Wednesday, November 3, 2010

Poison Mailbox Detection and Correction

One of the biggest pains I have faced many times in my career has been troubleshooting an Exchange server issue that was caused by a single mailbox or user. From an alert system flooding a mailbox, IMAP user with tons of folders to the lovely iPhone 4.0 release. They have all been problems from one to hurt many.

Well Exchange 2010 has added some preventative measures to stop those rogue users in there tracks. Poison mailbox detection is one of those new measures that is handled by the information store and will stop all access to a mailbox unless the OPEN_AS_ADMIN flag is passed.

Now the who, what, when and where:

A mailbox is considered poison when it is causing a crash/deadlock three times within two hours. The threshold for how many crashes lead to quarantining a mailbox as well as how long a mailbox should stay quarantined are configurable. You can modify the MailboxQuarantineCrashThreshold (Default 3 crashes) and MailboxQuarantineDurationInSeconds (Default six hours) in the following path:

 HKLM\SYSTEM\CurrentControlSet\Services\MSExchangeIS\<Server Name>\Private-{db guid}\QuarantinedMailboxes

There are two conditions that the store considers a "poison-able" offense.

  • if a thread that is doing work for that mailbox crashes

  • if there are more than 5 threads in that mailbox that have not made progress for a long time

  • That mailbox is then tagged, along with a count of how many times it has been tagged by a registry key in the following location:

     HKLM\SYSTEM\CurrentControlSet\Services\MSExchangeIS\<Server Name>\Private-{db guid}\QuarantinedMailboxes\{mailbox guid}

    You will see two keys CrashCount and LastCrashTime.

    *An event will also be created on the mailbox server with event id 10018, detailing the user and the time of the quarantine.

    During a database mount, the Exchange store will read the time which the mailboxes were identified as potential threats. If more than two hours has elapsed, the registry key for the mailbox will be wiped out. 

    After you have found the cause of the crashing by the user and rectified the problem you can reset the mailbox by deleting the registry key for the quarantined mailbox. Unfortunately you will need to either remount the database or restart the information store for the reset to take effect.

    UPDATE: I posted a new blog that provides a script to find users that have been quarantined. You can find that here.

    Friday, October 22, 2010

    Exchange 2010 SP1 Hosted Installation Failure

    Those of you have been playing with Exchange 2010 SP1 Hosted version might have run into some issues during the installation process. Having installed different versions Exchange multiple times you could get caught in the repetition trap, where you install Exchange the same way you have for previous versions.

    For the Hosted version of Exchange 2010, extra commands are needed for the installation to succeed. To prepare Active Directory for Exchange 2010 hosting, you must run the following command: /PrepareAD /Hosting

    If you forget to add that "/Hosting" entry and continue to the server install with the following command: /Mode:install /Roles:m,ca,ht /Hosting /on:Exch2010

    You will get the following error:

    Active Directory wasn't prepared using hosting mode.  To install server roles for hosting mode, you need to clean up Active Directory and prepare it again for hosting mode. 

    In order to continue with your Hosted Exchange install you must remove a registry key and remove some objects via ADSI Edit. Locate and then select the following subkey in the registry:


    Delete the PARTNERHOSTEDMODE registry key.

    Then go into ADSI Edit expand Default naming context, find and then delete the following two objects:

    Microsoft Exchange Security Groups
    Microsoft Exchange System Objects

    Next expand the Configuration container and delete the following two objects:
    Microsoft Exchange
    Microsoft Exchange Autodiscover

    Now you can go back, run the PrepareAD command with the Hosting switch and then proceed to run your server install. Now you can explore Hosted Exchange

    Wednesday, October 20, 2010

    SharePoint 2010 PowerPack

    Every year Quest Software has a Challenge that allows any member of the general public to create a PowerPack for their application PowerGUI. If you don't know PowerGUI and your in the IT field then you should definitely get acquainted with it. PowerGUI also includes the PowerGUI script editor which is my editor of choice. 

    Well, back to the subject, after a couple of years of sitting on the sidelines and watching the PowerPack's and contest unfold, I have decided to participate in this years competition. I have created a PowerPack to help administer and view data for SharePoint 2010. It has been uploaded to the PowerGUI website although it is still a work in progress. So please, download it, play with it, break it, and let me know what you like, dis-like or need added to the PowerPack. 

    You can view and download the pack here