Why my Mailbox is getting Quarantine?

Why my Mailbox is getting Quarantine?

  • Comments 2
  • Likes

Exchange 2010 has a single store.exe process where all the databases are loaded, so it is imperative that this critical process is as well defended as possible.  If the store were to crash or get hung up on a single thread then all mailboxes would be affected.  Exchange 2013 implements multiple store.exe processes to mitigate impact.  By analyzing the status of mailbox threads, Exchange can determine if a single mailbox is impacting the store.  It is possible that a single mailbox with corrupted data could cause store to crash or become unresponsive.  If this happens repeatedly, then that would be considered a poison mailbox. 

  •  Mailbox Threads crashing
  • Stuck threads that have not progressed for an excessively long time

 

A mailbox that exhibits these behaviors is tagged, and a count is kept.  So that this data is non-volatile and made available to multiple servers in a DAG, it is persisted in the registry.  In a DAG the cluster service replicates this information via the cluster database.   If a mailbox does get tagged with one of these issues you will see the entry in below path:

 

HKLM\SYSTEM\CurrentControlSet\Services\MSExchangeIS\<ServerName>\Private-{dbguid}\QuarantinedMailboxes\{mailbox guid}

 

With CrashCount or LastCrashTime holding the necessary data.

 

The key will not created until the store has crashed at least one time by a mailbox.

 

The default behavior is to quarantine a mailbox if identified as causing a failure or deadlock three times in a two hour timespan.  Store tags the mailbox as quarantined in the registry and the user cannot get access to the mailbox.  The only access allowed is if the Open_As_Admin flag is passed, you can do this with MFCMapi for example and take a look at the mailbox contents.

 The QuarantineState and QuarantineTime registry keys are used to keep track of the quarantine status. 

Mailboxes are automatically released from quarantine if quarantined for longer that the quarantine duration (MailboxQuarantineDurationInSeconds) since it’s last LastCrashTime.  

If the mailbox does not cause further issues, then the registry will be cleaned up.  So if there are no failures in the previous two hours and the mailbox is not currently quarantined the registry will be cleaned up. 

Verifying If a Mailbox is Quarantined:

There are a few ways to look at the  status of a given mailbox:

  • Event log entries
  • Get-MailboxStatistics
  • Registry
  • ExBPA
  • PerfMon

At the time a mailbox is quarantined, Event ID 10018 will be logged in the application log and this can be easily monitor by monitoring tools. 

We can also verify this in the registry key:

HKLM\SYSTEM\CurrentControlSet\Services\MSExchangeIS\<Server Name>\Private-{db guid}

Then run Get-Mailbox  <GUID> to see which mailbox it is.

Disabling mailbox from being Quarantined:

  • Disable-MailboxQuarantine "User Name”

 

Thank you,

Mukut-

Comments
  • Thanks
    I think •Disable-MailboxQuarantine is only for exchange 2013 no?
    for 2010 I think you need to delete registry and restart store to release it

  • you are correct..

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment