Exchange 2010 - help with rapidly expanding transaction logs

Hi all,

Yesterday morning I arrived in the office to find that no users could connect to Exchange (2010).  After some investigation, it was discovered that the the drive that holds our transaction log files was full.

We have an overnight VSS backup which successfully cleans up all these log files, but they are growing so rapidly that within 4 or 5 hours the drive is full again (30GB).

We have 5 x mailbox databases and can see that it is clearly just one of these DB's which is out of control.  There are only about 10 users mailbox's in this db, so it is not large.

After reading some blog's etc online, my best guess is that this probably being caused by one of the users iphone's doing something crazy with Activesync and filling the logs.

I have read about using Log Parser Studio to examine the logs (good blog here: http://hermannmaurer.blogspot.in/2012/05/exchange-2010-transaction-logfiles-grow.html), but I am not getting any success. When I run the query described in the blog I don't get any output.

I am looking for help to find out which user/device is causing this rapid growth so I can put a stop to it!

Thanks all
fieldjAsked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
Neil RussellConnect With a Mentor Technical Development LeadCommented:
Those are not active sync logs they are exchnage mail logs.  to examine activesync activity you need to point at the
inetbub/logs/logfiles/W3SVC* log folders on all CAS servers
0
 
Neil RussellTechnical Development LeadCommented:
Disable all Active sync access to the users on that DB and see if log growth sops/slows to normal.  If so then enable one at a time and monitor.  If you only have 10 users in the DB it should not take you long.

Ensure that you exchange is on all of the latest service packs and patches as there have been fixes for IOS and active sync issues.
0
 
fieldjAuthor Commented:
Exchange is patched and up to date.  Also I know most of the iPhones are running the latest version of iOS, and none of them are on iOS 6 (which is the version I understand can cause the problem)

Rather than disable access to all users, is there not a way I can analysis the logs to identify the problem?  Activesync is my best guess but I am not 100% sure this is the problem.
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

 
Neil RussellTechnical Development LeadCommented:
I have just installed the latest version of Log Parser and Log Parser Studio, ran the "ActiveSync Report" and point it at my exchange servers IIS w3c logs directory and got exactly what it should produce first time.  Are you pointing at the correct logs folder?
0
 
fieldjAuthor Commented:
I am pointing it at the folder which contains the rapidly expanding logs.

In my case its L:\MailboxDatabase\XtraMailbox2.edb\

The logs are all named E0400035....log or similar and are 1,024kb it in size.

I believe that these are the transaction logs (they are automatically deleted when I run a backup).

Should I be pointing Log Parser Studio at a different set of logs?
0
 
IvanSystem EngineerCommented:
Hi,

i had a problem with log's growing out of control some days ago. They used to grow 200gb in 10-15h.
I finally found that i had 1 message stuck in queue for a day. Deleted msg and everything started working fine.

Regards,
0
 
fieldjAuthor Commented:
Thank you!

I think we have identified our culprit!

It seems that one iPad starts going crazy requesting data at just after 11pm every 1 second until the HD is full.

Thanks again for your help.
0
 
fieldjAuthor Commented:
I wont close this quite yet and reward the points, just in case I need to ask for any further help when I actually get my hands on the iPad.

Looking good though.
0
 
fieldjAuthor Commented:
Confirmed that after reconfiguring all the Exchange settings on the iPad, everything was OK.

It seemed that the users IPad was stuck in an endless loop of requesting data from Exchange via Activesync and just hammering the server which resulted in the rapid log growth.

Thanks all and in particular Neilsr
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.