none
Server 2008 CertLog EDB log files have never been deleted - taking a lot of space

    Question

  • This is a Windows Small Business Server 2008 installation with all updates that I've recently taken over maintenance. I found the C: drive to have almost no space available. I took immediate steps to move / clear things and it seems to be mostly working well.

    However, there is a lot of space taken up by log files in C:\Windows\System32\CertLog - 4.4 GB in 4227 files.  

    The first of these files is edb00001.log last modified on 27th Jan 2010 - that's when the server was new.  It goes on edb00002.log, and so on.

    I've had little luck Googling this. I've heard that these are related to Active Directory, but I don't know. I'm able to add/ change users in AD without issue.

    I've heard they should be automatically purged, but obviously they haven't.  Clearly this issue was present when computer was new, preceding when disk space was low.

    I've looked into System logs and seen no major issues. 

    I've looked in Event Viewer at the Application and Services Logs - Directory Service - I see: 1) Warning 508 that it was slow to write updates. 2) Error 1168 Internal processing. 3) Also Error 482 - No space on disk.

    Clearly, the space issue is resolved. Now how to deal with 4.5 GB of logs and giving AD a clean bill of health???

    Monday, April 2, 2012 1:08 AM

Answers

  • Take a look at the following articel.

    http://blog.thomaswimprine.com/2011/02/certlog-consuming-large-amounts-of-disk.html

    • Marked as answer by Cincinnerdi Monday, April 2, 2012 2:03 AM
    Monday, April 2, 2012 1:21 AM
  • Thanks a ton, Sephem.

    I ended up using that link to launch me into a search for a 2008 equivalent and I ended up using: http://technet.microsoft.com/en-us/library/cc725565.aspx which is a GUI equivalent.

    As soon as I followed the Certification Authority backup, the log files were cleared. 

    Still not sure why this ever happened in the first place.  Maybe because a 3rd party backup program has been in use?? 

    • Marked as answer by Cincinnerdi Monday, April 2, 2012 2:03 AM
    Monday, April 2, 2012 2:03 AM
  • Hi,

    When completing a critical or system state backup of the C: volume, a new transaction log will be generated under the c:\windows\system32\certlog\ folder. Removing these logs is only safe as long as the CA database file is consistent.

    In order to remove these logs and reclaim disk space, follow these steps:

    • Open the Services MMC and stop the Active Directory Certificate Services service.
    • Make a backup copy of ALL the file contents present in the c:\windows\system32\certlog\ folder.
    • Delete EDB.CHK and all the files that have an extension of .LOG (*.LOG)
    • Restart the Active Directory Certificate Services service.

    Reference: http://blogs.technet.com/b/sbs/archive/2010/03/02/recovering-disk-space-on-the-c-drive-in-small-business-server-2008.aspx

    Query is related to ADCS transaction log files on SBS server, I would suggest to once confirm with SBS expert.

    Small Business Server forum: http://social.technet.microsoft.com/Forums/en/smallbusinessserver/threads


    Best Regards,

    Abhijit Waikar.
    MCSA 2003 | MCSA:Messaging | MCTS | MCITP:Server Administrator | Microsoft Community Contributor | My Blog

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

    Monday, April 2, 2012 2:06 AM

All replies

  • Take a look at the following articel.

    http://blog.thomaswimprine.com/2011/02/certlog-consuming-large-amounts-of-disk.html

    • Marked as answer by Cincinnerdi Monday, April 2, 2012 2:03 AM
    Monday, April 2, 2012 1:21 AM
  • Thanks a ton, Sephem.

    I ended up using that link to launch me into a search for a 2008 equivalent and I ended up using: http://technet.microsoft.com/en-us/library/cc725565.aspx which is a GUI equivalent.

    As soon as I followed the Certification Authority backup, the log files were cleared. 

    Still not sure why this ever happened in the first place.  Maybe because a 3rd party backup program has been in use?? 

    • Marked as answer by Cincinnerdi Monday, April 2, 2012 2:03 AM
    Monday, April 2, 2012 2:03 AM
  • Hi,

    When completing a critical or system state backup of the C: volume, a new transaction log will be generated under the c:\windows\system32\certlog\ folder. Removing these logs is only safe as long as the CA database file is consistent.

    In order to remove these logs and reclaim disk space, follow these steps:

    • Open the Services MMC and stop the Active Directory Certificate Services service.
    • Make a backup copy of ALL the file contents present in the c:\windows\system32\certlog\ folder.
    • Delete EDB.CHK and all the files that have an extension of .LOG (*.LOG)
    • Restart the Active Directory Certificate Services service.

    Reference: http://blogs.technet.com/b/sbs/archive/2010/03/02/recovering-disk-space-on-the-c-drive-in-small-business-server-2008.aspx

    Query is related to ADCS transaction log files on SBS server, I would suggest to once confirm with SBS expert.

    Small Business Server forum: http://social.technet.microsoft.com/Forums/en/smallbusinessserver/threads


    Best Regards,

    Abhijit Waikar.
    MCSA 2003 | MCSA:Messaging | MCTS | MCITP:Server Administrator | Microsoft Community Contributor | My Blog

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

    Monday, April 2, 2012 2:06 AM
  • Thank you Cincinnerdi - took me less than 5 min to fix.
    Thursday, February 20, 2014 3:59 PM
  • Great advice cincinnerdi

    worked for me with sbs 2011 today (soone to be decommissioned by Jan 2020).

    Did a backup today and the server then converted 43GB of log files into 120MB

    Crippled the server for 5 minutes but all recoverred.


    Friday, May 24, 2019 2:00 PM