Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2236
  • Last Modified:

Excessive Exchange 2010 Transaction Logs

We have just brought up a client in a new server environment.  We are running the same configuration as we have used for multiple other clients, but we are getting a very weired and problematic issue on this server.

The Exchange Server 2010 runs inside of a Hyper-V session.  6GB ram assigned to it and about 35 or so active email account.  They receive about 1000 emails per day.  We imported all of the PST files over the weekend (they were on on a domain prior to this).

We have an issue where the system is generating about 2GB of transaction logs every 1/2 hour.  We have verified that there is no open relay and no abnormal amount of email messages being processed.

Per other online help documents, we disabled SMTP for a period of time and the transaction files continue to accumulate at the same accelerated pace.

We can run a backup and truncate the logs, but they keep continuing to build.

The problem appears to be something in the store that is running and creating the transactions.  But we cannot fully determine what is causing the issue.

Extra details:

GFI VIPRE Email Security for Exchange
OS Windows 2008R2 in Hyper-V
Exchange 2010
BaracudaWare Backup Client

6GB memory
0
dlainc
Asked:
dlainc
  • 11
  • 5
2 Solutions
 
Viral RathodConsultantCommented:
Can you please download Microsoft Exchange Server User Monitor (EXMON) from following link and check who is sending the SPAM mails ?

Here is link
http://www.microsoft.com/downloads/en/details.aspx?FamilyId=9A49C22E-E0C7-4B7C-ACEF-729D48AF7BC9&displaylang=en

In my case one of the compuetr on the network was infected with virus OR spyware and this infected computer was sending too much spam e-mails to the server
After Research we have downloaded the EXMON on the server and we got the IP Address of the client Machine which was sending too many traffice to exchange server
We have simply removed this machine from network and suddendly Generating of Log Files on the server Reduced
then we have scan the computer and found some virus and spyware.
0
 
dlaincAuthor Commented:
I am downloading to tool and I will post the results back here.

Our internal Exchange expert does not think it is the issue as we do not show any excessive # of emails flowing through the system and the SMTP queues are not full of outgoing email.  But at this point, we are willing to try anything.

0
 
Viral RathodConsultantCommented:
In my case also there was no emails flowing through the system and the SMTP queues

The problem was Transaction Logs on server was increasing too frequently event after stopping the SMTP queue

Just Monitor the traffice and letus know the results.
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

 
dlaincAuthor Commented:
That is a very nice tool and we have two possible PC's that might be our problem PC's.  I will post another update shortly.
0
 
dlaincAuthor Commented:
We are trying to isolate what on the machine is causing the issues.  We think it has something to do with the VIPRE anti-virus outlook plugin.  We are slowing disabling the plugin on problem PC's to determine if the issue is going to go away.

Do you know of any tool that will show what is actually in the transaction log file?  That way we can isolate the issue further?

I will post another update tomorrow morning as the Exchange Admin is going to monitor the server on and off tonight, but the tool you provided seems to have help narrow down some of the bigger culprits.
0
 
Viral RathodConsultantCommented:
Have you scan those PC's for spyware and viruses ? ,In my case we have removed those PC' from Network and have scanned those PC in safemode for viruses and spyware.

For transaction log file : See transaction log are hardly 1 MB in size so you can open in notepad with no issues

Good to hear !!! ,Sure please post the update .


0
 
dlaincAuthor Commented:
The problem with the transaction logs are the fact that they are binary files in exchange 2010.  They are basically unreadable and you need some sort of utility to parse them to see what they contain.

Unless the virus/spam is system wide at the customer (unlikely as we have run several different virus/spam detections to eliminate this), there is a weird issue going on right now.

With all of the outlook clients turned off, there is almost no growth of transaction logs.  When people came in, the number of transaction logs starts to grow very rapidly.  One user in particular accumulated 2.4Gb worth of traffic to the Exchange server in a 30 minute period.

We are at a loss right now on what is touching so many records on the server from the outlook client.
0
 
Viral RathodConsultantCommented:
Can you remove the suspected computers from Network and then check if  transaction logs on the server is increasing or not ?

Actually Outlook uses MAPI protocols to communicate with Exchange server OR if you find through the system and the SMTP queues you will not able to find the root cause

Remove the suspected computers from Network and then check if  transaction logs on the server is increasing or not ?

Letus know the Results.
0
 
dlaincAuthor Commented:
We are in the process of doing that now on several test mailboxes.
0
 
dlaincAuthor Commented:
Sorry.  Not test mailboxes, but several mailboxes that are generating the highest traffic amounts.
0
 
dlaincAuthor Commented:
We ended up calling Microsoft Exchange support and they are thinking that the problem is related to a corrupt exchange store.  We have created a second store and are transferring mailboxes right now.  I do not think this is the solution, but MS support wants it tried.
0
 
dlaincAuthor Commented:
Well, it does not appear to be a mailbox corruption like Microsoft support thought.  Still working through the issues.  But it only appears to be a problem when the outlook client is actually open on the workstations.
0
 
Viral RathodConsultantCommented:
Have you find any suspected cause for the issue ?
0
 
dlaincAuthor Commented:
Viralrathod,

Our internal person finally located the problem.  I will have to say that the individual that we talked to from Microsoft was pretty much worthless.

The issues is as follows:

When the exchange server was put in, we imported the customers individual PST files from their PC's.  In exchange, there is a maximum message size setting for emails.  But during the import of PST's that check is not performed on imported emails.

But that check is performed every time you access the folder via outlook.  So what was happening is that it was trying to touch the large emails (some users had quite a few emails over 10Mb in size i their folders), and writing a transaction log for the entire email as it failed to do something with it.

Once we bumped up the message size limit, the number of log files dropped to expected levels.

This was a very interesting issue to work through and determine exactly what was going on.  

Thank you for your help,
0
 
dlaincAuthor Commented:
We ended up determining the issue internally.  I provided viralrathod points for his assistance in this thread
0
 
dlaincAuthor Commented:
We ended up determining the issue internally.  I provided viralrathod points for his assistance in this thread.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 11
  • 5
Tackle projects and never again get stuck behind a technical roadblock.
Join Now