Yesterday morning I arrived in the office to find that no users could connect to Exchange (2010). After some investigation, it was discovered that the the drive that holds our transaction log files was full.
We have an overnight VSS backup which successfully cleans up all these log files, but they are growing so rapidly that within 4 or 5 hours the drive is full again (30GB).
We have 5 x mailbox databases and can see that it is clearly just one of these DB's which is out of control. There are only about 10 users mailbox's in this db, so it is not large.
After reading some blog's etc online, my best guess is that this probably being caused by one of the users iphone's doing something crazy with Activesync and filling the logs.
I have read about using Log Parser Studio to examine the logs (good blog here: http://hermannmaurer.blogspot.in/2012/05/exchange-2010-transaction-logfiles-grow.html
, but I am not getting any success. When I run the query described in the blog I don't get any output.
I am looking for help to find out which user/device is causing this rapid growth so I can put a stop to it!