How to create a certificate in Exchange Server? It's important to secure the connections to…
Recreate arbitration mailboxes in Exchange Server
A couple of arbitration mailboxes are corrupt, and we like to make them healthy. It can also happen that the arbitration mailboxes objects are missing. That’s because they are removed from Active Directory Users and Computers (ADUC). The good news is that we can recreate the missing arbitration mailboxes. In this article, you will learn how to recreate arbitration mailboxes in Exchange Server.
Table of contents
- Before you start to recreate missing arbitration mailboxes
- Remove arbitration mailboxes
- Remove audit mailbox
- Recreate arbitration mailboxes and audit mailbox
- Enable arbitration mailboxes
- Enable Microsoft Exchange Federation Mailbox
- Enable Microsoft Exchange Migration mailbox
- Enable Microsoft Exchange Approval Assistant mailbox
- Enable Microsoft Exchange organization mailbox for OABs
- Enable Microsoft Exchange Discovery system mailbox
- Enable arbitration mailbox Exchange 2016 CU8 and later (1)
- Enable arbitration mailbox Exchange 2016 CU8 and later (2)
- Enable audit mailbox
- Verify arbitration mailboxes
- Verify audit mailbox
- Conclusion
Before you start to recreate missing arbitration mailboxes
Read the following articles about the arbitration mailboxes:
Find the arbitration mailboxes in Exchange Server. Run Exchange Management Shell as administrator. Make use of the Get-Mailbox -Arbitration cmdlet. If you run the same cmdlet and don’t see all the arbitration mailboxes, it means they are not in a good state. In our example, we have seven arbitration mailboxes.
We are running Exchange Server 2016 CU16. All the arbitration mailboxes are configured in Exchange Server 2016 mailbox database DB01. You can see that we have seven arbitration mailboxes in the Exchange organization:
- 5x System mailboxes
- 1x Migration mailbox
- 1x Federation mailbox
Set-ADServerSettings -ViewEntireForest $true; Get-Mailbox -Arbitration | Format-Table Name, ServerName, Database, AdminDisplayVersion, ProhibitSendQuota
The output that appears.
Name ServerName Database AdminDisplayVersion ProhibitSendQuota
---- ---------- -------- ------------------- -----------------
SystemMailbox{1f05a927-47dc-4efe-b7bf-aa11d93f5395} ex01-2016 DB01 Version 15.1 (Build 1979.3) Unlimited
SystemMailbox{bb558c35-97f1-4cb9-8ff7-d53741dc928c} ex01-2016 DB01 Version 15.1 (Build 1979.3) Unlimited
SystemMailbox{e0dc1c29-89c3-4034-b678-e6c29d823ed9} ex01-2016 DB01 Version 15.1 (Build 1979.3) Unlimited
Migration.8f3e7716-2011-43e4-96b1-aba62d229136 ex01-2016 DB01 Version 15.1 (Build 1979.3) 300 MB (314,572,800 bytes)
FederatedEmail.4c1f4d8b-8179-4148-93bf-00a95fa1e042 ex01-2016 DB01 Version 15.1 (Build 1979.3) 1 MB (1,048,576 bytes)
SystemMailbox{D0E409A0-AF9B-4720-92FE-AAC869B0D201} ex01-2016 DB01 Version 15.1 (Build 1979.3) Unlimited
SystemMailbox{2CE34405-31BE-455D-89D7-A7C7DA7A0DAA} ex01-2016 DB01 Version 15.1 (Build 1979.3) Unlimited
In ADUC you will see the federation mailbox, migration mailbox and six system mailboxes. That’s a total of eight mailboxes. Why do we see eight mailboxes in total in ADUC and seven with PowerShell? The answer is that one of the system mailboxes is an audit mailbox.
The audit mailbox is the SystemMailbox{8cc370d3-822a-4ab8-a926-bb94bd0641a9}. You have to run the Get-Mailbox cmdlet with the -AuditLog switch to retrieve the mailbox.
Set-ADServerSettings -ViewEntireForest $true; Get-Mailbox -AuditLog | Format-Table Name, ServerName, Database, AdminDisplayVersion, ProhibitSendQuota
The output in our example.
