Esutil and its uses.
Eseutil is very powerful. It can get you out of a tight spot (as in you don’t have a backup). But the best way to recover exchange databases and transaction files is restore from backup. This is why proper regular and exchange aware backups are so important.
List of Eseutil switches for Windows Exchange
Eseutil /cc Performs a hard recovery after a database restore.
Eseutil /d Performs an offline compaction of a database.
Eseutil /g Verifies the integrity of a database.
Eseutil /k Verifies the checksums of a database.
Eseutil /m Generates formatted output of various database file types. e.g. /mh
Eseutil /p Repairs a corrupted or damaged database.
Eseutil /r Performs soft recovery to bring a single database into a consistent or clean shutdown state.
Eseutil /y Copies a database, streaming file, or log file.
Eseutil /mh
This switch to esutil just determines if the last un-mount was clean or dirty. To see if this is the case, examine the output. Look for the text, “State: Clean Shutdown” or in the case of a dirty un-mount “State: Dirty Shutdown”.
Another way of using the /mh switch is to check if the results from running eseutil /p. Look at the repair count and if this is zero (0) then the repair was probably successful. However if the repair count is above zero then there is little chance that a repair will succeed.
Eseutil /ml
Similar to the /mh, except this switch performs a check on log files.
Eseutil /mm
Dumps metadata from the database file (priv.mdb). Not a lot of use really this switch.
Eseutil /mk
Gives information about the checkpoint file. Can be useful for trouble shooting backup issues. You have to give the XX.chk file as an argument for this switch to work.
Eseutil /k
This switch, /k is used for checking the integrity of the information stores or transaction logs. It’s often used if the exchange server has been simply powered off for some reason. But this switch will not recover the database. See /r or /p.
If you see warnings about un initialised pages ignore them. This is totally normal to see this.
To check the transaction logs just issue the /k switch followed by the path to the transaction log that you want to check.
Eseutil /cc
This switch is used for Hard and Soft recovery
A common scenario for this /cc switch is that you have just restored an Exchange message store from the last full dump. And you want to replay the transaction logs from incremental restores to bring the message store upto date with the last backup. Change directory to the folder where the file “restore.env” file has been created by the backup software. Then just issue the command, “eseutil /cc restore.env”.
The difference between hard and soft recovery are, Hard recovery forces a replay of the logs. A soft recovery is accomplished by just mounting the message store through Exchange System Manager in the normal way by referencing the XX.chk file (check point file). The normal routine at mount is for uncommitted transactions to be written to the database. Just remounting the store triggers a built-in soft recovery routine.
To ensure that eseutil /cc has done its stuff, check for event 205.
Eseutil /d
This switch is used to defrag the exchange database. This is one of the most used switches after /mk. Especially with the standard version of exchange where the store is limited to size (75GB). After deleting or moving mailbox’s the message store doesn’t shrink. So to recover the space, use /d.
To use the /d switch the message store must be in a dismounted state. If space is a problem where the message store is located you can use the /t switch in conjunction with the /d switch to give a path to an area where there is plenty of space needed. You need at least twice the space of the message store to defragment it.
Eseutil /r
You have restored an Exchange database but it wont mount. Event ID 494 is in eventvwr as error -1216 is displayed. This means that the message store is corrupted and its restore from backup or try and repair it. What I do is kick off a restore and try and repair the current message store. However in all the times I have tried this its only worked a few times. Restore from backup is usually the best option and the most successful.
Never just run /r switch on a good message store.
The way to run this is “esutil /r e00 /I” Yes the “/I” comes after the filename. The “e00” is assumed as your transaction log. The other message stores in the group must be un-mounted as all message stores in the group share transaction logs location. If /r doesn’t work then /p is the only choice apart from restore from backup.
Eseutil /p
So you have tried the repair “/r” and that didn’t work. This is the last thing you can try. You need to see whats going on first. For that its eseutil /mh. If it says its inconsistent (because you are missing transaction logs) so its eseutil /p followed by isinteg –fix.
Some examples of the esutil command used.
The most useful switch to esutil is probably /mh. You can only run this command on an un-mounted database.
Eseutil /mh
What you are looking for is the line “State:”. This is either Clean shutdown or Dirty Shutdown. When message stores are un mounted manually or because of the LOG LUN or LOG volume becomes full, the ESE will un mount the message store. Usually it does this cleanly. However, if the server is powered off or the SAN (Network storage) becomes unavailable, this will show Dirty Shutdown when the server is powered back on or the SAN is re-attached.
