Read time 4 minutes
The Exchange Server can connect with numerous client systems simultaneously and fulfill their requirement. Each client creates a thread with the Server to ask for the resources constantly. When some threads freeze and start consuming more CPU power than necessary for a longer period, or if any suspicious or harmful activity is detected in a mailbox, Exchange puts such mailboxes in a quarantine state. During this time, the mailbox will not be accessible, and it is called a quarantine state. It is important to take care of exchange mailbox in quarantine to regain the normal access, which we’ll be learning ahead in this write-up.
What is the mailbox quarantine issue?
MAPI clients such as Outlook use multiple threads for store procedures while connecting to mailboxes. And, if these threads get frozen for any reason, the store process would take more CPU time to make those threads work again. In this scenario, the mailbox would be termed quarantine.
It makes mailboxes inaccessible to Exchange users, turning them poisonous. If you try to open Outlook Web App, it will also show the error, ‘something went wrong. Cannot get the information.’ You will not send an email or receive new ones. Also, if other users try to send you emails, they will get the error message ‘Your mailbox was not delivered because the recipient’s mailbox is quarantined.’
What can be the possible causes of Exchange quarantine mailbox?
An Exchange mailbox in quarantine is the mailbox that becomes unstable or is a threat to the Exchange environment. The key factors that can lead a mailbox in quarantine include the following:
- Mailbox corruption: Damaged, inaccessible, or corrupt mailboxes can be one of the reasons for Exchange mailbox quarantine.
- Improper configuration: If a mailbox is improperly configured or has incorrect settings, it can enter the quarantine state.
- Malware attacks: When the Exchange Server finds any suspicious activity or malware/ phishing attack on the mailbox, it is sent to quarantine so that it doesn’t infect other mailboxes.
- Frozen MAPI threads: Any threads that are behind the operation of the Exchange mailbox when get stuck or freeze, causes quarantine situation.
- High usage of the resource: Exchange mailboxes when start consuming extreme resources, such as occupying CPU for a long time, termed as quarantine.
How to identify an Exchange mailbox in quarantine?
Users came to know that their mailbox is in quarantine state when:
- Three threads (at least) are frozen for two hours continuously.
- Over five threads have been freezing for more than 60 seconds.
- Not able to send/receive any mail through the mailbox, and when trying to access the Outlook Web Access, receive an error saying, “
Something went wrong. Cannot get the information.” - External users send any message to the quarantine mailbox, and it shows a delivery error, “
Your mailbox was not delivered because the recipient’s mailbox is quarantined.”
The effect of the ‘mailbox has been quarantined’ is that it cannot be accessed. There is a time duration for the quarantine state of the mailbox in which it cannot be accessed, but after that duration, it returns to its normal state. By default, this time duration is 6 hours. You can check the registry key.
MailboxQuarantineDurationInSeconds to detect the time duration up to which the mailbox will remain in the quarantine state.
If you need that quarantined mailbox urgently or if it is causing any interference in the flow, you can fix it immediately by following the procedure explained in further sections.
Fix the mailbox quarantine issue
Perform the following steps to resolve Exchange mailbox quarantine from Exchange Server:
Check the mailbox status
Exchange 2013/2016 and 2019 users can run this command in the Exchange Management Shell to check if the mailbox is in the quarantined state.
Get-MailboxStatistics UserName | Select DisplayName, IsQuarantined | Format-Table -AutoSize
If the output of this command displays the value of IsQuarantine as true, then the Exchange mailbox is quarantined.
Note: The Exchange Store creates an event id (10018), which you can check to confirm that the mailbox is in the quarantined state. It carries all the details like which mailbox and when it is quarantined.
Check the quarantine duration
Now, you know that the Exchange mailbox is quarantined, so try to find out the duration for which it has been in quarantine. To perform this, go to Registry Key and run MailboxQuarantineDurationSeconds.
Reliable solutions to fix the issue
The solutions given below can be used to restore an Exchange mailbox from a quarantine state. Let’s dive in to learn the fixes:
Removing Registry Key
To access the quarantine mailbox urgently, delete the registry key with the quarantine state of the mailbox. The registry that you need to remove is:
HKLM\SYSTEM\CurrentControlSet\Services\MSExchangeIS\<ServerName>\Private-{db guid}\QuarantinedMailboxes\{mailbox guid}
Once you have removed this registry key, either you need to restart the Information store service or dismount and mount the database.
Note: If you do not want to perform the above operations, like removing the registry key, dismounting/mounting, or restarting the store service, just modify the “Crash Count value” in the CrashCount key to 2.
This would remove the mailbox from the quarantine state and make it normal. However, if this process doesn’t help, try running disable cmdlets in PowerShell.
Running Disable Exchange PowerShell cmdlets
For Exchange 2013 and above versions, dealing with the quarantined Exchange mailbox is easy. To let the mailbox out of the quarantined state, run this cmdlet in the Exchange Management Shell:
Disable-MailboxQuarantine <Mailbox Name>
This would release the mailbox from the quarantine state, which you can now access. But it is recommended to run this command to check and repair for any corruption in the mailbox.
New-MailboxRepairRequest -Mailbox <mailbox name@domain name> -CorruptionType ProvisionedFolder,SearchFolder,AggregateCounts,Folderview
Hence, the Mailbox quarantine issue has been resolved. But the above manual solutions seem tiresome and not completely promising. The mailbox may still not be accessible even after performing all the operations mentioned above. Here, the situation becomes complex. Choose a smart and powerful EDB Recovery tool to fix the corruption issue or resolve other Exchange Server errors instantly and completely. For user’s convenience and benefits, we recommend using the Kernel for Exchange Server tool which is designed to fix all Exchange data-related issues in the minimum time possible. The tool can also help to recover deleted Exchange mailboxes as well.
Summing Up
Exchange mailboxes enters the quarantine state due to the freezing of multiple threads used by MAPI clients to access mailboxes, which makes mailboxes unavailable for the users for some time (by default 6 hours). Some manual solutions, like removing the registry and turning off the mailbox, can resolve this issue. However, the best professional Exchange mailbox repair tool, such as Kernel for Exchange Server should be used to fix the corruption in the mailbox database.