Exchange 2013 Healthmailbox validation error

Published on
17,697 Points
1 Endorsement
Last Modified:
Exchange server application Event id showing error code 1025 SMTP rejected a (P1) mail from 'HealthMailbox...@domain.local'with 'Client Proxy EXCHDAGActive'. The Active Directory lookup for the sender address returned validation errors.
Recently, I discovered following error log on my Exchange server:
Event id 1025 SMTP rejected a (P1) mail from 'HealthMailbox...@domain.local'with 'Client Proxy EXCHDAGActive' connector and the user authenticated as HealthMailbox...@domain.local'. The Active Directory lookup for the sender address returned validation errors. Microsoft.Exchange.Data.ProviderError
To fix it, the first thing I tried was to remove the corrupted health mailboxes using –
  1. Powershell command – Remove-mailbox –identity HealthMailbox...@domain.local
  2. On the Domain Controller navigate to domain.local -> Microsoft Exchange System Object (OU) – Monitoring Mailboxes (OU) - find the mailbox from the list or search to filter exact object and delete in from Active directory.
If the Event log is generated by corruption of health mailbox, then Exchange will generate the new health mailbox and fix the error.

However, in my case I was only getting health mailbox issues with server health mailboxes ending with “.local” -- the internal domain. All the other object-based health mailboxes were working without error. This helped me isolate the issue with DNS, as we use different DNS names internally and externally. I tried to resolve all my Exchange Certificate based services by creating an additional zone on the internal DNS that maps to the external public DNS, a record for my mail server. I know lot of medium and small business would use this solution to address the certificate issue on a registered name. Deleting the health mailbox did create new mailbox with a new identifier but now it started showing the error for that mailbox.

The Exchange proxyAddress attribute does not have SIP and SMTP values for Healthmailbox.local as the name is not registered to services we applied in Exchange. However, the health mailboxes for the Exchange server would be generated based on the internal domain name or internal DNS name used for resolving the FQDN of the server internally. Therefore, the Healthmailbox.local needs to be added to the proxyAddress attribute of that mailbox property.

To Modify the proxy value, you need to connect to the “Default Naming Context” using the ADSI console. To access the console type ADSIEdit.msc from the Run prompt and connect to “Default Naming Context” from Action menu. Navigate down to “Microsoft Exchange Systems Object” and click on “CN=Monitoring Mailboxes” on the subtree.

Locate the Healthmailbox with the correct identifier and right click on the mailbox to access property for “Attribute editor”

expertadsi.jpgScroll down to “proxyAddress” attribute and click on edit button. Add the value “smtp:healthmailbox#######.local” and apply the settings.

After 5 minutes, refresh the event viewer to see the new event related to 1025.
1 Comment
LVL 24

Expert Comment

by:Mohammed Hamada

Featured Post

Upgrade your Question Security!

Your question, your audience. Choose who sees your identity—and your question—with question security.

Join & Write a Comment

This video discusses moving either the default database or any database to a new volume.
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to: http://www.codetwo.com/excha…

Keep in touch with Experts Exchange

Tech news and trends delivered to your inbox every month