Home » Blog » Data Recovery » Poison Mailbox Exchange & Disable-Mailbox Quarantine

Poison Mailbox Exchange & Disable-Mailbox Quarantine

  author
Written By Chirag Arora  
Anuraag Singh
Approved By Anuraag Singh 
Published On November 1st, 2022
Reading Time 6 Minutes Reading

What is Poison Mailbox or Quarantine Mailbox Definition in Detail

One corrupted or damaged mailbox can have the ability to damage service by taking down whole information store, thus affecting all users on that server. Mailbox quarantine is used in Exchange Server 2010 that helps to prevent this situation of Exchange Quarantine Mailbox.

What is Poison Mailbox Quarantine feature?

A Poison (Quarantine) mailbox is defined as an infected mailbox on the Exchange server that justifies the disturbances on the Exchange database store. Moreover, Exchange 2010 poison mailbox added several features for improving the resiliency of message services. Exchange 2010 has a single store.exe process where to load all the databases, so it is necessary to secure this critical procedure as well. In case, if the store will become crashed or hang on a single thread then, entire mailboxes will be affected. It means Poison Mailbox Exchange is a feature in the Exchange server 2010 information store. After understanding What is Poison Mailbox, the following section, we will discuss when it will happen, Exchange Quarantine Mailbox working and more.

exchange-quarantined-mailbox

When does Poison Mailbox Exchange Quarantining Occur?

There are two main situations behind quarantining of mailboxes such as:

  1.  A thread which is doing work for a mailbox has been crashed
  2.  More than 5 threads are allocated for processing a mailbox, can’t be possible for a long duration.

Consequences and Reasons Over Exchange Quarantine Mailbox

After Understanding the concept of What is Poison Mailbox, the major complication is multiple users are unable to access a mailbox that resides on MS Exchange 2010 server. The mailbox has a potential thread which stores several information and has been quarantined. There are multiple reasons due to which Poison Mailbox Exchange threads become corrupted. However, if more than five threads are connected to a mailbox will become freeze for more than 60 seconds or three threads crashed in two hours then, the database store views the mailbox to be in an irregular state.

While performing the Quarantining, a thread is running in the background in every two hours inside the store to verify the number of crashes experienced through mailboxes. If a mailbox exceeds the threshold crash range it is considered to be a threat to the overall stability of the Store and therefore it keeps into Exchange Quarantine Mailbox.

Resolution for Poison mailbox Detection and Correction

The reason of the Exchange 2010 quarantine can be identified and corrected properly. Once this is accomplished, so that the users can easily access the mailbox and the registry key for the Exchange Quarantine Mailbox must be re-establish manually by removing it.

Note: If a user has forgotten manual steps, the Exchange database store resets quarantined mailboxes automatically in 6 hours after set the Exchange Quarantine Mailbox.

How Poison Mailbox Works?

Store tags the mailbox as quarantined inside the registry and users unable to access the mailbox. The only access is allowed if the OPEN_AS_ADMIN flag is passed. After considering a Poison Mailbox Exchange is caused a store to crash or deadlock three times within two hours.

If the store is crashed or hangs up by a mailbox, a user can easily modify the thresholds value on per server basis in the system registry.  The location of the registry key is:
HKLM\SYSTEM\CCS\Services\MSexchangeIS\Servername\Private-dbguid\Quarantined Mailboxes\ {Mailbox GUID}
It will get two values those are mentioned below:

  1. CrashCount: The total number of times the mailbox become crashed the store
  2. LastCountTime: The mailbox has crashed the store in the last duration.

The key is not generated until the store had been crashed at least once by a mailbox.
Every time a database has mounted, the store will verify the registry to view if any mailboxes hosted on this desired database is tagged. If the registry implies that a mailbox has caused the store to crash the Poison Mailbox Exchange would be quarantined.
If the mailbox has been identified as a threat three times in 2 hours, by default then, that mailbox would be quarantined for six hours.

These default settings can be changed by creating the following registry key:
HKLM\SYSTEM\CCS\Services\MSexchangeIS\ParameterSystem\Servername\Private-dbguid\Quarantined Mailboxes
Using the below values such as:

  • MailboxQuarantineCrashThreshold – The multiple numbers of times a Poison Mailbox Exchange can be known before considering the store to be quarantined.
  • MailboxQuarantineDurationInseconds – Before releasing, the number of seconds a mailbox remains in Exchange Quarantine Mailbox for six hours by default.

 

By default, these two values are not possible. They should be created only if there is a need to modify the default behavior.
A background process within the store runs every 2 hours i.e. this default can’t be changed to verify the registry values for every mounted database.

How to Enable-Mailbox Quarantine

For poison mailbox detection and correction, make sure users must be assigned permissions before running the command on the cmdlet. Use the Enable-Mailbox Quarantine command to enable Poison Mailbox Exchange which affects the availability of database mailbox.

Syntax:

Enable-MailboxQuarantine -Identity <GeneralMailboxIdParameter> <COMMON PARAMETERS>

Example:

Enable-MailboxQuarantine “John”

How to Disable-Mailbox Quarantine

Mailboxes are poisoned when they impact the availability of the mailbox database. Generally, a software fix from Microsoft is needed before releasing a Poison Mailbox Exchange from Quarantine. If a fix doesn’t deploy before releasing the mailbox, Exchange Quarantine Mailbox will be re-enabled if the condition goes on. The default quarantine duration is 24 hours. Before running the command, users have to assign the permission.

Syntax:

Disable-MailboxQuarantine -Identity <GeneralMailboxIdParameter> <COMMON PARAMETERS>

Example:

Disable-MailboxQuarantine “John”

Conclusion

In this article, we have discussed What is Poison Mailbox & the process to identify and remove a mailbox from the quarantine, in Exchange server 2010 a mailbox can be poisoned after 3 failures and it will stay for 6 hours. Also, we have covered entire details to let the users understand about the Quarantine mailbox, reasons behind Poison Mailbox Exchange occur and also presented the power shell command to enable and disable the Exchange Quarantine Mailbox in detail. There may be many reasons for Quarantining of Mailboxes & Some of them have been discussed above. You can also repair Exchange Mailbox using some online software’s available on the Internet that can help to resolve further Issues related to poison mailbox detection and correction.

  author

By Chirag Arora

Chirag Arora is a seasoned professional who wears multiple hats in the digital realm. As a Digital Marketing Manager, he orchestrates successful online campaigns, optimizing brand visibility and engagement. Additionally, Chirag brings meticulous attention to detail to his role as a Content Proofreader, ensuring that every piece of content shines with accuracy and clarity.