newtoexchange
asked on
Exchange DB Growing issue
Hi all,
I'm running Exchange 2k7 SP1 in somewhat of a hosted environment. I haven't added any mailboxes to the server in about 2 months, from 3/3 to 3/23/2010, the db grew from 41,212,304kb to 41,216,528kb, pretty much nothing, then on 4/12/2010 it was at 42,943,120 and grew to 45,105,936 in 8 days!!! The db is now at 46,269,200 and just grew about 3 minutes ago.
I've been watching exmon, and my number one client is the "?" at 127.0.0.1 which according to my research is some sort of a hub transport issue, I guess this makes sense as hub transport is on this same server. I've added up the mailbox sizes, and they add up to about 35GB, so given the fact that we have a 30 day deleted item retention, I expect the db to be a little bigger than that number, but not by nearly 11GB.
I've been looking in the queues to see if something is in some sort of a loop, but I can't find anything. Any ideas? This makes me quite nervous as this is a production server and I have zero (0!) db experience.
Thanks!
I'm running Exchange 2k7 SP1 in somewhat of a hosted environment. I haven't added any mailboxes to the server in about 2 months, from 3/3 to 3/23/2010, the db grew from 41,212,304kb to 41,216,528kb, pretty much nothing, then on 4/12/2010 it was at 42,943,120 and grew to 45,105,936 in 8 days!!! The db is now at 46,269,200 and just grew about 3 minutes ago.
I've been watching exmon, and my number one client is the "?" at 127.0.0.1 which according to my research is some sort of a hub transport issue, I guess this makes sense as hub transport is on this same server. I've added up the mailbox sizes, and they add up to about 35GB, so given the fact that we have a 30 day deleted item retention, I expect the db to be a little bigger than that number, but not by nearly 11GB.
I've been looking in the queues to see if something is in some sort of a loop, but I can't find anything. Any ideas? This makes me quite nervous as this is a production server and I have zero (0!) db experience.
Thanks!
ASKER
Thanks for the article, came across that one yesterday before I posted, that's where I got the idea about the "?" user in Exchange User Monitor. What I can't find is exactly what this means, it pops up from time to time, but doesn't seem to be staying up in the top log bytes contributors for too long. Sometimes it isn't in there, sometimes top 5, sometimes bottom 5.
ASKER
Here's a screenshot of the Exchange User Monitor. Pretty sure that the "?" user is my issue, but I cannot find anything anywhere about what this could be.
Exchange-Screen-Capture-2.png
Exchange-Screen-Capture-2.png
ASKER
Update:
Turning off the Microsoft Exchange Transport service effectively makes the "?" user go away completely. As soon as that service is turned back on, the "?" comes back and starts writing logs.
Turning off the Microsoft Exchange Transport service effectively makes the "?" user go away completely. As soon as that service is turned back on, the "?" comes back and starts writing logs.
OK,
It says
"¿If it appears that the user in Exmon is a ?, then this is representative of a HUB/Transport related problem generating the logs. Query the message tracking logs using the Message Tracking Log tool in the Exchange Management Consoles Toolbox to check for any large messages that might be running through the system. See step 5.9 for a Powershell script to accomplish the same task. "
Have you done this? Take a look through your logs and try to identify any large messages running through the system. Use Exchange Maangement console --> Toolbox --> message tracking, untick receive and set the time frame for hour or more to check through list.
Also, have you updated Exchnage to at least SP2 with UR3?
Shaun
It says
"¿If it appears that the user in Exmon is a ?, then this is representative of a HUB/Transport related problem generating the logs. Query the message tracking logs using the Message Tracking Log tool in the Exchange Management Consoles Toolbox to check for any large messages that might be running through the system. See step 5.9 for a Powershell script to accomplish the same task. "
Have you done this? Take a look through your logs and try to identify any large messages running through the system. Use Exchange Maangement console --> Toolbox --> message tracking, untick receive and set the time frame for hour or more to check through list.
Also, have you updated Exchnage to at least SP2 with UR3?
Shaun
ASKER
First, I really appreciate your help.
I have tried this, there is nothing really too big going through, and nothing really looks out of place. Just basic inbound and outbound mail, no blasts with lots of recipients. There are a bunch of DSNs in there which look like spam which is being bounced, maybe about 40 in an hour, not sure if that's a large number or not.
I have tried this, there is nothing really too big going through, and nothing really looks out of place. Just basic inbound and outbound mail, no blasts with lots of recipients. There are a bunch of DSNs in there which look like spam which is being bounced, maybe about 40 in an hour, not sure if that's a large number or not.
40 NDRs bounced might be a lot depending how many users you have. Looking at overall size of database, I'm guessing you don't have very many.
The NDR's - are they for internal users? If so, it could be backscatter from a spammer using your domain as MAIL FROM. If they are destined for external users, you should make sure you have recipient filtering enabled incase you are sending out backscatter yourselfl, you would probably see this in your Queues though - how do they look? Exchange Management Console --> Toolbox --> Queue Viewer.
Shaun
The NDR's - are they for internal users? If so, it could be backscatter from a spammer using your domain as MAIL FROM. If they are destined for external users, you should make sure you have recipient filtering enabled incase you are sending out backscatter yourselfl, you would probably see this in your Queues though - how do they look? Exchange Management Console --> Toolbox --> Queue Viewer.
Shaun
ASKER
This server has about 110 mailboxes on it. I don't have recipient filtering on as there is no edge server in our environment.
I don't know what else it could be, could the "client version" have anything to do with it? The screenshot says it is version 8.1.336.0, which is the same version as what pops up when someone connects to the server with OWA. So this one says its using the same version, but the ip address is the same as the server. Could this have something to do with it?
I don't know what else it could be, could the "client version" have anything to do with it? The screenshot says it is version 8.1.336.0, which is the same version as what pops up when someone connects to the server with OWA. So this one says its using the same version, but the ip address is the same as the server. Could this have something to do with it?
if your mail server accepts mail from anonymous users it needs to have recipient validation, edge server or not. for hub server, install antispam agents and then enable filtering of non existent users.
is exchange fully patched and latest sp?
shaun
is exchange fully patched and latest sp?
shaun
ASKER
Ok, I didn't know you could do that without Edge. I'll be pretty honest, I've been shying away from many of the patches and updates as this is a production server and I'm in a little over my head as the "admin". I've read many horror stories about patches killing certain parts of an Exchange server, what's more is we have a BES attached to this thing too.
I'm going to reboot the server tonight to see if it continues and I'll let you know the outcome.
I'm going to reboot the server tonight to see if it continues and I'll let you know the outcome.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Take a look through this article which speaks directly on your issue.
http://blogs.technet.com/mikelag/archive/2009/07/12/troubleshooting-store-log-database-growth-issues.aspx
Shaun