HealthMailbox login issues

Craig Tompkins 26 Reputation points
2021-02-06T13:48:19.763+00:00

We are getting thousands of errors every day of several healthmailbox accounts trying to log into AD, but the account itself does not exist. So it's a bad username issue, not a bad password issue. I've found lots of articles online saying if you have a password error you can delete the AD accounts and restart the Exchange Health Manager Service on each server to have them recreated with valid passwords. This is the opposite of our issue.
We are hybrid with M365 if that matters, but the logins are definitely on-prem.

Can anyone point me in the right direction?

Exchange Server Management
Exchange Server Management
Exchange Server: A family of Microsoft client/server messaging and collaboration software.Management: The act or process of organizing, handling, directing or controlling something.
7,698 questions
0 comments No comments
{count} votes

Accepted answer
  1. Joy Zhang-MSFT 1,051 Reputation points
    2021-02-08T02:48:04.15+00:00

    Hi @Craig Tompkins ,

    As AshokM-8240 has replied above, I wan to confirm what are specific error messages showing in event logs? And based on your description, these health mailboxes account don't exist, please check these accounts in ADUC and powershell again.

    • Check health mailboxes in ADUC: Open up Active Directory Users and Computers(ADUC) and open up the group Microsoft Exchange System Objects. You will see a subgroup called Monitoring Mailboxes.
    • Check health mailboxes in powershell (Check the health mailboxes of all the Exchange servers in the organization): Get-Mailbox -Monitoring

    If these accounts don't exist in both side, I suggest you to try to recreate health mailboxes and check if this issue continues. Here's an article on recreating Health mailboxes for your reference: Exchange 2013/2016 Monitoring Mailboxes


    If an Answer is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
     

    0 comments No comments

3 additional answers

Sort by: Most helpful
  1. Ashok M 6,516 Reputation points
    2021-02-07T13:10:25.153+00:00

    Hi,

    Could you please share the error message or the event by removing the personal information.

    For this scenario also you can try re-creating the health mailboxes and check if errors still exists.

    https://msexchangeguru.com/2018/07/10/e2016healthmailboxcannotaccess/

    If the above suggestion helps, please click on "Accept Answer" and upvote it


  2. Craig Tompkins 26 Reputation points
    2021-02-10T13:38:09.517+00:00

    I'm sorry for the delay, I've traveling for work (and head back out again tomorrow afternoon).
    As an FYI, there are 7 or 8 healthmailbox accounts with this issue, this is just an example of the most talkative one.
    66512-failure-example.png
    As you can see there, the error is bad username not bad password
    66513-health-mailbox-accounts.png
    That is an ADUC search for all accounts with health in the name. As you can see the failing account is not in the list, hence the bad username error.

    I tried the powershell command, but can't get it to run. It says the cmdlet is not recognized. I assume this is because I don't have the exchange module loaded, but I can't seem to figure out how to load that either. I tried

     $Credentials = Get-Credential  
     $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $Credentials -Authentication Basic -AllowRedirection  
     Import-PSSession $Session -DisableNameChecking  
    

    But there I get a failed to connect with a http 403 error from the remote WS-Management service.
    Also, since these errors are coming from my on prem server (hybrid mode) and not M365 I wouldn't think this command should be run against M365, but against local exchange instead, yet all the documents I find are saying to do the above steps?


  3. Craig Tompkins 26 Reputation points
    2021-02-11T18:56:11.917+00:00

    Thanks to both of you. I don't know why, but when I did the get-mailbox from the server I saw the account in question so I went back to AD and it was there. Looking at my screenshot above, the account in question is there, I just missed it every time I was looking for it. I'm sorry for wasting your time.

    I did delete all the accounts from AD and then restarted the Microsoft Exchange Health Manager Service and the accounts got recreated and I don't see any more bad logins.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.