ADCS Database Log Truncation Change in Server 2019

In our past blogs on the subject of Windows Server ADCS backups, we have touched on the issue of jet database logs not being truncated and deleted in some scenarios.

• https://www.pkisolutions.com/adcsbackups/
• https://www.pkisolutions.com/database-log-files-are-not-truncated-when-you-perform-a-full-certification-authority-database-backup/

Specifically, if backups are performed via snapshot or non-VSS based backups and secondly, if any logs are still held open by the jet database even if unused after truncation. To address the second issue, the stopping and starting of ADCS allows those files handles to be released.

We were recently pleased to see that this behavior has changed in Windows Server 2019. When a proper backup is performed on the CA (VSS based, Certutil or Certificate Authority GUI) database logs will be truncated and deleted if they are no longer needed. There is no longer a dependency on ADCS stopping to release file handles.

As a result, we have updated our previous blog articles to reflect the problem of truncation is applicable to Windows Server 2016 and older. This new behavior is available in the RTM version of Server 2019 – no updates are needed.