Exchange VSS shadows left on disk after backup failures (4046662)

Exchange server is inexplicably running out of space.
The 'vssadmin list shadows' command shows several GBs worth of shadow copies left on disk which all seem to be related to backup times.
Specifically the shadows seem to be coinciding with backup failures.
Using the 'vssadming delete shadows /all' command, does not clear all of them and some persistent shadows are left occupying disk space.
When using Windows explorer to follow the snapshot path shown by the 'vssadmin list shadows' command, such path does not exist.

VSS snapshots triggered by the Exchange Server APM, should be deleted automatically after successful backups.
If allowed, the Plug-in will automatically delete the VSS snapshots if there is a backup failure.
However, it is impossible to guaranty that in any case of failure, the VSS snapshot will be deleted automatically.
For example, if a hard kill is issued on the Plug-in, or on Exchange processes, the termination and cleanup routines might not be reached, thus not executed.

Bug-14966 has been created to investigate this issue and some improvements will be introduced in a future release of the Exchange Server APM.
However, please keep in mind, that it is impossible to always guaranty the plug-in will always be able to automatically delete the VSS snapshots.

One should always be able to manually delete the shadows potentially left by the plugin.
If a shadow produced for the Exchange Server APM cannot be deleted, try stopping the NVBU service to release any handle to the shadow.
If the shadow is still impossible to delete, this could mean there is a handle outside of NVBU locking that shadow copy.
You will have to determine which process is still holding a handle to that shadow and kill it if possible.

The 'vssadmin' command (available on Windows Server 2003 and 2008) can be used to delete the shadows as follows:

vssadmin delete shadows /all (for more information please see http://technet.microsoft.com/en-us/library/cc788026(v=ws.10).aspx )

For Windows 2008 server the DISKSHADOW command can be used.

As an example, here is a procedure to follow for Windows Server 2008, in order to determine whether a shadow has been triggered by the Exchange Server APM, and how to delete it:

1) Determine whether the persistent shadow is a NetVaultShadowCopy mount point:
To tell if a shadow mount point is a NetVaultShadowCopy, use the following command:
C:\> diskshadow
DISKSHADOW> list shadows all

If this command reveals: "Exposed locally as: C:\NetvaultShadowCopy\"
This is a shadow that was produced for NVBU and can be deleted manually (see below step 3)

2) Determine which process locks the shadow:
If the above command does not point to the shadow as being a NetVaultShadowCopy mount point,
some other application / process have produced it and are still locking it.
Use Windows Task Manager, to search for potential processes such as 'eseutil.exe'.
'eseutil.exe' might have a handle to the shadow copy (i.e. while performing a vss integrity check).
If there is no 'eseutil.exe' process running, it might be an instance of 'explorer.exe' that has a handle to it
(i.e. if you have tried to access the shadow path using Windows Explorer).
If you cannot determine what process is locking that shadow, the next reboot of the server will release any handle,
and you should then be able to use vssadmin to delete the shadow.

3) Deleting the shadow:
Use the 'delete shadows' command from the DISKSHADOW prompt.
Example:

DISKSHADOW> delete shadows id {00e746fe-f50e-4cee-9f6f-a4cace683bd8}
Deleting shadow copy {00e746fe-f50e-4cee-9f6f-a4cace683bd8}...

1 shadow copy deleted.