Exchange 2013 Health Check Monitors and Journaling

Exchange 2013 includes built-in health monitors that monitor the health of system resources.  Microsoft calls this new process "Managed Availability".

The Exchange 2013 Server Health and Performance topic on TechNet says,

"Exchange 2013 introduces the concept of managed availability. Managed availability runs on every Exchange 2013 server. It's made up of two processes, the Exchange Health Manager Service (MSExchangeHMHost.exe) and the Exchange Health Manager Worker process (MSExchangeHMWorker.exe), and the following asynchronous components:

• Probe engine   The probe engine takes measurements on the server.

• Monitoring probe engine   The monitoring probe engine stores the business logic about what constitutes a healthy state. It functions like a pattern recognition engine, looking for patterns and measurements that differ from a healthy state, and then evaluating whether a component or feature is unhealthy.

• Responder engine   When the responder engine is alerted about an unhealthy component, its first action is to try to recover that component. Managed availability enables multi-stage recovery actions. The first attempt may be to restart the application pool, the second attempt may be to restart the corresponding service, and the third attempt may be to restart the server. And, the final attempt may be to put the server offline, so that it no longer accepts traffic. If all of these actions fail, an alert is sent to the help desk."

When you install Exchange 2013 it automatically creates several HealthMailbox<guid> objects in Active Directory used by the managed availability service.  There are two health mailboxes that are created for a single mailbox database, one for mailboxes, and one for Public Folders (if deployed).  These hidden mailbox objects can be viewed from EMS by running the following command:

Get-Mailbox -Monitoring

Exchange 2013 managed availability uses these HealthMailbox<guid> objects to send emails through Exchange to verify mail flow every 5 minutes.  This causes problems if you're doing organization-wide journaling in the RTM version of Exchange 2013.  The org-wide Journal Rule will journal all these health probe emails, polluting the journal with thousands of useless messages.

Examples of these journaled health monitor messages are:

Sender: HealthMailboxac09e6fd942f4b40aba364cf2bf34e6b@contoso.com

Subject: MBTSubmission/StoreDriverSubmission/00000047-0000-0000-0000-0000b7145037-MapiSubmitLAMProbe

Message-Id: <2f33c299d6594de9b2ade02dee24e0c9@EX1.contoso.com>

To: HealthMailboxac09e6fd942f4b40aba364cf2bf34e6b@contoso.com

Sender: HealthMailboxc8a6d67ca286431abdf771e24a58093e@contoso.com

Subject: Client submission probe

Message-Id: <70701396-16e9-49ed-9888-11e39257d03e@EX1.contoso.com>

Bcc: HealthMailboxc8a6d67ca286431abdf771e24a58093e@contoso.com

Sender: inboundproxy@inboundproxy.com

Subject: Inbound proxy probe

Message-Id: <20d4e3a7-34a4-4b59-9773-9e1b51328b5a@EX1.contoso.com>

Recipient: HealthMailboxc8a6d67ca286431abdf771e24a58093e@contoso.com

Exchange 2013 Journal Mailbox filled with HealthMailbox* reports

This issue is supposed to be fixed in the first half of 2013, but if you can't wait that long (who could blame you), here's a workaround:

• Add "Ignore" as the value of the ExtensionCustomAttribute1 attribute on each HealthMailbox* object in Active Directory using the following command from the Exchange Management Shell:

Get-Mailbox -Monitoring | Set-Mailbox -ExtensionCustomAttribute1 'Ignore'

• Use the Exchange Management Shell to create a new Dynamic Distribution Group using the following two commands:

New-DynamicDistributionGroup -Name 'Journaled Users' -Alias JournaledUsers -RecipientFilter {((((CustomAttribute1 -ne 'Ignore') -and (RecipientType -eq 'UserMailbox'))) -and (-not(Name -like 'SystemMailbox{*')) -and (-not(Name -like 'CAS_{*')) -and (-not(RecipientTypeDetailsValue -eq 'MailboxPlan')) -and (-not(RecipientTypeDetailsValue -eq 'DiscoveryMailbox')) -and (-not(RecipientTypeDetailsValue -eq 'PublicFolderMailbox')) -and (-not(RecipientTypeDetailsValue -eq 'ArbitrationMailbox')))}
Set-DynamicDistributionGroup -HiddenFromAddressListsEnabled $true

• The commands above create an Exchange Dynamic Distribution Group called Journaled Users that contains all email enabled objects where the ExtensionCustomAttribute1 doesn't equal Ignore.  It then hides the Dynamic Distribution Group from the Exchange address lists.  Note that users will not see this DDG in the list of groups they are members of.
• Create a new journal mailbox to hold the journal reports and hide it from Exchange address lists.  In this example, I call it Journal Mailbox.
• Lastly, create a new Journal Rule that journals all emails for the Journaled Users DDG to a journaling mailbox called Journal All using the following command from EMS:

New-JournalRule -Name 'Journal All' -JournalEmailAddress 'journalmailbox@domain.com' -Scope 'Global' -Enabled $true -Recipient 'JournaledUsers@domain.com'

It's important that you don't update the Dynamic Distribution Group using the Exchange Management Console.  Doing so will update the DDG to a "precanned" RecipientFilter and the HealthMailbox* mailboxes will be journaled.

Update 5/29/2013 - I have confirmed this is still an issue with Exchange 2013 RTM CU1.
Update 8/1/2013 - Still an issue with Exchange 2013 RTM CU2-V2.  Microsoft released the following KB article describing how to use the new Add-GlobalMonitoringOverride cmdlet to work around the problem.  See Managed Availability messages are journaled in Exchange Server 2013 (http://support.microsoft.com/kb/2823959).  I expect this will be the way to address this issue going forward.