Solved

Exchange 2010 Logs FILLING up daily right after backup completes

Posted on 2010-09-14
11
980 Views
Last Modified: 2012-05-10
We have a new Exchange 2010 server running on Server 2008 R2 on a Dell T610 which running VMware with 3 other Server 2008 R2 systems. Nearly 45 email accounts were exported out of the old SBS 2003 system into PST files them imported into the new Exchange 2010.
It’s been almost a week and both the desktops and laptops have all been updated and each client system says that files are updated and current.
We are using Symantec Backup Exec 2010-R2 with a Dell Power Vault 110T LTO-3 tape drive.
We also have a backup server with 2TB of disk space for other Data backups.

Problem:
The Exchange logs are growing in excess of 90GBs per every 3-4 hours just one file after another in the
V14\Mailbox\”Folder”
Each file is 1024 KB in size and we have a 100 GB partition setup just for the logs which for which we are having to run backups every 2 hours to clear the folder and avoid the Exchange Store from dismounting.
Log files are named all like: E02000F9B8E.LOG and all are 1024KB

I have checked all the client computers that are local to the domain and nothing alarming was found.
What could be causing 90+ GB’s of log file to accumulate every 2-3 hours with only 45 users?

 
 Thank you!
0
Comment
Question by:Magothytech1
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 3
  • 2
11 Comments
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33674724
spam
looping emails
corrupt email in sent item
mass spam

a) did you exclude exchange directories from anti-spam scan
b) what anti-spam software are you using.
c) can you run the bpa report and upload it here

Open exchange > toolbox > best practices analyzer
run a health scan
export report as html
upload it here

thanks
0
 

Author Comment

by:Magothytech1
ID: 33675019
Thanks Sunnyc7:

 I am trying to run the BP Analyzer but the options seem to be either not functioning of they are greyed out....I may not have the rights to run it?

I'm logged in as Admin??
0
 

Author Comment

by:Magothytech1
ID: 33675042
Are mail filtering is being done by a new source and it is:

MX Logic
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:Magothytech1
ID: 33675157
I was able to retrieve this: Not sure if it's any help though.

Summary: 3 item(s). 3 succeeded, 0 failed.
Elapsed time: 00:00:05


Read file
Completed

Exchange Management Shell command completed:
Read binary stream from the file 'C:\Program Files\Microsoft\Exchange Server\V14\bin\ExBPA.StayingInformed.Config.xml'.

Elapsed Time: 00:00:00


Collect Organizational Health Data
Completed

Exchange Management Shell command completed:
Test-SystemHealth -ConfigurationData '<Binary Data>' -OutData

Elapsed Time: 00:00:05


Save Organizational Health Data
Completed

Exchange Management Shell command completed:
Set-OrganizationConfig -OrganizationSummary 'TotalExchangeServers,1,False','TotalMailboxServers,1,False','TotalUMServers,0,False','TotalClientAccessServers,1,False','TotalTransportServers,1,False','TotalCALMailboxes,54,False','EnterpriseCALs,0,False','StandardCALs,54,False','TotalJounalingUser,0,False','TotalDatabases,3,False','TotalDatabasesCopy,2,False','TotalDatabasesCopyUnhealthy,0,False','Total2009ExchangeServers,1,False','Total2007ExchangeServers,0,False','Total2003ExchangeServers,0,False','TotalUnlicensedExchangeServers,0,False','TotalRecipients,63,False','TotalMailboxes,54,False','TotalDistributionGroups,8,False','TotalDynamicDistributionGroups,0,False','TotalMailContacts,0,False','TotalMailUsers,0,False','TotalLegacyMailbox,0,False','TotalMessagingRecordManagementUser,0,False','TotalUnifiedMessagingUser,0,False','TotalOWAUser,55,False','TotalActiveSyncUser,55,False','TotalMAPIUser,55,False','TotalPOP3User,55,False','TotalIMAP4User,55,False'

Elapsed Time: 00:00:00

0
 
LVL 49

Expert Comment

by:Akhater
ID: 33677764
is this behavior also happening at night when your users are not connected ?

can you dismount the store for maybe 1/2 an hour and monitor your email queue ? if you have nothing then it is probably not incoming spam
0
 
LVL 28

Accepted Solution

by:
sunnyc7 earned 250 total points
ID: 33677772
I am trying to run the BP Analyzer but the options seem to be either not functioning of they are greyed out....I may not have the rights to run it?
>> When was the last time you did a full virus scan on exchange ?
What real-time A/V are you using ?
0
 
LVL 49

Assisted Solution

by:Akhater
Akhater earned 250 total points
ID: 33677784
please also download the Exchange User Monitor you will be able to track any anormal activity at a user lever

http://www.microsoft.com/downloads/en/details.aspx?FamilyId=9A49C22E-E0C7-4B7C-ACEF-729D48AF7BC9&displaylang=en
0
 

Author Comment

by:Magothytech1
ID: 33690272
Thank you guys for each of the suggestions, they were all helpful and especially useful for future diagnostic testing.
As it turned out it we had a single PC that was remotely connected via a VPN link and it was still on the old domain with a valid email address and Outlook was open during the 3 day period that this was happening.
Not sure I understand why but when that single PC was added to the new domain and the Outlook profile was rebuild accordingly the logs files restored to a normal and expected rate. IO had never seen this type of log-file behavior before and will have to continue to monitor the system to ensure that this single PC was indeed the source.
Thanks again for the pointing us in the right direction.

FYI:

This behavior was happening during the day time and seemed not to be happening over night.

We are using Symantec Endpoint AV protection and the entire system was scanned just before the migration to the new server.

0
 

Author Closing Comment

by:Magothytech1
ID: 33690279
Thank you
0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33690577
Thanks for coming back and explaining the scenario.
It would have been really hard to guess this..

Will keep this in mind in future.
Thanks :)
0
 

Author Comment

by:Magothytech1
ID: 33690593
Yes you're right...doesn't make sense, but yet it has seemed to be the resolution thus far.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

This process describes the steps required to Import and Export data from and to .pst files using Exchange 2010. We can use these steps to export data from a user to a .pst file, import data back to the same or a different user, or even import data t…
This article explains how to install and use the NTBackup utility that comes with Windows Server.
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…

756 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question