Exchange 2013 Healthmailbox validation error

pchettriIT Director
Exchange server application Event id showing error code 1025 SMTP rejected a (P1) mail from 'HealthMailbox...@domain.local'with 'Client Proxy EXCHDAGActive'. The Active Directory lookup for the sender address returned validation errors.
Recently, I discovered following error log on my Exchange server:
Event id 1025 SMTP rejected a (P1) mail from 'HealthMailbox...@domain.local'with 'Client Proxy EXCHDAGActive' connector and the user authenticated as HealthMailbox...@domain.local'. The Active Directory lookup for the sender address returned validation errors. Microsoft.Exchange.Data.ProviderError
To fix it, the first thing I tried was to remove the corrupted health mailboxes using –
  1. Powershell command – Remove-mailbox –identity HealthMailbox...@domain.local
  2. On the Domain Controller navigate to domain.local -> Microsoft Exchange System Object (OU) – Monitoring Mailboxes (OU) - find the mailbox from the list or search to filter exact object and delete in from Active directory.
If the Event log is generated by corruption of health mailbox, then Exchange will generate the new health mailbox and fix the error.

However, in my case I was only getting health mailbox issues with server health mailboxes ending with “.local” -- the internal domain. All the other object-based health mailboxes were working without error. This helped me isolate the issue with DNS, as we use different DNS names internally and externally. I tried to resolve all my Exchange Certificate based services by creating an additional zone on the internal DNS that maps to the external public DNS, a record for my mail server. I know lot of medium and small business would use this solution to address the certificate issue on a registered name. Deleting the health mailbox did create new mailbox with a new identifier but now it started showing the error for that mailbox.

The Exchange proxyAddress attribute does not have SIP and SMTP values for Healthmailbox.local as the name is not registered to services we applied in Exchange. However, the health mailboxes for the Exchange server would be generated based on the internal domain name or internal DNS name used for resolving the FQDN of the server internally. Therefore, the Healthmailbox.local needs to be added to the proxyAddress attribute of that mailbox property.

To Modify the proxy value, you need to connect to the “Default Naming Context” using the ADSI console. To access the console type ADSIEdit.msc from the Run prompt and connect to “Default Naming Context” from Action menu. Navigate down to “Microsoft Exchange Systems Object” and click on “CN=Monitoring Mailboxes” on the subtree.

Locate the Healthmailbox with the correct identifier and right click on the mailbox to access property for “Attribute editor”

expertadsi.jpgScroll down to “proxyAddress” attribute and click on edit button. Add the value “smtp:healthmailbox#######.local” and apply the settings.

After 5 minutes, refresh the event viewer to see the new event related to 1025.
pchettriIT Director

Comments (1)

Mohammed HamadaAzure / Office 365 Integration engineer


Have a question about something in this article? You can receive help directly from the article author. Sign up for a free trial to get started.