Sashka54
asked on
Exchange 2013, HealthMailBoxes Event ID 1025
Hello experts.
We recently completed migration from SBS 2008 to Server 2012 R2 with Exchange 2013 CU7.
Old Exchange was uninstalled and demoted.
Every 5 min we getting an error in Application Event Log:
Event ID: 1025
Source: MS ExchangeTransport
SMTP rejected a (P1) mail from 'HealthMailbox065a4231a8a6
There are 14 HealthMailboxes account listed in AD including one listed in this event but only this one generates errors.
Please help.
We recently completed migration from SBS 2008 to Server 2012 R2 with Exchange 2013 CU7.
Old Exchange was uninstalled and demoted.
Every 5 min we getting an error in Application Event Log:
Event ID: 1025
Source: MS ExchangeTransport
SMTP rejected a (P1) mail from 'HealthMailbox065a4231a8a6
There are 14 HealthMailboxes account listed in AD including one listed in this event but only this one generates errors.
Please help.
pls see Microsoft help message stating this issue is due to a problem validating the e-mail address of a sender that was using "Send as" permission to send a message. Apparently, the on behalf sender failed the authentication
https://technet.microsoft.com/en-us/library/ff982197(v=exchg.141).aspx
Hi,
How about the internal and external mail flow?
According to Microsoft article, please double check what event log level is set for MSExchangeTransport\SmtpRe
Get-EventLoglevel -server Servername
More details about Source: MSExchangeTransport Event ID:1025, please refer to:
http://www.microsoft.com/technet/support/ee/transform.aspx?ProdName=Exchange&ProdVer=8.0&EvtID=1025&EvtSrc=MSExchangeTransport&LCID=1033/
How about the internal and external mail flow?
According to Microsoft article, please double check what event log level is set for MSExchangeTransport\SmtpRe
Get-EventLoglevel -server Servername
More details about Source: MSExchangeTransport Event ID:1025, please refer to:
http://www.microsoft.com/technet/support/ee/transform.aspx?ProdName=Exchange&ProdVer=8.0&EvtID=1025&EvtSrc=MSExchangeTransport&LCID=1033/
ASKER
I am not sure how this help message apply to our situation. HealthMail boxes do not send of other users behalf. They used to monitor email flow and there are no problems with other 13 Health Mail boxes which have the same permissions and rights
the new account may not be existences and if no user faced difficulties, w can disable that account in AD if created due to migration. It should not be worst off as it seems to be blocking smtp traffic
ASKER
Internal and external email flow is fine. Logging on Client Proxy Connector is Off.
the health box acct is just not validating correcting as the other 13 acct, see this which suggested to allow this acct or even create a relay connector as option.
https://social.technet.microsoft.com/Forums/exchange/en-US/39e508b7-3840-4b66-8187-69b7a9714dbb/1025-authentication-error-when-submitting-mail
But if there are no other leading errors accompanying this acct, I rather monitor it unless it is killing the server performance
https://technet.microsoft.com/en-us/library/hh994900(v=exchg.141).aspx
And if really need to we ca start tracking audit as below...I am just thinking it is worth drilling so deep if it is not worst off or creating any issues ...just eventlog may be flooded..
http://blogs.technet.com/b/messaging_with_communications/archive/2011/04/22/how-to-track-message-in-exchange-2003-2007-2010.aspx
https://social.technet.microsoft.com/Forums/exchange/en-US/39e508b7-3840-4b66-8187-69b7a9714dbb/1025-authentication-error-when-submitting-mail
But if there are no other leading errors accompanying this acct, I rather monitor it unless it is killing the server performance
https://technet.microsoft.com/en-us/library/hh994900(v=exchg.141).aspx
And if really need to we ca start tracking audit as below...I am just thinking it is worth drilling so deep if it is not worst off or creating any issues ...just eventlog may be flooded..
http://blogs.technet.com/b/messaging_with_communications/archive/2011/04/22/how-to-track-message-in-exchange-2003-2007-2010.aspx
ASKER
Last two comments applied to previous versions of Exchange (2007 and 2010). HealthMail Boxes is new feature in Exchange 2013. These Events Id looks rather confusing. I spent considerable amount of time on Internet before posting this question. But thank you for your attention.
Noted thanks. Apparently I see the more critical health aspects as the back pressure instead - but they are different errors though https://technet.microsoft.com/en-us/library/bb201658%28v=exchg.150%29.aspx
Overall below are probably area to explore further and in particular, these
...and
Overall below are probably area to explore further and in particular, these
SMTP Send When an Edge Transport server is subscribed to an internal Active Directory site, two Send connectors are automatically created and configured. One is responsible for sending outbound mail to Internet recipients; the other is responsible for sending inbound mail from the Internet to internal recipients. Inbound mail is sent to the Transport service on an available Mailbox server in the subscribed Active Directory site.https://technet.microsoft.com/en-us/library/aa996349(v=exchg.150).aspx
...and
You can subscribe an Exchange 2007 or Exchange 2010 Edge Transport server to an Active Directory site that contains only Exchange 2013 servers. You can import the Edge Subscription file and run EdgeSync on a standalone Exchange 2013 Mailbox server, or on a server where the Mailbox server and the Client Access server are installed on the same computer. You can't import the Edge Subscription file or run EdgeSync on a standalone Exchange 2013 Client Access server.https://technet.microsoft.com/en-us/library/jj150569(v=exchg.150).aspx
ASKER
No it is not killing server performance. Except is it clogging up Event Log because it is coming up every 5 min.
Also I concern if it is not sign of a bigger problem.
