Solved

Excessive Exchange 2010 Transaction Logs

Posted on 2010-11-10
16
2,203 Views
Last Modified: 2012-05-10
We have just brought up a client in a new server environment.  We are running the same configuration as we have used for multiple other clients, but we are getting a very weired and problematic issue on this server.

The Exchange Server 2010 runs inside of a Hyper-V session.  6GB ram assigned to it and about 35 or so active email account.  They receive about 1000 emails per day.  We imported all of the PST files over the weekend (they were on on a domain prior to this).

We have an issue where the system is generating about 2GB of transaction logs every 1/2 hour.  We have verified that there is no open relay and no abnormal amount of email messages being processed.

Per other online help documents, we disabled SMTP for a period of time and the transaction files continue to accumulate at the same accelerated pace.

We can run a backup and truncate the logs, but they keep continuing to build.

The problem appears to be something in the store that is running and creating the transactions.  But we cannot fully determine what is causing the issue.

Extra details:

GFI VIPRE Email Security for Exchange
OS Windows 2008R2 in Hyper-V
Exchange 2010
BaracudaWare Backup Client

6GB memory
0
Comment
Question by:dlainc
  • 11
  • 5
16 Comments
 
LVL 17

Expert Comment

by:Viral Rathod
ID: 34107166
Can you please download Microsoft Exchange Server User Monitor (EXMON) from following link and check who is sending the SPAM mails ?

Here is link
http://www.microsoft.com/downloads/en/details.aspx?FamilyId=9A49C22E-E0C7-4B7C-ACEF-729D48AF7BC9&displaylang=en

In my case one of the compuetr on the network was infected with virus OR spyware and this infected computer was sending too much spam e-mails to the server
After Research we have downloaded the EXMON on the server and we got the IP Address of the client Machine which was sending too many traffice to exchange server
We have simply removed this machine from network and suddendly Generating of Log Files on the server Reduced
then we have scan the computer and found some virus and spyware.
0
 

Author Comment

by:dlainc
ID: 34107231
I am downloading to tool and I will post the results back here.

Our internal Exchange expert does not think it is the issue as we do not show any excessive # of emails flowing through the system and the SMTP queues are not full of outgoing email.  But at this point, we are willing to try anything.

0
 
LVL 17

Expert Comment

by:Viral Rathod
ID: 34107275
In my case also there was no emails flowing through the system and the SMTP queues

The problem was Transaction Logs on server was increasing too frequently event after stopping the SMTP queue

Just Monitor the traffice and letus know the results.
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:dlainc
ID: 34107634
That is a very nice tool and we have two possible PC's that might be our problem PC's.  I will post another update shortly.
0
 

Author Comment

by:dlainc
ID: 34107763
We are trying to isolate what on the machine is causing the issues.  We think it has something to do with the VIPRE anti-virus outlook plugin.  We are slowing disabling the plugin on problem PC's to determine if the issue is going to go away.

Do you know of any tool that will show what is actually in the transaction log file?  That way we can isolate the issue further?

I will post another update tomorrow morning as the Exchange Admin is going to monitor the server on and off tonight, but the tool you provided seems to have help narrow down some of the bigger culprits.
0
 
LVL 17

Expert Comment

by:Viral Rathod
ID: 34107871
Have you scan those PC's for spyware and viruses ? ,In my case we have removed those PC' from Network and have scanned those PC in safemode for viruses and spyware.

For transaction log file : See transaction log are hardly 1 MB in size so you can open in notepad with no issues

Good to hear !!! ,Sure please post the update .


0
 

Author Comment

by:dlainc
ID: 34112083
The problem with the transaction logs are the fact that they are binary files in exchange 2010.  They are basically unreadable and you need some sort of utility to parse them to see what they contain.

Unless the virus/spam is system wide at the customer (unlikely as we have run several different virus/spam detections to eliminate this), there is a weird issue going on right now.

With all of the outlook clients turned off, there is almost no growth of transaction logs.  When people came in, the number of transaction logs starts to grow very rapidly.  One user in particular accumulated 2.4Gb worth of traffic to the Exchange server in a 30 minute period.

We are at a loss right now on what is touching so many records on the server from the outlook client.
0
 
LVL 17

Expert Comment

by:Viral Rathod
ID: 34114840
Can you remove the suspected computers from Network and then check if  transaction logs on the server is increasing or not ?

Actually Outlook uses MAPI protocols to communicate with Exchange server OR if you find through the system and the SMTP queues you will not able to find the root cause

Remove the suspected computers from Network and then check if  transaction logs on the server is increasing or not ?

Letus know the Results.
0
 

Author Comment

by:dlainc
ID: 34115002
We are in the process of doing that now on several test mailboxes.
0
 

Author Comment

by:dlainc
ID: 34115013
Sorry.  Not test mailboxes, but several mailboxes that are generating the highest traffic amounts.
0
 

Author Comment

by:dlainc
ID: 34116707
We ended up calling Microsoft Exchange support and they are thinking that the problem is related to a corrupt exchange store.  We have created a second store and are transferring mailboxes right now.  I do not think this is the solution, but MS support wants it tried.
0
 

Author Comment

by:dlainc
ID: 34122688
Well, it does not appear to be a mailbox corruption like Microsoft support thought.  Still working through the issues.  But it only appears to be a problem when the outlook client is actually open on the workstations.
0
 
LVL 17

Assisted Solution

by:Viral Rathod
Viral Rathod earned 150 total points
ID: 34151327
Have you find any suspected cause for the issue ?
0
 

Accepted Solution

by:
dlainc earned 0 total points
ID: 34155775
Viralrathod,

Our internal person finally located the problem.  I will have to say that the individual that we talked to from Microsoft was pretty much worthless.

The issues is as follows:

When the exchange server was put in, we imported the customers individual PST files from their PC's.  In exchange, there is a maximum message size setting for emails.  But during the import of PST's that check is not performed on imported emails.

But that check is performed every time you access the folder via outlook.  So what was happening is that it was trying to touch the large emails (some users had quite a few emails over 10Mb in size i their folders), and writing a transaction log for the entire email as it failed to do something with it.

Once we bumped up the message size limit, the number of log files dropped to expected levels.

This was a very interesting issue to work through and determine exactly what was going on.  

Thank you for your help,
0
 

Author Comment

by:dlainc
ID: 34155824
We ended up determining the issue internally.  I provided viralrathod points for his assistance in this thread
0
 

Author Closing Comment

by:dlainc
ID: 34186366
We ended up determining the issue internally.  I provided viralrathod points for his assistance in this thread.
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Exchange 2013: Search-mailbox list found items 4 37
Exchange 2016 Malware Scanning 1 27
Fraud Email 22 67
exchange 7 17
Follow this checklist to learn more about the 15 things you should never include in an email signature from personal quotes, animated gifs and out-of-date marketing content.
Learn to move / copy / export exchange contacts to iPhone without using any software. Also see the issues in configuration of exchange with iPhone to migrate contacts.
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…

685 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question