Name ServerName Database AdminDisplayVersion ProhibitSendQuota
---- ---------- -------- ------------------- -----------------
SystemMailbox{8cc370d3-822a-4ab8-a926-bb94bd0641a9} ex01-2016 DB01 Version 15.1 (Build 1979.3) 50 GB (53,687,091,200 bytes)
Remove arbitration mailboxes
Go to ADUC. Right-click the mailboxes and click remove. We are going to remove the seven arbitration mailboxes. You will get a prompt if you are sure to delete the seven objects. Click Yes.
Run the cmdlet and check if the arbitration mailboxes are removed. There will be no results.
Set-ADServerSettings -ViewEntireForest $true; Get-Mailbox -Arbitration | Format-Table Name, ServerName, Database, AdminDisplayVersion, ProhibitSendQuota
Remove audit mailbox
Let’s remove the audit mailbox too. It’s only one mailbox. A prompt will show up if you are sure to delete the object. Click on Yes
Run the cmdlet to check if the audit mailbox is removed.
Set-ADServerSettings -ViewEntireForest $true; Get-Mailbox -AuditLog | Format-Table Name, ServerName, Database, AdminDisplayVersion, ProhibitSendQuota
In the next step, we will recreate the arbitration mailboxes and the audit mailbox.
Recreate arbitration mailboxes and audit mailbox
Find the Exchange Server ISO file in your files. If you don’t have it, download Exchange Server ISO from the Microsoft website. After it’s finished downloading, mount the ISO.
Note: Always save the Exchange Server ISO files because Microsoft does not keep the ISO files available online if newer versions are released.
Find to which drive letter the ISO is mounted. In our example, it’s the (I:) drive.
Run Command Prompt as administrator and run the command I:\Setup.exe /IAcceptExchangeServerLicenseTerms_DiagnosticDataOFF /PrepareAD. This will recreate the missing arbitration mailboxes and the audit mailbox.
I:\Setup.exe /IAcceptExchangeServerLicenseTerms_DiagnosticDataOFF /PrepareAD
The output shows that the setup is completed.
Microsoft Exchange Server 2016 Cumulative Update 16 Unattended Setup
Copying Files...
File copy complete. Setup will now collect additional information needed for installation.
Performing Microsoft Exchange Server Prerequisite Check
Prerequisite Analysis COMPLETED
Configuring Microsoft Exchange Server
Organization Preparation COMPLETED
The Exchange Server setup operation completed successfully.
Start ADUC and make sure that you click the refresh button in the toolbar. If that doesn’t work, close and start ADUC. Verify that the PrepareAD setup created the arbitration mailboxes and audit mailbox in ADUC. A total of eight mailboxes.
Run both cmdlets to check if the arbitration mailboxes and audit mailbox appear. The results are empty, but why is that? That’s because we have to enable the mailboxes.
Set-ADServerSettings -ViewEntireForest $true; Get-Mailbox -Arbitration | Format-Table Name, ServerName, Database, AdminDisplayVersion, ProhibitSendQuota
Set-ADServerSettings -ViewEntireForest $true; Get-Mailbox -AuditLog | Format-Table Name, ServerName, Database, AdminDisplayVersion, ProhibitSendQuota
In the next step, we are going to enable the arbitration mailboxes. We will also enable the audit mailbox.
Enable arbitration mailboxes
Enable Microsoft Exchange Federation Mailbox
There are two cmdlets that we have to run.
Enable-Mailbox -Identity "FederatedEmail.4c1f4d8b-8179-4148-93bf-00a95fa1e042" -Arbitration
Set-Mailbox -Identity "FederatedEmail.4c1f4d8b-8179-4148-93bf-00a95fa1e042" -Arbitration -ProhibitSendQuota 1MB -Force
Enable Microsoft Exchange Migration mailbox
Run the two cmdlets.
Enable-Mailbox -Identity "Migration.8f3e7716-2011-43e4-96b1-aba62d229136" -Arbitration
Set-Mailbox -Identity "Migration.8f3e7716-2011-43e4-96b1-aba62d229136" -Arbitration -Management $true -ProhibitSendQuota 300MB -Force
Enable Microsoft Exchange Approval Assistant mailbox
Run the cmdlet.
