Solved

Exchange 2010 - help with rapidly expanding transaction logs

Posted on 2015-01-22
9
313 Views
Last Modified: 2015-01-23
Hi all,

Yesterday morning I arrived in the office to find that no users could connect to Exchange (2010).  After some investigation, it was discovered that the the drive that holds our transaction log files was full.

We have an overnight VSS backup which successfully cleans up all these log files, but they are growing so rapidly that within 4 or 5 hours the drive is full again (30GB).

We have 5 x mailbox databases and can see that it is clearly just one of these DB's which is out of control.  There are only about 10 users mailbox's in this db, so it is not large.

After reading some blog's etc online, my best guess is that this probably being caused by one of the users iphone's doing something crazy with Activesync and filling the logs.

I have read about using Log Parser Studio to examine the logs (good blog here: http://hermannmaurer.blogspot.in/2012/05/exchange-2010-transaction-logfiles-grow.html), but I am not getting any success. When I run the query described in the blog I don't get any output.

I am looking for help to find out which user/device is causing this rapid growth so I can put a stop to it!

Thanks all
0
Comment
Question by:fieldj
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
9 Comments
 
LVL 37

Expert Comment

by:Neil Russell
ID: 40563788
Disable all Active sync access to the users on that DB and see if log growth sops/slows to normal.  If so then enable one at a time and monitor.  If you only have 10 users in the DB it should not take you long.

Ensure that you exchange is on all of the latest service packs and patches as there have been fixes for IOS and active sync issues.
0
 

Author Comment

by:fieldj
ID: 40563808
Exchange is patched and up to date.  Also I know most of the iPhones are running the latest version of iOS, and none of them are on iOS 6 (which is the version I understand can cause the problem)

Rather than disable access to all users, is there not a way I can analysis the logs to identify the problem?  Activesync is my best guess but I am not 100% sure this is the problem.
0
 
LVL 37

Expert Comment

by:Neil Russell
ID: 40563853
I have just installed the latest version of Log Parser and Log Parser Studio, ran the "ActiveSync Report" and point it at my exchange servers IIS w3c logs directory and got exactly what it should produce first time.  Are you pointing at the correct logs folder?
0
Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.

 

Author Comment

by:fieldj
ID: 40563862
I am pointing it at the folder which contains the rapidly expanding logs.

In my case its L:\MailboxDatabase\XtraMailbox2.edb\

The logs are all named E0400035....log or similar and are 1,024kb it in size.

I believe that these are the transaction logs (they are automatically deleted when I run a backup).

Should I be pointing Log Parser Studio at a different set of logs?
0
 
LVL 37

Accepted Solution

by:
Neil Russell earned 500 total points
ID: 40563872
Those are not active sync logs they are exchnage mail logs.  to examine activesync activity you need to point at the
inetbub/logs/logfiles/W3SVC* log folders on all CAS servers
0
 
LVL 16

Expert Comment

by:Ivan
ID: 40563888
Hi,

i had a problem with log's growing out of control some days ago. They used to grow 200gb in 10-15h.
I finally found that i had 1 message stuck in queue for a day. Deleted msg and everything started working fine.

Regards,
0
 

Author Comment

by:fieldj
ID: 40563927
Thank you!

I think we have identified our culprit!

It seems that one iPad starts going crazy requesting data at just after 11pm every 1 second until the HD is full.

Thanks again for your help.
0
 

Author Comment

by:fieldj
ID: 40563930
I wont close this quite yet and reward the points, just in case I need to ask for any further help when I actually get my hands on the iPad.

Looking good though.
0
 

Author Comment

by:fieldj
ID: 40566051
Confirmed that after reconfiguring all the Exchange settings on the iPad, everything was OK.

It seemed that the users IPad was stuck in an endless loop of requesting data from Exchange via Activesync and just hammering the server which resulted in the rapid log growth.

Thanks all and in particular Neilsr
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Exchange without Clustering Redundancy 8 26
Purge \Deleted Items? 2 32
Exchange 2010 Server - Phishing attack 3 47
Exchange 2007 6 21
Scam emails are a huge burden for many businesses. Spotting one is not always easy. Follow our tips to identify if an email you receive is a scam.
In-place Upgrading Dirsync to Azure AD Connect
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question