The other most used switch is the /mk. This can be used on whilst the message stores are mounted. We run this command against the EXX.chk file like this:
Eseutil /mk
List of Eseutil switches for Windows Exchange
Eseutil /cc Performs a hard recovery after a database restore.
Eseutil /d Performs an offline compaction of a database.
Eseutil /g Verifies the integrity of a database.
Eseutil /k Verifies the checksums of a database.
Eseutil /m Generates formatted output of various database file types. e.g. /mh
Eseutil /p Repairs a corrupted or damaged database.
Eseutil /r Performs soft recovery to bring a single database into a consistent or clean shutdown state.
Eseutil /y Copies a database, streaming file, or log file.
Eseutil /mh
This switch to esutil just determines if the last un-mount was clean or dirty. To see if this is the case, examine the output. Look for the text, “State: Clean Shutdown” or in the case of a dirty un-mount “State: Dirty Shutdown”.
Another way of using the /mh switch is to check if the results from running eseutil /p. Look at the repair count and if this is zero (0) then the repair was probably successful. However if the repair count is above zero then there is little chance that a repair will succeed.
Eseutil /ml
Similar to the /mh, except this switch performs a check on log files.
Eseutil /mm
Dumps metadata from the database file (priv.mdb). Not a lot of use really this switch.
Eseutil /mk
Gives information about the checkpoint file. Can be useful for trouble shooting backup issues. You have to give the XX.chk file as an argument for this switch to work.
Eseutil /k
This switch, /k is used for checking the integrity of the information stores or transaction logs. It’s often used if the exchange server has been simply powered off for some reason. But this switch will not recover the database. See /r or /p.
If you see warnings about un initialised pages ignore them. This is totally normal to see this.
To check the transaction logs just issue the /k switch followed by the path to the transaction log that you want to check.
Eseutil /cc
This switch is used for Hard and Soft recovery
A common scenario for this /cc switch is that you have just restored an Exchange message store from the last full dump. And you want to replay the transaction logs from incremental restores to bring the message store upto date with the last backup. Change directory to the folder where the file “restore.env” file has been created by the backup software. Then just issue the command, “eseutil /cc restore.env”.
The difference between hard and soft recovery are, Hard recovery forces a replay of the logs. A soft recovery is accomplished by just mounting the message store through Exchange System Manager in the normal way by referencing the XX.chk file (check point file). The normal routine at mount is for uncommitted transactions to be written to the database. Just remounting the store triggers a built-in soft recovery routine.
To ensure that eseutil /cc has done its stuff, check for event 205.
Eseutil /d
This switch is used to defrag the exchange database. This is one of the most used switches after /mk. Especially with the standard version of exchange where the store is limited to size (75GB). After deleting or moving mailbox’s the message store doesn’t shrink. So to recover the space, use /d.
To use the /d switch the message store must be in a dismounted state. If space is a problem where the message store is located you can use the /t switch in conjunction with the /d switch to give a path to an area where there is plenty of space needed. You need at least twice the space of the message store to defragment it.
Eseutil /r
You have restored an Exchange database but it wont mount. Event ID 494 is in eventvwr as error -1216 is displayed. This means that the message store is corrupted and its restore from backup or try and repair it. What I do is kick off a restore and try and repair the current message store. However in all the times I have tried this its only worked a few times. Restore from backup is usually the best option and the most successful.
Never just run /r switch on a good message store.
The way to run this is “esutil /r e00 /I” Yes the “/I” comes after the filename. The “e00” is assumed as your transaction log. The other message stores in the group must be un-mounted as all message stores in the group share transaction logs location. If /r doesn’t work then /p is the only choice apart from restore from backup.
Eseutil /p
So you have tried the repair “/r” and that didn’t work. This is the last thing you can try. You need to see whats going on first. For that its eseutil /mh. If it says its inconsistent (because you are missing transaction logs) so its eseutil /p followed by isinteg –fix.
Some examples of the esutil command used.
The most useful switch to esutil is probably /mh. You can only run this command on an un-mounted database.
Eseutil /mh
What you are looking for is the line “State:”. This is either Clean shutdown or Dirty Shutdown. When message stores are un mounted manually or because of the LOG LUN or LOG volume becomes full, the ESE will un mount the message store. Usually it does this cleanly. However, if the server is powered off or the SAN (Network storage) becomes unavailable, this will show Dirty Shutdown when the server is powered back on or the SAN is re-attached.
The other most used switch is the /mk. This can be used on whilst the message stores are mounted. We run this command against the EXX.chk file like this:
Eseutil /mk
Comments
Post a Comment