Get-User -ResultSize Unlimited | where {$_.Name -like "SystemMailbox{1f05a927*"} | Enable-Mailbox -Arbitration
Enable Microsoft Exchange organization mailbox for OABs
Run the three cmdlets.
Enable-Mailbox -Identity "SystemMailbox{bb558c35-97f1-4cb9-8ff7-d53741dc928c}" -Arbitration
Set-Mailbox -Identity "SystemMailbox{bb558c35-97f1-4cb9-8ff7-d53741dc928c}" -Arbitration -UMGrammar $true -OABGen $true -GMGen $true -ClientExtensions $true -MessageTracking $true -PstProvider $true -MaxSendSize 1GB -Force
$OABMBX = Get-Mailbox "SystemMailbox{bb558c35-97f1-4cb9-8ff7-d53741dc928c}" -Arbitration; Set-ADUser $OABMBX.SamAccountName -Add @{"msExchCapabilityIdentifiers"="40","42","43","44","47","51","52","46"}
A warning appears that you must invoke the cmdlet Update-OfflineAddressBook manually. Get the Offline Address Book and run an update.
Get-OfflineAddressBook | Update-OfflineAddressBook
Enable Microsoft Exchange Discovery system mailbox
Run two cmdlets to enable.
Enable-Mailbox -Identity "SystemMailbox{e0dc1c29-89c3-4034-b678-e6c29d823ed9}" -Arbitration
Set-Mailbox -Identity "SystemMailbox{e0dc1c29-89c3-4034-b678-e6c29d823ed9}" -Arbitration -UMDataStorage $true -Force
Enable arbitration mailbox Exchange 2016 CU8 and later (1)
Microsoft did not put any information regarding this arbitration mailbox at the time of writing. One cmdlet to enable.
Enable-Mailbox -Identity "SystemMailbox{D0E409A0-AF9B-4720-92FE-AAC869B0D201}" -Arbitration
Enable arbitration mailbox Exchange 2016 CU8 and later (2)
At the moment, Microsoft did not yet put any information regarding this arbitration mailbox. Run the seven cmdlets.
Enable-Mailbox -Identity "SystemMailbox{2CE34405-31BE-455D-89D7-A7C7DA7A0DAA}" -Arbitration
$ShardMBX = Get-Mailbox -Identity "SystemMailbox{2CE34405-31BE-455D-89D7-A7C7DA7A0DAA}" -Arbitration
Set-ADUser $ShardMBX.SamAccountName -Add @{"msExchCapabilityIdentifiers"="66"}
Set-ADUser $ShardMBX.SamAccountName -Add @{"msExchMessageHygieneSCLDeleteThreshold"="9"}
Set-ADUser $ShardMBX.SamAccountName -Add @{"msExchMessageHygieneSCLJunkThreshold"="4"}
Set-ADUser $ShardMBX.SamAccountName -Add @{"msExchMessageHygieneSCLQuarantineThreshold"="9"}
Set-ADUser $ShardMBX.SamAccountName -Add @{"msExchMessageHygieneSCLRejectThreshold"="7"}
Enable audit mailbox
As of last, enable the audit mailbox.
Enable-Mailbox -Identity "SystemMailbox{8cc370d3-822a-4ab8-a926-bb94bd0641a9}" -AuditLog
Verify arbitration mailboxes
Always verify that the arbitration mailboxes are created successfully.
Set-ADServerSettings -ViewEntireForest $true; Get-Mailbox -Arbitration | Format-Table Name, ServerName, Database, AdminDisplayVersion, ProhibitSendQuota
The mailboxes are placed in random mailbox databases. In our example, it’s placed in mailbox databases DB01 and DB02. You can always move the arbitration mailboxes to another database.
The arbitration mailboxes are showing up and looking great.
