CertLog Consuming Large Amounts of Disk Space


Yesterday we had an issue where our certificate server stopped responding. The OS was responsive, however the CA stopped servicing requests and there were a fair amount of errors in the Application log that were similar to this one:
[![image](http://lh5.ggpht.com/_EwMe9dL1zo8/TWQoYNaAWsI/AAAAAAAAAEY/q1ajA3xmWXw/image_thumb%5B2%5D.png?imgmax=800 "image")](http://lh4.ggpht.com/_EwMe9dL1zo8/TWQoXSqK4HI/AAAAAAAAAEU/fhnCZM1XlXg/s1600-h/image%5B6%5D.png)
When we looked in the directory we found files that looked like this:
[![image](http://lh3.ggpht.com/_EwMe9dL1zo8/TWQoY5gnv3I/AAAAAAAAAEg/M3UGd_FJkeE/image_thumb%5B4%5D.png?imgmax=800 "image")](http://lh6.ggpht.com/_EwMe9dL1zo8/TWQoYgGXypI/AAAAAAAAAEc/M27zk7yZ-AQ/s1600-h/image%5B10%5D.png)
People that are familiar with Exchange recognize that [ESENT is a Jet database](http://en.wikipedia.org/wiki/Extensible_Storage_Engine). The log files and the edb.log and edb.chk files also look really familiar. The problem was that we had 7Gb of log files filling up this drive and the certificate services couldn’t write  the log files due to a lack of free space. Doing a simple search showed a fair amount of results explaining how to stop the services and delete the log files, however this didn’t seem like the correct course of action since this is a database. There is no way I would just delete the log files for my Exchange server so why would I do it for my certificate server? I would backup my Exchange server and that would truncate all my log files.



Another search on “[Backup certutil](http://technet.microsoft.com/en-us/library/cc737405(WS.10).aspx)” sent me to TechNet and the article explaining how to backup my certificate authority. The command “certutil –p P@ssw0rd –backup D:\CertBackup” performs a full backup of the database and truncates the log files, thus returning all the used drive space. This creates the directory “CertBackup” on the D drive if it doesn’t exist and populates it with a certificate file “ServerName.p12” and another directory called DataBase with the actual edb file and a dat file.
[![image](http://lh5.ggpht.com/_EwMe9dL1zo8/TWQoZ9h9yzI/AAAAAAAAAEo/VdFOmOgPgMs/image_thumb%5B11%5D.png?imgmax=800 "image")](http://lh6.ggpht.com/_EwMe9dL1zo8/TWQoZYS8oHI/AAAAAAAAAEk/0WfjlSW1GrI/s1600-h/image%5B23%5D.png)
After the backup completes all the log files will be truncated and the services, if stopped, can be restarted. We will be running this periodically to make sure we don’t have this problem again. One issue with the scripted approach is that it will not overwrite the previous backup so you must delete or rename the previous one or create a new path for each backup which isn’t hard if you are a [Scripting Guy](http://blogs.technet.com/b/heyscriptingguy/archive/tags/scripting+guy_2100_/default.aspx).![](http://feeds.feedburner.com/~r/Ad/PowershellStuff/~4/VvizLi3yUUY)