Windows\System32\CertLog extremely large - need to clean up.

Rudolf Amarlapudi 21 Reputation points
2021-01-19T18:09:58.98+00:00

Hello,

We are running a Windows Server 2016 Standard server.

I found that the following folder C:\Windows\System32\CertLog is rather large (20GB), full of edb***.log files. I need to clean this up. (
I understand that they are safe to remove once ensuring CA Database file is consistent).

Could you please furnish appropriate action to be taken to safely remove, and what long term action should be taken?

Thanks in advance.

Regards,
Rudy

Windows Server Security
Windows Server Security
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
1,865 questions
0 comments No comments
{count} votes

Accepted answer
  1. Hannah Xiong 6,276 Reputation points
    2021-01-21T02:53:57.913+00:00

    Hello,

    You are welcome. Thank you so much for your kindly reply.

    To check if the CA database file is consistent, as mentioned in the provided link, "If you are not seeing any errors in the system or application logs claiming that there is as a CA database inconsistency".

    Here is the information about the event log recording the AD CS Database.

    https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc774514(v=ws.10)

    Besides, we would like to share with you more information about CA database, and hope they could be helpful to you.

    https://techcommunity.microsoft.com/t5/ask-the-directory-services-team/the-case-of-the-enormous-ca-database/ba-p/398226
    https://www.pkisolutions.com/adcsbackups/

    Please note: Information posted in the given link is hosted by a third party. Microsoft does not guarantee the accuracy and effectiveness of information.

    Best regards,
    Hannah Xiong

    ============================================

    If the Answer is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments No comments

3 additional answers

Sort by: Most helpful
  1. Anonymous
    2021-01-19T18:28:51.33+00:00

    Something here may help.
    https://techcommunity.microsoft.com/t5/ask-the-directory-services-team/the-case-of-the-enormous-ca-database/ba-p/398226

    --please don't forget to Accept as answer if the reply is helpful--

    0 comments No comments

  2. Hannah Xiong 6,276 Reputation points
    2021-01-20T02:57:18.247+00:00

    Hello,

    Thank you so much for posting here.

    Removing these logs is only safe as long as the CA database file is consistent. In order to remove these logs and reclaim disk space, follow these steps:

    Open the Services MMC and stop the Active Directory Certificate Services service.
    Make a backup copy of ALL the file contents present in the c:windowssystem32certlog folder.
    Delete EDB.CHK and all the files that have an extension of .LOG (*.LOG)
    Restart the Active Directory Certificate Services service.

    For more information, we could refer to:
    https://learn.microsoft.com/zh-tw/archive/blogs/sbs/recovering-disk-space-on-the-c-drive-in-small-business-server-2008

    Here is the discussion here.
    https://community.spiceworks.com/topic/1959153-removing-these-logs-is-only-safe-as-long-as-the-ca-database-file-is-consistent

    Please note: Information posted in the given link is hosted by a third party. Microsoft does not guarantee the accuracy and effectiveness of information.

    Best regards,
    Hannah Xiong

    ============================================

    If the Answer is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments No comments

  3. Rudolf Amarlapudi 21 Reputation points
    2021-01-20T19:04:52.227+00:00

    Hannah. Thank you for the input.
    Can you share how to check if the CA database file is consistent? What logs can I check?

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.