the Exchange/bin folder. If you find yourself using ESEUTIL frequently I would suggest adding it to your path as I have.

First there is the mostly harmless options /k, /mh, and /cc. These flags will do various things that Microsoft Exchange will normally do for you, such as re-run log files after you remount a store. The /mh flag will check the store to see if it was properly shut down and along the way will tell you when the last time it was backed up. This is an easy way to start learning how to use ESEUTIL properly.

Example: “eseutil /mh "d:\program files\exchsrvr\mdbdata\priv1.edb" (Assuming Exchange 2003 is installed on the d:\ drive.)”

This command should return “State: Clean Shutdown” within its output. Also you can use /mh to see how many /r commands have been run against it, with anything greater than zero being your number.

There are other simple flags to use such as /ml to check log files, /mm to dump the metadata (not truly useful to most administrators, but interesting to see none the less.), /mk to see information about the checkpoint file (.chk files).

ESEUTIL /k will run a similar function to running a checksum against a file to verify its integrity. It will only VERIFY the database, not repair as that is what /p and /r are for. This is most often used when Microsoft Exchange has been shut down improperly. On another side note it worth mentioning that hundreds of uninitialized pages are normal, but bad checksums or wrong page numbers are bad. Also you can verify log files with /k in the same way you verify stores.

Example: “eseutil /k "d: \program files\exchsrvr\mdbdata\priv1.edb" “

Just as easy to run is ESEUTIL with the /d flag. This will defragment the .edb file and recover lost disk space. This is much akin to running jetpack against the DHCP.mdb file to defragment the DHCP database in Microsoft Windows Server 2003 and not so much like defragmenting you hard drive with Windows built in defragmenter. You must dismount the store in order to run eseutil /d, but you do not need to stop the Information Store service to do so.

The last function of ESEUTIL, and by far the scariest function set is the restore options. The /r and /p flags can really muck up a Microsoft Exchange store quickly. These options will require their own blog entry so stay tuned for more.

A quick over view of all the options for Microsoft Exchange’s ESEUTIL.
Eseutil /cc Performs a hard recovery after a database restore.
Eseutil /d Performs an offline compaction of a database.
Eseutil /g Verifies the integrity of a database.
Eseutil /k Verifies the checksums of a database.
Eseutil /m Generates formatted output of various database file types. e.g. /mh
Eseutil /p Repairs a corrupted or damaged database.
Eseutil /r Performs soft recovery to bring a single database into a consistent or clean shutdown state.
Eseutil /y Copies a database, streaming file, or log file.

1 comment:

JasonThomas said...

Nice Article, Another great article I found about using Eseutil is here: