Poison Mailbox Detection and Correction
Exchange Server introduced poison message detection, placing messages that cause issues with the transport service in a queue and allowing the transport service to continue processing other messages. Exchange Server 2010 applies this same concept to mailboxes. In some cases a single mailbox with corrupt data caused the Exchange Store to crash or even to crash repeatedly. With poison mailbox detection the Exchange information store is able to detect and then isolate the poison mailboxes.
A mailbox will be tagged as a potential threat if:
- A mailbox has had more than five threads running that have not made progress for 60 seconds; or
- A mailbox has a thread doing work that crashes.
When a mailbox meets either of these criteria, an entry in the registry is made for the database along with the number of times the problem has occurred. Storing this information in the registry allows this information to be replicated to other servers in the DAG by the Windows Cluster service. This allows this information to be preserved during a failover. This information is stored in the following locations in the registry:
- HKLM\SYSTEM\CurrentControlSet\Services\MSExchangeIS\<Server Name>\Private-{Database GUID}\QuarantinedMailboxes\{Mailbox GUID}\Crash Count
- HKLM\SYSTEM\CurrentControlSet\Services\MSExchangeIS\<Server Name>\Private-{Database GUID}\QuarantinedMailboxes\{Mailbox GUID}\\LastCrashTime
The default settings can be adjusted for how many crashes lead to quarantining a mailbox as well as how long a mailbox should stay quarantined are stored. You can adjust these settings by modifying the following registry keys:
- HKLM\SYSTEM\CurrentControlSet\Services\MSExchangeIS\<Server Name>\Private-
{Database GUID}\QuarantinedMailboxes\MailboxQuarantineCrashThreshold
The default setting for this key is three crashes. - HKLM\SYSTEM\CurrentControlSet\Services\MSExchangeIS\<Server Name>\Private-
{Database GUID}\QuarantinedMailboxes\MailboxQuarantineDurationInSeconds
The default setting for this is 21,600 or six hours.
The Exchange information store will also keep information on when the mailbox was flagged as a poison mailbox. When a database is brought online and periodically thereafter, the information store reads the time that the mailboxes were identified as potential threats. If the mailbox was quarantined more than two hours prior, the registry key for the mailbox will be wiped out.
After a mailbox is flagged and quarantined, no access is allowed to the mailbox by any end users or any of the Exchange processes. If the mailbox hasn't caused any crashes in the last two hours and is not quarantined, the registry path for the mailbox will be cleaned up by the information store. If a mailbox has been quarantined for longer than the MailboxQuarantine DurationInSeconds since the last time it caused a crash, it will automatically be removed from quarantine. If the problematic mailbox has been fixed, the mailbox can also be removed from quarantine manually by deleting the registry key and then remounting the affected database.
To be sure to keep ahead of any impending issues, you should monitor these registry keys to ensure that there is not a systemic problem causing multiple mailboxes and databases to become corrupt. This will also allow administrators to track down any issues and fix them.
In this tutorial:
- Mailbox Services in Exchange Server
- Exchange Server Mailbox Services
- Exchange Mailbox Services Architecture
- The Exchange Services
- Deleted Item Recovery and Dumpster 2.0
- Discontinuation of Storage Groups
- Increased Database Page Size
- I/O Operations
- Online Archive
- Exchange Mailbox Services Configuration
- Database Maintenance
- Mailbox Limits
- Poison Mailbox Detection and Correction
- Client Configuration
- Configuring Public Folders
- Configuring Public Folders for Site Redundancy