Solved

Exchange 2010 - help with rapidly expanding transaction logs

Posted on 2015-01-22
9
310 Views
Last Modified: 2015-01-23
Hi all,

Yesterday morning I arrived in the office to find that no users could connect to Exchange (2010).  After some investigation, it was discovered that the the drive that holds our transaction log files was full.

We have an overnight VSS backup which successfully cleans up all these log files, but they are growing so rapidly that within 4 or 5 hours the drive is full again (30GB).

We have 5 x mailbox databases and can see that it is clearly just one of these DB's which is out of control.  There are only about 10 users mailbox's in this db, so it is not large.

After reading some blog's etc online, my best guess is that this probably being caused by one of the users iphone's doing something crazy with Activesync and filling the logs.

I have read about using Log Parser Studio to examine the logs (good blog here: http://hermannmaurer.blogspot.in/2012/05/exchange-2010-transaction-logfiles-grow.html), but I am not getting any success. When I run the query described in the blog I don't get any output.

I am looking for help to find out which user/device is causing this rapid growth so I can put a stop to it!

Thanks all
0
Comment
Question by:fieldj
  • 5
  • 3
9 Comments
 
LVL 37

Expert Comment

by:Neil Russell
ID: 40563788
Disable all Active sync access to the users on that DB and see if log growth sops/slows to normal.  If so then enable one at a time and monitor.  If you only have 10 users in the DB it should not take you long.

Ensure that you exchange is on all of the latest service packs and patches as there have been fixes for IOS and active sync issues.
0
 

Author Comment

by:fieldj
ID: 40563808
Exchange is patched and up to date.  Also I know most of the iPhones are running the latest version of iOS, and none of them are on iOS 6 (which is the version I understand can cause the problem)

Rather than disable access to all users, is there not a way I can analysis the logs to identify the problem?  Activesync is my best guess but I am not 100% sure this is the problem.
0
 
LVL 37

Expert Comment

by:Neil Russell
ID: 40563853
I have just installed the latest version of Log Parser and Log Parser Studio, ran the "ActiveSync Report" and point it at my exchange servers IIS w3c logs directory and got exactly what it should produce first time.  Are you pointing at the correct logs folder?
0
NAS Cloud Backup Strategies

This article explains backup scenarios when using network storage. We review the so-called “3-2-1 strategy” and summarize the methods you can use to send NAS data to the cloud

 

Author Comment

by:fieldj
ID: 40563862
I am pointing it at the folder which contains the rapidly expanding logs.

In my case its L:\MailboxDatabase\XtraMailbox2.edb\

The logs are all named E0400035....log or similar and are 1,024kb it in size.

I believe that these are the transaction logs (they are automatically deleted when I run a backup).

Should I be pointing Log Parser Studio at a different set of logs?
0
 
LVL 37

Accepted Solution

by:
Neil Russell earned 500 total points
ID: 40563872
Those are not active sync logs they are exchnage mail logs.  to examine activesync activity you need to point at the
inetbub/logs/logfiles/W3SVC* log folders on all CAS servers
0
 
LVL 16

Expert Comment

by:Ivan
ID: 40563888
Hi,

i had a problem with log's growing out of control some days ago. They used to grow 200gb in 10-15h.
I finally found that i had 1 message stuck in queue for a day. Deleted msg and everything started working fine.

Regards,
0
 

Author Comment

by:fieldj
ID: 40563927
Thank you!

I think we have identified our culprit!

It seems that one iPad starts going crazy requesting data at just after 11pm every 1 second until the HD is full.

Thanks again for your help.
0
 

Author Comment

by:fieldj
ID: 40563930
I wont close this quite yet and reward the points, just in case I need to ask for any further help when I actually get my hands on the iPad.

Looking good though.
0
 

Author Comment

by:fieldj
ID: 40566051
Confirmed that after reconfiguring all the Exchange settings on the iPad, everything was OK.

It seemed that the users IPad was stuck in an endless loop of requesting data from Exchange via Activesync and just hammering the server which resulted in the rapid log growth.

Thanks all and in particular Neilsr
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Read this checklist to learn more about the 15 things you should never include in an email signature.
As cyber crime continues to grow in both numbers and sophistication, a troubling trend of optimization has emerged over the last year.
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

837 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question