Contents
Issues symptoms
I was on a customer site today going through a bit of training on a fresh install of Exchange 2016/2019 which will eventually play host to around 300 users. As we were doing a bit of housekeeping we decided to delete the databases that were automatically created during the installation of the mailbox servers.
After migrating all of the mailboxes – arbitration included – to our new database, we did the following:
Get-MailboxDatabase "Mailbox Database XXXX" | Remove-MailboxDatabase
All looked to be going swimmingly until we hit upon the following error:
Failed to remove monitoring mailbox object of database “database_name”. Exception: Active directory operation failed on “SERVERX”. This error is not retrievable. Additional information: Access is denied. Active directory response: 000000005: SecErr: DSID-031520B2, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0.
The problem suggests that there is a problem with permissions, at first I thought this was because the user account we were using didn’t have permissions to something; however, after checking that I was an Enterprise Administrator it would appear that the problem is that Exchange 2013/2016/2019 doesn’t have permissions over a specific set of objects in AD.
Solution
Get-Mailbox -Monitoring
Brings back a list of monitoring mailboxes interspersed with the error:
WARNING: The object DOMAIN.LOCAL/Microsoft Exchange System Objects/Monitoring Mailboxes/”Health_Mailbox_GUID” has been corrupted, and it's in an inconsistent state. The following validation errors happened: WARNING: Database is mandatory or UserMailbox.
The object listed in the above error is the item that the Remove-MailboxDatabase command we ran at the start was unable to remove. So, the easy way to fix this is to go in and manually remove the items using ADUC (Make sure you have View -> Advanced Features ticked or you won’t see the OU) , just navigate through and delete the HealthMailboxGUID mailboxes that are listed as errors above.
When you restart the Microsoft Exchange Health Manager service it will go off and recreate them without causing any problems.
Good Luck