Exchange DB Growing issue

Hi all,

I'm running Exchange 2k7 SP1 in somewhat of a hosted environment. I haven't added any mailboxes to the server in about 2 months, from 3/3 to 3/23/2010, the db grew from 41,212,304kb to 41,216,528kb, pretty much nothing, then on 4/12/2010 it was at 42,943,120 and grew to 45,105,936 in 8 days!!! The db is now at 46,269,200 and just grew about 3 minutes ago.

I've been watching exmon, and my number one client is the "?" at 127.0.0.1 which according to my research is some sort of a hub transport issue, I guess this makes sense as hub transport is on this same server. I've added up the mailbox sizes, and they add up to about 35GB, so given the fact that we have a 30 day deleted item retention, I expect the db to be a little bigger than that number, but not by nearly 11GB.

I've been looking in the queues to see if something is in some sort of a loop, but I can't find anything. Any ideas? This makes me quite nervous as this is a production server and I have zero (0!) db experience.

Thanks!
newtoexchangeAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

shauncroucherCommented:
There are lots of possible reasons for this.

Take a look through this article which speaks directly on your issue.

http://blogs.technet.com/mikelag/archive/2009/07/12/troubleshooting-store-log-database-growth-issues.aspx

Shaun
0
newtoexchangeAuthor Commented:
Thanks for the article, came across that one yesterday before I posted, that's where I got the idea about the "?" user in Exchange User Monitor. What I can't find is exactly what this means, it pops up from time to time, but doesn't seem to be staying up in the top log bytes contributors for too long. Sometimes it isn't in there, sometimes top 5, sometimes bottom 5.
0
newtoexchangeAuthor Commented:
Here's a screenshot of the Exchange User Monitor. Pretty sure that the "?" user is my issue, but I cannot find anything anywhere about what this could be.
Exchange-Screen-Capture-2.png
0
Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

newtoexchangeAuthor Commented:
Update:

Turning off the Microsoft Exchange Transport service effectively makes the "?" user go away completely. As soon as that service is turned back on, the "?" comes back and starts writing logs.
0
shauncroucherCommented:
OK,

It says

"¿If it appears that the user in Exmon is a ?, then this is representative of a HUB/Transport related problem generating the logs. Query the message tracking logs using the Message Tracking Log tool in the Exchange Management Consoles Toolbox to check for any large messages that might be running through the system. See step 5.9 for a Powershell script to accomplish the same task. "

Have you done this? Take a look through your logs and try to identify any large messages running through the system. Use Exchange Maangement console --> Toolbox --> message tracking, untick receive and set the time frame for hour or more to check through list.

Also, have you updated Exchnage to at least SP2 with UR3?

Shaun
0
newtoexchangeAuthor Commented:
First, I really appreciate your help.

I have tried this, there is nothing really too big going through, and nothing really looks out of place. Just basic inbound and outbound mail, no blasts with lots of recipients. There are a bunch of DSNs in there which look like spam which is being bounced, maybe about 40 in an hour, not sure if that's a large number or not.
0
shauncroucherCommented:
40 NDRs bounced might be a lot depending how many users you have. Looking at overall size of database, I'm guessing you don't have very many.

The NDR's  - are they for internal users? If so, it could be backscatter from a spammer using your domain as MAIL FROM. If they are destined for external users, you should make sure you have recipient filtering enabled incase you are sending out backscatter yourselfl, you would probably see this in your Queues though - how do they look? Exchange Management Console --> Toolbox --> Queue Viewer.

Shaun
0
newtoexchangeAuthor Commented:
This server has about 110 mailboxes on it. I don't have recipient filtering on as there is no edge server in our environment.

I don't know what else it could be, could the "client version" have anything to do with it? The screenshot says it is version 8.1.336.0, which is the same version as what pops up when someone connects to the server with OWA. So this one says its using the same version, but the ip address is the same as the server. Could this have something to do with it?
0
shauncroucherCommented:
if your mail server accepts mail from anonymous users it needs to have recipient validation, edge server or not. for hub server, install antispam agents and then enable filtering of non existent users.

is exchange fully patched and latest sp?

shaun
0
newtoexchangeAuthor Commented:
Ok, I didn't know you could do that without Edge. I'll be pretty honest, I've been shying away from many of the patches and updates as this is a production server and I'm in a little over my head as the "admin". I've read many horror stories about patches killing certain parts of an Exchange server, what's more is we have a BES attached to this thing too.

I'm going to reboot the server tonight to see if it continues and I'll let you know the outcome.
0
shauncroucherCommented:
I'd *highly* recommend that you get the server patches and service packed as these things aren't really optional. SP2 is pretty robust, and should install without problems,

I suspect this may well be the cause of the issue, so I'd recommend going with the install. If you are able to you might want to convert production server to virtual machine and try installation in a virtual environment first, but I'd be pretty confident with SP2 nowadays.

Shaun
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Software

From novice to tech pro — start learning today.