Solved

Exchange 2010 - help with rapidly expanding transaction logs

Posted on 2015-01-22
9
307 Views
Last Modified: 2015-01-23
Hi all,

Yesterday morning I arrived in the office to find that no users could connect to Exchange (2010).  After some investigation, it was discovered that the the drive that holds our transaction log files was full.

We have an overnight VSS backup which successfully cleans up all these log files, but they are growing so rapidly that within 4 or 5 hours the drive is full again (30GB).

We have 5 x mailbox databases and can see that it is clearly just one of these DB's which is out of control.  There are only about 10 users mailbox's in this db, so it is not large.

After reading some blog's etc online, my best guess is that this probably being caused by one of the users iphone's doing something crazy with Activesync and filling the logs.

I have read about using Log Parser Studio to examine the logs (good blog here: http://hermannmaurer.blogspot.in/2012/05/exchange-2010-transaction-logfiles-grow.html), but I am not getting any success. When I run the query described in the blog I don't get any output.

I am looking for help to find out which user/device is causing this rapid growth so I can put a stop to it!

Thanks all
0
Comment
Question by:fieldj
  • 5
  • 3
9 Comments
 
LVL 37

Expert Comment

by:Neil Russell
ID: 40563788
Disable all Active sync access to the users on that DB and see if log growth sops/slows to normal.  If so then enable one at a time and monitor.  If you only have 10 users in the DB it should not take you long.

Ensure that you exchange is on all of the latest service packs and patches as there have been fixes for IOS and active sync issues.
0
 

Author Comment

by:fieldj
ID: 40563808
Exchange is patched and up to date.  Also I know most of the iPhones are running the latest version of iOS, and none of them are on iOS 6 (which is the version I understand can cause the problem)

Rather than disable access to all users, is there not a way I can analysis the logs to identify the problem?  Activesync is my best guess but I am not 100% sure this is the problem.
0
 
LVL 37

Expert Comment

by:Neil Russell
ID: 40563853
I have just installed the latest version of Log Parser and Log Parser Studio, ran the "ActiveSync Report" and point it at my exchange servers IIS w3c logs directory and got exactly what it should produce first time.  Are you pointing at the correct logs folder?
0
Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 

Author Comment

by:fieldj
ID: 40563862
I am pointing it at the folder which contains the rapidly expanding logs.

In my case its L:\MailboxDatabase\XtraMailbox2.edb\

The logs are all named E0400035....log or similar and are 1,024kb it in size.

I believe that these are the transaction logs (they are automatically deleted when I run a backup).

Should I be pointing Log Parser Studio at a different set of logs?
0
 
LVL 37

Accepted Solution

by:
Neil Russell earned 500 total points
ID: 40563872
Those are not active sync logs they are exchnage mail logs.  to examine activesync activity you need to point at the
inetbub/logs/logfiles/W3SVC* log folders on all CAS servers
0
 
LVL 16

Expert Comment

by:Ivan
ID: 40563888
Hi,

i had a problem with log's growing out of control some days ago. They used to grow 200gb in 10-15h.
I finally found that i had 1 message stuck in queue for a day. Deleted msg and everything started working fine.

Regards,
0
 

Author Comment

by:fieldj
ID: 40563927
Thank you!

I think we have identified our culprit!

It seems that one iPad starts going crazy requesting data at just after 11pm every 1 second until the HD is full.

Thanks again for your help.
0
 

Author Comment

by:fieldj
ID: 40563930
I wont close this quite yet and reward the points, just in case I need to ask for any further help when I actually get my hands on the iPad.

Looking good though.
0
 

Author Comment

by:fieldj
ID: 40566051
Confirmed that after reconfiguring all the Exchange settings on the iPad, everything was OK.

It seemed that the users IPad was stuck in an endless loop of requesting data from Exchange via Activesync and just hammering the server which resulted in the rapid log growth.

Thanks all and in particular Neilsr
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Marketers need statistics and metrics like everybody else needs oxygen. In this article we explain how to enable marketing campaign statistics for Microsoft Exchange mail.
Following basic email etiquette rules will help you write a professional email and achieve a good, lasting impression with your contacts.
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to: http://www.codetwo.com/excha…

832 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question