Name ServerName Database AdminDisplayVersion ProhibitSendQuota
---- ---------- -------- ------------------- -----------------
SystemMailbox{1f05a927-92b3-4677-b58e-289476b74140} ex01-2016 DB01 Version 15.1 (Build 1979.3) Unlimited
SystemMailbox{bb558c35-97f1-4cb9-8ff7-d53741dc928c} ex01-2016 DB02 Version 15.1 (Build 1979.3) Unlimited
SystemMailbox{e0dc1c29-89c3-4034-b678-e6c29d823ed9} ex01-2016 DB01 Version 15.1 (Build 1979.3) Unlimited
Migration.8f3e7716-2011-43e4-96b1-aba62d229136 ex01-2016 DB02 Version 15.1 (Build 1979.3) 300 MB (314,572,800 bytes)
FederatedEmail.4c1f4d8b-8179-4148-93bf-00a95fa1e042 ex01-2016 DB02 Version 15.1 (Build 1979.3) 1 MB (1,048,576 bytes)
SystemMailbox{D0E409A0-AF9B-4720-92FE-AAC869B0D201} ex01-2016 DB02 Version 15.1 (Build 1979.3) Unlimited
SystemMailbox{2CE34405-31BE-455D-89D7-A7C7DA7A0DAA} ex01-2016 DB01 Version 15.1 (Build 1979.3) Unlimited
Verify audit mailbox
Verify that the audit mailbox is created succesfully.
Set-ADServerSettings -ViewEntireForest $true; Get-Mailbox -AuditLog | Format-Table Name, ServerName, Database, AdminDisplayVersion, ProhibitSendQuota
The Audit mailbox shows up. Everything is looking fantastic.
Name ServerName Database AdminDisplayVersion ProhibitSendQuota
---- ---------- -------- ------------------- -----------------
SystemMailbox{8cc370d3-822a-4ab8-a926-bb94bd0641a9} ex01-2016 DB01 Version 15.1 (Build 1979.3) 50 GB (53,687,091,200 bytes)
Keep reading: Cannot delete mailbox database in Exchange Server »
Conclusion
You learned how to recreate arbitration mailboxes in Exchange Server. Not only that, but you also learned that there is another system mailbox showing in Active Directory. It makes it confusing if you see a system mailbox in AD, but you can’t find it when running the Get-Mailbox -Arbitration switch. That’s because you have to run Get-Mailbox -AuditLog switch. After you recreate the mailboxes, don’t forget to enable them.
Did you enjoy this article? You may also like Enable search indexing in Exchange Server. Don’t forget to follow us and share this article.
I’m getting Event ID 2937 saying many different distribution lists are pointing to Arbitration mailbox that is in the Delete Objects container in AD. After seeing this, I deleted the Arbitration mailboxes again, then deleted the objects in Deleted Objects container and then re-created the arbitration mailboxes.
The errors persist and when I randomly look at distribution lists, it seems all are pointing to deleted items. Any idea how to fix this?
Hi Ali, just want to say thank you for all your help, greetings from Uruguay!
Excellent article. Got me out a hole! Thank you
Hi Ali , Can you help me or guide on my issue I have user “AdminDisplayVersion” is missing on his mailbox
Get-Mailbox username@domain.com | fl *version*
AdminDisplayVersion :
CalendarVersionStoreDisabled : False
ExchangeVersion : 0.20 (15.0.0.0)
with this issue not able to block legacy authentication policy for this account
Hi Ali,
I am in the process of recreating the arbitration mailbox for Exchange 2013. When I executed the command .\Setup /preparead /IAcceptExchangeServerLicenseTerms It throwed me the below error.
E:\>.\Setup /preparead /IAcceptExchangeServerLicenseTerms
Welcome to Microsoft Exchange Server 2013 Service Pack 1 Unattended Setup
Copying Files…
File copy complete. Setup will now collect additional information needed for installation.
The Exchange Server setup operation didn’t complete. More details can be found in ExchangeSetup.log located in the
:\ExchangeSetupLogs folder.
In ExchangeSetup.log file below is the error I got.
[08/15/2022 13:39:37.0521] [0] Command Line Parameter Name=’preparead’, Value=”.
[08/15/2022 13:39:37.0521] [0] Command Line Parameter Name=’iacceptexchangeserverlicenseterms’, Value=”.
[08/15/2022 13:39:37.0521] [0] Command Line Parameter Name=’sourcedir’, Value=’E:\’.
[08/15/2022 13:39:37.0568] [0] RuntimeAssembly was started with the following command: ‘/preparead /IAcceptExchangeServerLicenseTerms /sourcedir:E:”‘.
[08/15/2022 13:39:37.0568] [0] The registry key, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Exchange\v8.0, wasn’t found.
[08/15/2022 13:39:37.0568] [0] The registry key, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ExchangeServer\v14, wasn’t found.
[08/15/2022 13:39:37.0568] [0] Copying Files…
[08/15/2022 13:39:37.0568] [0] Starting copy from E:\Setup\ServerRoles\Common to C:\Windows\Temp\ExchangeSetup.
[08/15/2022 13:40:24.0503] [0] Finished copy from E:\Setup\ServerRoles\Common to C:\Windows\Temp\ExchangeSetup.
[08/15/2022 13:40:24.0519] [0] File copy complete. Setup will now collect additional information needed for installation.
[08/15/2022 13:40:24.0519] [0] Assembly dll file location is C:\Windows\Temp\ExchangeSetup\Microsoft.Exchange.Setup.Console.dll
[08/15/2022 13:40:25.0831] [0] Setup is choosing the domain controller to use
[08/15/2022 13:40:25.0987] [0] The MSExchangeADTopology has a persisted domain controller:
[08/15/2022 13:40:26.0097] [0] [ERROR] Exception has been thrown by the target of an invocation.
[08/15/2022 13:40:26.0144] [0] [ERROR] Method not found: ‘Boolean Microsoft.Exchange.Data.Mime.MimeAddressParser.IsValidDomain(System.String, Int32, Boolean)’.
[08/15/2022 13:40:26.0144] [0] CurrentResult SetupLauncherHelper.loadassembly:444: 1
[08/15/2022 13:40:26.0144] [0] The Exchange Server setup operation didn’t complete. More details can be found in ExchangeSetup.log located in the :\ExchangeSetupLogs folder.
[08/15/2022 13:40:26.0144] [0] CurrentResult main.run:235: 1
[08/15/2022 13:40:26.0144] [0] CurrentResult setupbase.maincore:396: 1
[08/15/2022 13:40:26.0144] [0] End of Setup
Can you help me in identifying the issue?
Great article! Very helpful. Thank you!!
On Exchange Server 2019 CU12 the install command is “.\Setup /preparead /IAcceptExchangeServerLicenseTerms_DiagnosticDataON”.
That’s correct. I updated the article with the latest command.
The /IAcceptExchangeServerLicenseTerms switch changed since Exchange Server 2016 CU22 and Exchange Server 2019 CU11.
More information about the IIS URL Rewrite module and the /IAcceptExchangeServerLicenseTerms switch changes is written in the articles:
– Cumulative Update 22 for Exchange Server 2016
– Cumulative Update 11 for Exchange Server 2019
I was handed a new client with an on-premise 2019 exchange server. everything is messed up about it. very amateur install. this write up cleaned up so many issues! thanks you.
I removed the arbitration mailboxes, but running setup with the /preparead option fails at the mailbox role. Any ideas?
It’s difficult to tell without seeing the output or logs.
To recreate exchange 2010 arbitration mailboxes with Exch 2016 coexist, can I use Exchange 2016 installer to run /PrepareAD to recreate those 2010 arbitration mailboxes? Thanks
Yes, recreate the mailboxes from the Exchange Server 2016 installer.
They are not explicit Exchange Server 2010 arbitration mailboxes because they are identical to other Exchange Server versions. But, Microsoft added new arbitration mailboxes within every Exchange Server.
After you recreate the arbitration mailboxes, move them to the Exchange Server 2016 mailbox database. Also, administer Exchange Server from the highest Exchange Server version; so in your case, from Exchange Server 2016.
Thank you Ali.
Great article! Very helpful. Thank you.
Merci ce tuto m’a beaucoup aidé