Customer was running the AlwaysOn scenario with Centralized Logging Service on Lync Server 2013. The drive was filling up with .etl files when we had set the "CacheFileLocalMaxDiskUsage".
When I observed how this was operating on a working system, I noticed as soon as the .etl file rolled over to a new one (at 20MB), it would be converted to a .cache and .hdr file and the .etl file would be deleted.
So clearly the issue was the .etl files not being converted and then deleted. This allowed a huge amount of disk space to be chewed up and for disk alerts to be sent by the customers monitoring application.
Note: if you are trying to track down where the .etl files... it does no good to type %temp%/Tracing in the run command. That will go to the currently logged in user temp directory /tracing. The Centralized Logging Service runs under "NetworkServer" and can be found:
C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Tracing
Resolution
This will be an obvious one, but it still may catch people, so that is why I'm putting this blog together. The culprit was Symantec Antivirus. Once this was disabled the .etl files were converted to .cache and .hdr files as expected. The centralized logging service should have been excluded per the Technet article about excluding executables and directories for Lync Server 2013 (http://technet.microsoft.com/en-us/library/dn440138.aspx).
No comments:
Post a Comment