Also I concern if it is not sign of a bigger problem.
understood, i do not see great implication though hence the various posting above. one mean is also to enable diagnostic to sieve more "evidence" on the implication really exist. there is instance where unknown account are spamming the email exchange with similar error but seems unrelated to additional healthbox acct added .
Below is the setting for the verbosity to see any more "other" errors or anomalies compared to past baseline..
http://thoughtsofanidlemind.com/2014/09/22/setting-server-diagnostic-levels-in-exchange-2013/
https://technet.microsoft.com/en-us/library/aa998905(v=exchg.150).aspx
Below is the setting for the verbosity to see any more "other" errors or anomalies compared to past baseline..
http://thoughtsofanidlemind.com/2014/09/22/setting-server-diagnostic-levels-in-exchange-2013/
https://technet.microsoft.com/en-us/library/aa998905(v=exchg.150).aspx
ASKER
Dear btan,
This all very informative. But I am looking for something which specifically applies to Exchange HealthMail Boxes. Unfortunately information on internet and MS documentation is sketchy. For example, I found that during setup two health monitoring mailboxes created per database. Somewhere I remember seeing if you delete one of this mailboxes during restart of Exchange Transport Service, they will be recreated and issue fixed. But again, I can't confirm it and I do not want to take chances on production server.
This all very informative. But I am looking for something which specifically applies to Exchange HealthMail Boxes. Unfortunately information on internet and MS documentation is sketchy. For example, I found that during setup two health monitoring mailboxes created per database. Somewhere I remember seeing if you delete one of this mailboxes during restart of Exchange Transport Service, they will be recreated and issue fixed. But again, I can't confirm it and I do not want to take chances on production server.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Dear btan,
When I type command Get-Mailbox - monitoring, It list 14 mentioned Health Mail boxes. One of them is causing an issue in Eventlog.
When I type command get-mailbox -monitoring | Get-MailboxStatistics, I get statistics for 5 mailboxes, other 9 give me Warning " The user hasn't logged on to mailbox ....., so there is no data to return.
Thank you.
When I type command Get-Mailbox - monitoring, It list 14 mentioned Health Mail boxes. One of them is causing an issue in Eventlog.
When I type command get-mailbox -monitoring | Get-MailboxStatistics, I get statistics for 5 mailboxes, other 9 give me Warning " The user hasn't logged on to mailbox ....., so there is no data to return.
Thank you.
looks likes account for that healthbox is not functioning as expected .. really tempted to delete and restart the services rather than trying to drill into those account http://it.gamerz-bg.com/index.php/failed-security-audits-4265-hmworker-exchange-2013/
but if you see the past first URL post, it also has the user cannot logon error adn it is due to the UPN issue extracted. Different UPN in AD and Exchange found and the Exchnage UPN is changed to in sync with Exchange UPN for that affected Healthbox account...
but if you see the past first URL post, it also has the user cannot logon error adn it is due to the UPN issue extracted. Different UPN in AD and Exchange found and the Exchnage UPN is changed to in sync with Exchange UPN for that affected Healthbox account...
ASKER
This is not clear to me: which user account logons into Health Mailbox. Or to put it better: which user account correspond to specific Health Mailbox and how to find out it?
it is the healthbox account e.g. HealthMailbox065a4231a8a64
ASKER
Thanks for your patience.
I am preparing to address this issue with a client.
What is worst case scenario in case I delete this HealthMail Box and it can't be created properly?
Please understand me, I am already got burned with this server. This was our first taste of Exchange 2013. For past month it was working ok, except this issue. But client is not aware about it. So I am not is a rush to fix it unless we verify solution.
I am preparing to address this issue with a client.
What is worst case scenario in case I delete this HealthMail Box and it can't be created properly?
Please understand me, I am already got burned with this server. This was our first taste of Exchange 2013. For past month it was working ok, except this issue. But client is not aware about it. So I am not is a rush to fix it unless we verify solution.
noted the worries, I cannot warrant there is no side effect since we are all shy after twice bitten, but so far, I did not hear of any since it is automatically created by restarting services. but as mentioned if it is not affecting greatly, I rather not touch it and it is best to test in staging and standby a backup with recovery backup ready for rollback. indeed trust and verify is of higher assurance but it will take some time if you can set the staging
ASKER
Here is interesting development: I did not want to touch this server during this week because of holiday. This error message mysteriously disappeared. It is not coming up for at least 7 days.
Account corresponding to that Health Mail Box is still there. The only work we did on this server was installation of regular Windows updates. Any rational explanation?
Account corresponding to that Health Mail Box is still there. The only work we did on this server was installation of regular Windows updates. Any rational explanation?
Saw other mentioned this though
- An email or something in the user's deactivated mailbox was causing the exchange problems. So what i did was basically disconnect(delete) the user's mailbox instead of deactivating it and the warning message disappeared.
- I also found out from another forum was to keep from having that msexchangesid warning appearing every day in the event viewer was to simply set the expiration date of the AD account to a previous date from present and that would deactivate the AD user account and exchange mailbox correctly.
- An email or something in the user's deactivated mailbox was causing the exchange problems. So what i did was basically disconnect(delete) the user's mailbox instead of deactivating it and the warning message disappeared.
- I also found out from another forum was to keep from having that msexchangesid warning appearing every day in the event viewer was to simply set the expiration date of the AD account to a previous date from present and that would deactivate the AD user account and exchange mailbox correctly.
ASKER
Thanks for your support. It took a while because implement this solution because it was production server.
no worries, glad to have helped