Microsoft Exchange excessive log growth on database

In this case, in Microsoft Exchange 2010 organization, there was excessive log files generation for one database. Number of logs generated for the database was 10 times higher than usual daily rate for that database. Besides monitor tools that were monitoring the parameters of the Exchange server and reported this excessive log growth for the database, backup administrators has also noticed that time needed for the backup of this database has also grown.
So, question was why there is excessive log growth for this database ?
For answering this question I've installed ExMon (Exchange Server User Monitor) on server that was having this database mounted.
For downloading Microsoft Exchange Server User Monitor for Microsoft Exchange Server 2000,2003,2007 and 2010 use this link
For downloading Microsoft Exchange Server User Monitor for Microsoft Exchange Server 2013 and 2016 use this link

Running Exchange Server User Monitor has reported a user that has "monopolized" store.exe process cpu usage to 50% and generated huge amount of log data. Disabling this user has normalized logs generated files for the affected database. And the reason for this huge amount of logs generated files for the database was a faulty activesync device registered by this user. Enabling this AD user and disabling activesync access for this user, has also stabilized affected database logs generation.

For more info about ExMon follow this link.

Refreshing ExMon might crash the console and prevent ExMon from running again with following error "Unknown StartTrace error (183)", because the previously started trace is still running. In order to resolve the issue, check the status of running traces and search for "Exchange Event Trace" with "logman query -ets" :

Stop the trace with "logman stop "Exchange Event Trace" -ets ", and ExMon should start successfully.

For more about debugging Microsoft Exchange excessive database logging please check .

1 comment:

Checking Cisco WSA For New Updates Availablity

In this post I will share my PowerShell code for querying the availability of new updates for Cisco WSA (Web Security Virtual Appliance). U...