Exchange Server 2010 SP1 Poison Mailbox Quarantine Feature

[This topic is intended to address a specific issue called out by the Exchange Server Analyzer Tool. You should apply it only to systems that have had the Exchange Server Analyzer Tool run against them and are experiencing that specific issue. The Exchange Server Analyzer Tool, available as a free download, remotely collects configuration data from each server in the topology and automatically analyzes the data. The resulting report details important configuration issues, potential problems, and nondefault product settings. By following these recommendations, you can achieve better performance, scalability, reliability, and uptime. For more information about the tool or to download the latest versions, see "Microsoft Exchange Analyzers" at]  

Topic Last Modified: 2010-10-15

The Microsoft Exchange Server Best Practices Analyzer Tool reads the following registry entry to determine whether a poison mailbox exists on the computer that is running Microsoft Exchange Server 2010:

HKLM\SYSTEM\CurrentControlSet\Services\MSExchangeIS\<Server Name>\Private-{db guid}\QuarantinedMailboxes\{mailbox guid}

The following two conditions define a poison mailbox:

  • A registry entry of CrashCount that has a value of 3 must exist.

  • A registry entry of LastCrashTime that has a value of FILETIME < (current FILETIME + 6 hours) must exist.

If these conditions are true, the Analyzer tool generates a warning message.

In some cases, a single mailbox that has corrupted data (logical or physical) may cause the Exchange Store to crash, sometimes repeatedly. A poison mailbox may also deny service to all mailboxes that are hosted by the server.

For more information about the poison mailbox quarantine feature and about how to resolve this warning message, see the "Improvement to Store Health and Resilience" section in Understanding the Exchange 2010 Store.