Solved

Excessive Exchange 2010 Transaction Logs

Posted on 2010-11-10
16
2,194 Views
Last Modified: 2012-05-10
We have just brought up a client in a new server environment.  We are running the same configuration as we have used for multiple other clients, but we are getting a very weired and problematic issue on this server.

The Exchange Server 2010 runs inside of a Hyper-V session.  6GB ram assigned to it and about 35 or so active email account.  They receive about 1000 emails per day.  We imported all of the PST files over the weekend (they were on on a domain prior to this).

We have an issue where the system is generating about 2GB of transaction logs every 1/2 hour.  We have verified that there is no open relay and no abnormal amount of email messages being processed.

Per other online help documents, we disabled SMTP for a period of time and the transaction files continue to accumulate at the same accelerated pace.

We can run a backup and truncate the logs, but they keep continuing to build.

The problem appears to be something in the store that is running and creating the transactions.  But we cannot fully determine what is causing the issue.

Extra details:

GFI VIPRE Email Security for Exchange
OS Windows 2008R2 in Hyper-V
Exchange 2010
BaracudaWare Backup Client

6GB memory
0
Comment
Question by:dlainc
  • 11
  • 5
16 Comments
 
LVL 16

Expert Comment

by:Viral Rathod
Comment Utility
Can you please download Microsoft Exchange Server User Monitor (EXMON) from following link and check who is sending the SPAM mails ?

Here is link
http://www.microsoft.com/downloads/en/details.aspx?FamilyId=9A49C22E-E0C7-4B7C-ACEF-729D48AF7BC9&displaylang=en

In my case one of the compuetr on the network was infected with virus OR spyware and this infected computer was sending too much spam e-mails to the server
After Research we have downloaded the EXMON on the server and we got the IP Address of the client Machine which was sending too many traffice to exchange server
We have simply removed this machine from network and suddendly Generating of Log Files on the server Reduced
then we have scan the computer and found some virus and spyware.
0
 

Author Comment

by:dlainc
Comment Utility
I am downloading to tool and I will post the results back here.

Our internal Exchange expert does not think it is the issue as we do not show any excessive # of emails flowing through the system and the SMTP queues are not full of outgoing email.  But at this point, we are willing to try anything.

0
 
LVL 16

Expert Comment

by:Viral Rathod
Comment Utility
In my case also there was no emails flowing through the system and the SMTP queues

The problem was Transaction Logs on server was increasing too frequently event after stopping the SMTP queue

Just Monitor the traffice and letus know the results.
0
 

Author Comment

by:dlainc
Comment Utility
That is a very nice tool and we have two possible PC's that might be our problem PC's.  I will post another update shortly.
0
 

Author Comment

by:dlainc
Comment Utility
We are trying to isolate what on the machine is causing the issues.  We think it has something to do with the VIPRE anti-virus outlook plugin.  We are slowing disabling the plugin on problem PC's to determine if the issue is going to go away.

Do you know of any tool that will show what is actually in the transaction log file?  That way we can isolate the issue further?

I will post another update tomorrow morning as the Exchange Admin is going to monitor the server on and off tonight, but the tool you provided seems to have help narrow down some of the bigger culprits.
0
 
LVL 16

Expert Comment

by:Viral Rathod
Comment Utility
Have you scan those PC's for spyware and viruses ? ,In my case we have removed those PC' from Network and have scanned those PC in safemode for viruses and spyware.

For transaction log file : See transaction log are hardly 1 MB in size so you can open in notepad with no issues

Good to hear !!! ,Sure please post the update .


0
 

Author Comment

by:dlainc
Comment Utility
The problem with the transaction logs are the fact that they are binary files in exchange 2010.  They are basically unreadable and you need some sort of utility to parse them to see what they contain.

Unless the virus/spam is system wide at the customer (unlikely as we have run several different virus/spam detections to eliminate this), there is a weird issue going on right now.

With all of the outlook clients turned off, there is almost no growth of transaction logs.  When people came in, the number of transaction logs starts to grow very rapidly.  One user in particular accumulated 2.4Gb worth of traffic to the Exchange server in a 30 minute period.

We are at a loss right now on what is touching so many records on the server from the outlook client.
0
 
LVL 16

Expert Comment

by:Viral Rathod
Comment Utility
Can you remove the suspected computers from Network and then check if  transaction logs on the server is increasing or not ?

Actually Outlook uses MAPI protocols to communicate with Exchange server OR if you find through the system and the SMTP queues you will not able to find the root cause

Remove the suspected computers from Network and then check if  transaction logs on the server is increasing or not ?

Letus know the Results.
0
How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

 

Author Comment

by:dlainc
Comment Utility
We are in the process of doing that now on several test mailboxes.
0
 

Author Comment

by:dlainc
Comment Utility
Sorry.  Not test mailboxes, but several mailboxes that are generating the highest traffic amounts.
0
 

Author Comment

by:dlainc
Comment Utility
We ended up calling Microsoft Exchange support and they are thinking that the problem is related to a corrupt exchange store.  We have created a second store and are transferring mailboxes right now.  I do not think this is the solution, but MS support wants it tried.
0
 

Author Comment

by:dlainc
Comment Utility
Well, it does not appear to be a mailbox corruption like Microsoft support thought.  Still working through the issues.  But it only appears to be a problem when the outlook client is actually open on the workstations.
0
 
LVL 16

Assisted Solution

by:Viral Rathod
Viral Rathod earned 150 total points
Comment Utility
Have you find any suspected cause for the issue ?
0
 

Accepted Solution

by:
dlainc earned 0 total points
Comment Utility
Viralrathod,

Our internal person finally located the problem.  I will have to say that the individual that we talked to from Microsoft was pretty much worthless.

The issues is as follows:

When the exchange server was put in, we imported the customers individual PST files from their PC's.  In exchange, there is a maximum message size setting for emails.  But during the import of PST's that check is not performed on imported emails.

But that check is performed every time you access the folder via outlook.  So what was happening is that it was trying to touch the large emails (some users had quite a few emails over 10Mb in size i their folders), and writing a transaction log for the entire email as it failed to do something with it.

Once we bumped up the message size limit, the number of log files dropped to expected levels.

This was a very interesting issue to work through and determine exactly what was going on.  

Thank you for your help,
0
 

Author Comment

by:dlainc
Comment Utility
We ended up determining the issue internally.  I provided viralrathod points for his assistance in this thread
0
 

Author Closing Comment

by:dlainc
Comment Utility
We ended up determining the issue internally.  I provided viralrathod points for his assistance in this thread.
0

Featured Post

The problems with reply email signatures

Do you wish that you could place an email signature under a reply? Well, unfortunately, you can't. That great Exchange/Office 365 signature you've created will just appear at the bottom of an email chain. What a pain! Is there really no way to solve this? Well, there might be...

Join & Write a Comment

Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
Learn to move / copy / export exchange contacts to iPhone without using any software. Also see the issues in configuration of exchange with iPhone to migrate contacts.
In this video we show how to create a Shared Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Sha…
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now