You want to mount a database in Exchange with PowerShell. Or you like to mount…
Exchange transaction logs growing rapidly
When the Exchange database transaction logs growing rapidly, it can be different issues. It mostly means that there are issues with one of the following: ActiveSync connections, mailboxes are corrupt on that database, or the database itself is corrupt. In this article, you will learn how to check ActiveSync connections and which of the user’s mailbox are the culprit.
Table of contents
Prerequisites before checking Exchange transaction logs
Log Parser 2.2
Download Log Parser 2.2 (Microsoft) or here (direct link). Install it on the Exchange Server if you don’t have it installed. Do that before proceeding to the next step. You also need Windows PowerShell 2.0 installed on the same machine, note that it is installed by default on Windows 7 & Windows 2008 R2 machines.
ActiveSyncReport
Download the following ActiveSyncReport.ps1 PowerShell script on your Exchange Server. Create a folder named scripts on the C:\ drive. Place the PowerShell script in the C:\scripts\ folder.
Check why Exchange transaction logs growing rapidly
There are a couple of options when using the script. We are going to use the following options:
- Hits greater than 1000
- Isolating a single day
Run Exchange Management Shell as administrator. Change the directory to c:\scripts.
[PS] C:\>cd C:\scripts\
[PS] C:\scripts>
Hits greater than 1000
The following command will parse all the IIS Logs in the folder W3SVC1 and only report the hits by users & devices that are greater than 1000. Change the default IIS folder path if you have it placed on a different place then the default path.
[PS] C:\scripts>.\ActiveSyncReport.ps1 -IISLog "C:\inetpub\logs\LogFiles\W3SVC1" -LogparserExec "C:\Program Files (x86)\Log Parser 2.2\LogParser.exe" -ActiveSyncOutputFolder c:\EASReports -MinimumHits 1000
Building Log Parser Query...
Found time-taken in the IIS Log, adding this column.
Gathering Statistical data
Running Log Parser Command against the IIS Log(s): C:\inetpub\logs\LogFiles\W3SVC1\*.log
Statistics:
-----------
Elements processed: 5987096
Elements output: 1150
Execution time: 162.17 seconds (00:02:42.17)
Generating the Minimum Hits Report.
Building Log Parser Query...
Running Log Parser Command against the CSV results to determine Minimum hits of 1000
Statistics:
-----------
Elements processed: 1150
Elements output: 428
Execution time: 0.02 seconds
LogParser Command finished CSV, File location: c:\EASReports\EASyncOutputReport-Multiple_Files_Minimum_Hits_of_1000.csv
Isolating a single day of hits
The following command will parse only the files that match the date 24-12-2019 in the folder W3SVC1 and only report the hits greater than 1000. Change the default IIS folder path if you have it placed on a different place then the default path.
[PS] C:\scripts>.\ActiveSyncReport.ps1 -IISLog "C:\inetpub\logs\LogFiles\W3SVC1" -LogparserExec "C:\Program Files (x86)\Log Parser 2.2\LogParser.exe" -ActiveSyncOutputFolder c:\EASReports -MinimumHits 1000 -Date 24-12-2019
Trying to find IIS logs from this date:
Building Log Parser Query...
Found time-taken in the IIS Log, adding this column.
Gathering Statistical data
Running Log Parser Command against the IIS Log(s): C:\inetpub\logs\LogFiles\W3SVC1\*191224*.log
Statistics:
-----------
Elements processed: 595963
Elements output: 662
Execution time: 16.92 seconds
Generating the Minimum Hits Report.
Building Log Parser Query...
Running Log Parser Command against the CSV results to determine Minimum hits of 1000
Statistics:
-----------
Elements processed: 662
Elements output: 81
Execution time: 0.03 seconds
LogParser Command finished CSV, File location: c:\EASReports\EASyncOutputReport-24-12-2019_Minimum_Hits_of_1000.csv
After the export is completed, go to the output folder C:\EASReports. You will find four CSV files.
Analyze why Exchange transaction logs growing rapidly
We are interested in the Multiple Files Minimum Hits of 1000 and 24-12-2019 Minimum Hits of 1000.
Usually, if a device is sending over 1000 requests per day, it is considered high usage. If the hits (requests) are above 1500, there could be an issue on the device or environment.
You can see that multiple users have more than 1500 hits.
Remove the Outlook configuration on the user’s device and rerun the ActiveSync script after a couple of days. You will see that the database transaction logs file is not growing rapidly anymore.
If you confirmed that the database transaction logs file is not growing rapidly anymore, configure the Outlook profile on the user’s device. Make sure to keep an eye and rerun the ActiveSync script the next days.
Keep reading: Mail.que file growing in Exchange Server »
Conclusion
You learned why the Exchange database transaction logs growing rapidly. It’s always good having in mind to check the ActiveSync connections. Having such a great script and the sign in export, you can find why the database transaction log files are growing rapidly and fix the issues.
Did you like this article? You may also like Remove completed move requests Exchange. Don’t forget to follow us and share this article.
Congratulations on the article! You are always helping us. I followed this tutorial because my log partition was growing a lot. I verified that KEMP+1.0 hits 1690743 and I followed your turial to install it. How can I check and fix this?