You probably know the Managed Availability feature of Exchange 2013, which sends periodic health probe emails to check server health. You probably never wondered, though, why these emails are omitted from the ORF logs. And you are right of course, it just works, so why bother? That is, until it doesn’t and health probes start showing up in the logs to add a headache-inducing noise every couple of minutes.
To save you from the pain, ORF detects the list of reserved Heath Mailboxes during installation and automatically ignores any email sent to a health mailbox address. This prevents these emails from getting into the logs and your sanity is preserved.
Unfortunately, this only lasts until you upgrade to the 9th Cumulative Update of Exchange 2013 (CU9), which breaks this feature and then you get this:
This is due to a new Transport Agent introduced by CU9 called the System Probe Drop Smtp Agent — undocumented, but apparently responsible for dropping probe emails — which does not “drop the email” in a traditional sense, but removes all email recipients instead. Alas, this method of stopping an email from getting delivered has an adverse effect, namely the email still gets passed down the pipeline, but now with the recipient information destroyed. As ORF’s health probe detection is based on the recipient address, it also renders this feature useless.
When can I expect a fix for this?
We are still evaluating the best way to deal with this. We plan to address the issue in the next regular release. As this potentially affects other third-party Transport Agent vendors as well, we are also reaching out to Microsoft to discuss this matter.
Update July 31, 2015: The upcoming beta version of ORF 5.4 will arrive with a fix for this problem.
Is there a workaround?
You can set up a filtered view in the ORF Log Viewer for the Sender field (e.g. a regex for (HealthMailbox.*@yourdomain|inboundproxy@contoso\.com)$ with rule inversion).
Can’t I just change the agent priorities?
Unfortunately, no. The System Probe Drop Smtp Agent hooks the OnEndOfHeaders event, which always occurs before the OnEndOfData event hooked by ORF.
I don’t have CU9 and still get health probes in the log
You probably added a new Mailbox server after ORF was installed and you need to update the list of Health Mailboxes. Read more on this in our Knowledge Base article.