Exchange transaction logs growing rapidly

When the Exchange database transaction logs growing rapidly, it can be different issues. It mostly means that there are issues with one of the following: ActiveSync connections, mailboxes are corrupt on that database, or the database itself is corrupt. In this article, you will learn how to check ActiveSync connections and which of the user’s mailbox are the culprit.

Table of contents

Prerequisites before checking Exchange transaction logs

Log Parser 2.2

Download Log Parser 2.2 (Microsoft) or here (direct link). Install it on the Exchange Server if you don’t have it installed. Do that before proceeding to the next step. You also need Windows PowerShell 2.0 installed on the same machine, note that it is installed by default on Windows 7 & Windows 2008 R2 machines.

ActiveSyncReport

Download the following ActiveSyncReport.ps1 PowerShell script on your Exchange Server. Create a folder named scripts on the C:\ drive. Place the PowerShell script in the C:\scripts\ folder.

Exchange transaction logs growing rapidly PowerShell script in folder

Check why Exchange transaction logs growing rapidly

There are a couple of options when using the script. We are going to use the following options:

  • Hits greater than 1000
  • Isolating a single day

Run Exchange Management Shell as administrator. Change the directory to c:\scripts.

[PS] C:\>cd C:\scripts\

[PS] C:\scripts>

Hits greater than 1000

The following command will parse all the IIS Logs in the folder W3SVC1 and only report the hits by users & devices that are greater than 1000. Change the default IIS folder path if you have it placed on a different place then the default path.

[PS] C:\scripts>.\ActiveSyncReport.ps1 -IISLog "C:\inetpub\logs\LogFiles\W3SVC1" -LogparserExec "C:\Program Files (x86)\Log Parser 2.2\LogParser.exe" -ActiveSyncOutputFolder c:\EASReports -MinimumHits 1000
Building Log Parser Query...
Found time-taken in the IIS Log, adding this column.
Gathering Statistical data
Running Log Parser Command against the IIS Log(s): C:\inetpub\logs\LogFiles\W3SVC1\*.log

Statistics:
-----------
Elements processed: 5987096
Elements output:    1150
Execution time:     162.17 seconds (00:02:42.17)

Generating the Minimum Hits Report.
Building Log Parser Query...
Running Log Parser Command against the CSV results to determine Minimum hits of 1000

Statistics:
-----------
Elements processed: 1150
Elements output:    428
Execution time:     0.02 seconds

LogParser Command finished CSV, File location: c:\EASReports\EASyncOutputReport-Multiple_Files_Minimum_Hits_of_1000.csv

Isolating a single day of hits

The following command will parse only the files that match the date 24-12-2019 in the folder W3SVC1 and only report the hits greater than 1000. Change the default IIS folder path if you have it placed on a different place then the default path.

[PS] C:\scripts>.\ActiveSyncReport.ps1 -IISLog "C:\inetpub\logs\LogFiles\W3SVC1" -LogparserExec "C:\Program Files (x86)\Log Parser 2.2\LogParser.exe" -ActiveSyncOutputFolder c:\EASReports -MinimumHits 1000 -Date 24-12-2019
Trying to find IIS logs from this date:
Building Log Parser Query...
Found time-taken in the IIS Log, adding this column.
Gathering Statistical data
Running Log Parser Command against the IIS Log(s): C:\inetpub\logs\LogFiles\W3SVC1\*191224*.log

Statistics:
-----------
Elements processed: 595963
Elements output:    662
Execution time:     16.92 seconds

Generating the Minimum Hits Report.
Building Log Parser Query...
Running Log Parser Command against the CSV results to determine Minimum hits of 1000

Statistics:
-----------
Elements processed: 662
Elements output:    81
Execution time:     0.03 seconds

LogParser Command finished CSV, File location: c:\EASReports\EASyncOutputReport-24-12-2019_Minimum_Hits_of_1000.csv

After the export is completed, go to the output folder C:\EASReports. You will find four CSV files.

Exchange transaction logs growing rapidly results

Analyze why Exchange transaction logs growing rapidly

We are interested in the Multiple Files Minimum Hits of 1000 and 24-12-2019 Minimum Hits of 1000.

Usually, if a device is sending over 1000 requests per day, it is considered high usage. If the hits (requests) are above 1500, there could be an issue on the device or environment.

Exchange transaction logs growing rapidly CSV output

You can see that multiple users have more than 1500 hits.

Remove the Outlook configuration on the user’s device and rerun the ActiveSync script after a couple of days. You will see that the database transaction logs file is not growing rapidly anymore.

If you confirmed that the database transaction logs file is not growing rapidly anymore, configure the Outlook profile on the user’s device. Make sure to keep an eye and rerun the ActiveSync script the next days.

Keep reading: Mail.que file growing in Exchange Server »

Conclusion

You learned why the Exchange database transaction logs growing rapidly. It’s always good having in mind to check the ActiveSync connections. Having such a great script and the sign in export, you can find why the database transaction log files are growing rapidly and fix the issues.

Did you like this article? You may also like Remove completed move requests Exchange. Don’t forget to follow us and share this article.

ALI TAJRAN

ALI TAJRAN

ALI TAJRAN is a passionate IT Architect, IT Consultant, and Microsoft Certified Trainer. He started Information Technology at a very young age, and his goal is to teach and inspire others. Read more »

X TwitterLinkedIn

What Others Are Reading

This Post Has One Comment

  1. Congratulations on the article! You are always helping us. I followed this tutorial because my log partition was growing a lot. I verified that KEMP+1.0 hits 1690743 and I followed your turial to install it. How can I check and fix this?

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *