Solved

Disk spage agressively being chewed up by something

Posted on 2007-03-19
10
1,023 Views
Last Modified: 2012-06-21
Hi Experts,
   I really hope you can help me out on this one cause I've been banging my head  on it all weekend. I have a windows 2003 server running Exchange 2003 e also have ISA server installed. Everything was fine until last Thursday when the server reported it had no more disk space available. That sounded strange so I removed some log files and some unused files freeing up about 8gig of data. The whole sytem went back to normal when all of a sudden I noticed the disk space going out rapidly at a rate of 1 gig per min. I thought someone was in our network so I disconnected the server isolating him still the space was being chewed up. I did a seach on modified files but nothing came up. Needless to say the server became really slow. Any Idea what this can be ? I checked the ttask manager and everything looked normal. We aslo have AVG installed and it did not detect any viruses on the system.
0
Comment
Question by:Biju708
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 9
10 Comments
 

Author Comment

by:Biju708
ID: 18748066
I am attaching the log from hijakthis maybe you can have a better idea.

Logfile of HijackThis v1.99.1
Scan saved at 3:03:55 PM, on 3/19/2007
Platform: Windows 2003 SP1 (WinNT 5.02.3790)
MSIE: Internet Explorer v6.00 SP1 (6.00.3790.1830)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\certsrv.exe
C:\WINDOWS\system32\Dfssvc.exe
C:\WINDOWS\System32\dns.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\GFI\MailSecurity\msecatt.exe
C:\Program Files\GFI\MailEssentials\msecatt.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\System32\ismserv.exe
C:\Program Files\LogMeIn\RaMaint.exe
C:\Program Files\LogMeIn\LogMeIn.exe
C:\Program Files\Exchsrvr\bin\srsmain.exe
C:\WINDOWS\system32\ntfrs.exe
C:\Program Files\Persits Software\AspEmail\BIN\EmailAgent.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\GFI\Network Server Monitor\Server\iothrust.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft SQL Server\80\COM\logread.exe
C:\Program Files\GFI\MailSecurity\autdlsvc.exe
C:\Program Files\Microsoft SQL Server\80\COM\logread.exe
C:\Program Files\Exchsrvr\bin\exmgmt.exe
C:\Program Files\Exchsrvr\bin\mad.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe
C:\Program Files\Exchsrvr\bin\store.exe
C:\Program Files\Exchsrvr\bin\emsmta.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\LogMeIn\LogMeInSystray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft ISA Server\isastg.exe
C:\WINDOWS\system32\wuauclt.exe
F:\WindowsServer2003-KB914961-SP2-x86-ENU.exe
e:\5d22ab50bde17113ac1da2795a2d\i386\update\update.exe
F:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/hardAdmin.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://shdoclc.dll/hardAdmin.htm
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\LogMeInSystray.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [DWPersistentQueuedReporting] C:\PROGRA~1\COMMON~1\MICROS~1\DW\DWTRIG20.EXE -a
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1168697083281
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = asp-consulting.com
O17 - HKLM\Software\..\Telephony: DomainName = asp-consulting.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{276CD682-4C13-43FB-BE85-DCC1CFFC7335}: NameServer = 212.56.128.196,212.56.128.132
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = asp-consulting.com
O17 - HKLM\System\CS1\Services\Tcpip\..\{276CD682-4C13-43FB-BE85-DCC1CFFC7335}: NameServer = 212.56.128.196,212.56.128.132
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = asp-consulting.com
O17 - HKLM\System\CS2\Services\Tcpip\..\{276CD682-4C13-43FB-BE85-DCC1CFFC7335}: NameServer = 212.56.128.196,212.56.128.132
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = asp-consulting.com
O17 - HKLM\System\CS3\Services\Tcpip\..\{276CD682-4C13-43FB-BE85-DCC1CFFC7335}: NameServer = 212.56.128.196,212.56.128.132
O20 - Winlogon Notify: dimsntfy - C:\WINDOWS\SYSTEM32\dimsntfy.dll
O20 - Winlogon Notify: LMIinit - C:\WINDOWS\SYSTEM32\LMIinit.dll
O23 - Service: GFI virusdef updater (autdlsvc) - GFI Software - C:\Program Files\GFI\MailSecurity\autdlsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: GFI Content Security Attendant - GFI Software Ltd. - C:\Program Files\GFI\MailSecurity\msecatt.exe
O23 - Service: GFI MailEssentials Attendant - Unknown owner - C:\Program Files\GFI\MailEssentials\msecatt.exe" -service (file missing)
O23 - Service: GFI POP2Exchange - GFI Software Ltd. - C:\Program Files\GFI\MailEssentials\pop2exch.exe
O23 - Service: GFI Network Server Monitor (GfiNmSvc) - GFI Software Ltd. - C:\Program Files\GFI\Network Server Monitor\Server\GfiNmSvc.exe
O23 - Service: GFI List Server (listserv) - GFI Software Ltd - C:\Program Files\GFI\MailEssentials\ListServ.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\LogMeIn.exe
O23 - Service: MSSQL$MSFW - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$MSFW\Binn\sqlservr.exe" -sMSFW (file missing)
O23 - Service: Persits Software EmailAgent - Unknown owner - C:\Program Files\Persits Software\AspEmail\BIN\EmailAgent.exe" /run (file missing)
O23 - Service: SQLAgent$MSFW - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$MSFW\Binn\sqlagent.EXE" -i MSFW (file missing)

0
 
LVL 70

Accepted Solution

by:
KCTS earned 500 total points
ID: 18748107
Have you backed up Exchange and cleared your transaction logs recently?
0
 

Author Comment

by:Biju708
ID: 18748132
no not recently KCTS
0
DevOps Toolchain Recommendations

Read this Gartner Research Note and discover how your IT organization can automate and optimize DevOps processes using a toolchain architecture.

 

Author Comment

by:Biju708
ID: 18748276
I'm doing a backup right now KCTS the store and site replication services using NT backup. Will transaction logs automatically clear after backup ?
0
 

Author Comment

by:Biju708
ID: 18749248
did that but it did not help at all I still have the same problem. Any other ideas ?
0
 

Author Comment

by:Biju708
ID: 18750197
What I noticed now is that after a restart everything works fine, then after about 10 minutes Outlook clients will not update their emails from the server this will then start the disk consumpion on the server. I am really at a loss here since I have never seen anything like it. any help will really be appreciated.
0
 

Author Comment

by:Biju708
ID: 18758367
NOw I just cloned the drive and replaced it with a new one maybe it was a drive problem
0
 

Author Comment

by:Biju708
ID: 18765871
That did not do the trick either. I'm really at a loss now no idea what it could be.
0
 

Author Comment

by:Biju708
ID: 18766375
I am now checking the login logs and it seems that the server crashes evertime a particular user logs in via MAC entourage is it a possibility or that cannot be ?

0
 

Author Comment

by:Biju708
ID: 18769809
I think I found the solution here

http://msexchangetips.blogspot.com/2006/08/exchange-transaction-log-files-growing.html

I will test it out and see what happens.
0

Featured Post

Edgartown IT Case Study

Learn about Edgartown's quest to ensure the safety and security of the entire town's employee and citizen data. Read the case study!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Background Information Recently I have fixed file server permission issues for one of my client. The client has 1800 users and one Windows Server 2008 R2 domain joined file server with 12 TB of data, 250+ shared folders and the folder structure i…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …
The Task Scheduler is a powerful tool that is built into Windows. It allows you to schedule tasks (actions) on a recurring basis, such as hourly, daily, weekly, monthly, at log on, at startup, on idle, etc. This video Micro Tutorial is a brief intro…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question