Exchange DB Growing issue

Hi all,

I'm running Exchange 2k7 SP1 in somewhat of a hosted environment. I haven't added any mailboxes to the server in about 2 months, from 3/3 to 3/23/2010, the db grew from 41,212,304kb to 41,216,528kb, pretty much nothing, then on 4/12/2010 it was at 42,943,120 and grew to 45,105,936 in 8 days!!! The db is now at 46,269,200 and just grew about 3 minutes ago.

I've been watching exmon, and my number one client is the "?" at 127.0.0.1 which according to my research is some sort of a hub transport issue, I guess this makes sense as hub transport is on this same server. I've added up the mailbox sizes, and they add up to about 35GB, so given the fact that we have a 30 day deleted item retention, I expect the db to be a little bigger than that number, but not by nearly 11GB.

I've been looking in the queues to see if something is in some sort of a loop, but I can't find anything. Any ideas? This makes me quite nervous as this is a production server and I have zero (0!) db experience.

Thanks!
newtoexchangeAsked:
Who is Participating?
 
shauncroucherCommented:
I'd *highly* recommend that you get the server patches and service packed as these things aren't really optional. SP2 is pretty robust, and should install without problems,

I suspect this may well be the cause of the issue, so I'd recommend going with the install. If you are able to you might want to convert production server to virtual machine and try installation in a virtual environment first, but I'd be pretty confident with SP2 nowadays.

Shaun
0
 
shauncroucherCommented:
There are lots of possible reasons for this.

Take a look through this article which speaks directly on your issue.

http://blogs.technet.com/mikelag/archive/2009/07/12/troubleshooting-store-log-database-growth-issues.aspx

Shaun
0
 
newtoexchangeAuthor Commented:
Thanks for the article, came across that one yesterday before I posted, that's where I got the idea about the "?" user in Exchange User Monitor. What I can't find is exactly what this means, it pops up from time to time, but doesn't seem to be staying up in the top log bytes contributors for too long. Sometimes it isn't in there, sometimes top 5, sometimes bottom 5.
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
newtoexchangeAuthor Commented:
Here's a screenshot of the Exchange User Monitor. Pretty sure that the "?" user is my issue, but I cannot find anything anywhere about what this could be.
Exchange-Screen-Capture-2.png
0
 
newtoexchangeAuthor Commented:
Update:

Turning off the Microsoft Exchange Transport service effectively makes the "?" user go away completely. As soon as that service is turned back on, the "?" comes back and starts writing logs.
0
 
shauncroucherCommented:
OK,

It says

"¿If it appears that the user in Exmon is a ?, then this is representative of a HUB/Transport related problem generating the logs. Query the message tracking logs using the Message Tracking Log tool in the Exchange Management Consoles Toolbox to check for any large messages that might be running through the system. See step 5.9 for a Powershell script to accomplish the same task. "

Have you done this? Take a look through your logs and try to identify any large messages running through the system. Use Exchange Maangement console --> Toolbox --> message tracking, untick receive and set the time frame for hour or more to check through list.

Also, have you updated Exchnage to at least SP2 with UR3?

Shaun
0
 
newtoexchangeAuthor Commented:
First, I really appreciate your help.

I have tried this, there is nothing really too big going through, and nothing really looks out of place. Just basic inbound and outbound mail, no blasts with lots of recipients. There are a bunch of DSNs in there which look like spam which is being bounced, maybe about 40 in an hour, not sure if that's a large number or not.
0
 
shauncroucherCommented:
40 NDRs bounced might be a lot depending how many users you have. Looking at overall size of database, I'm guessing you don't have very many.

The NDR's  - are they for internal users? If so, it could be backscatter from a spammer using your domain as MAIL FROM. If they are destined for external users, you should make sure you have recipient filtering enabled incase you are sending out backscatter yourselfl, you would probably see this in your Queues though - how do they look? Exchange Management Console --> Toolbox --> Queue Viewer.

Shaun
0
 
newtoexchangeAuthor Commented:
This server has about 110 mailboxes on it. I don't have recipient filtering on as there is no edge server in our environment.

I don't know what else it could be, could the "client version" have anything to do with it? The screenshot says it is version 8.1.336.0, which is the same version as what pops up when someone connects to the server with OWA. So this one says its using the same version, but the ip address is the same as the server. Could this have something to do with it?
0
 
shauncroucherCommented:
if your mail server accepts mail from anonymous users it needs to have recipient validation, edge server or not. for hub server, install antispam agents and then enable filtering of non existent users.

is exchange fully patched and latest sp?

shaun
0
 
newtoexchangeAuthor Commented:
Ok, I didn't know you could do that without Edge. I'll be pretty honest, I've been shying away from many of the patches and updates as this is a production server and I'm in a little over my head as the "admin". I've read many horror stories about patches killing certain parts of an Exchange server, what's more is we have a BES attached to this thing too.

I'm going to reboot the server tonight to see if it continues and I'll let you know the outcome.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.