In Exchange 2013, native, built-in monitoring and recovery actions are included in a feature called Managed Availability, which is made up of two processes: the Microsoft Exchange Health Manager Service (MSExchangeHMHost.exe) and the Microsoft Exchange Health Manager Worker process (MSExchangeHMWorker.exe), and the following components:
- The Probe Engine takes measurements on the server.
- The Monitoring Probe Engine stores the business logic about what constitutes a healthy state. It functions like a pattern recognition engine, looking for patterns and measurements that differ from a healthy state, and then evaluating whether a component or feature is unhealthy;
- The Responder Engine, when alerted about an unhealthy component, first tries to recover that component. The first attempt may be to restart the application pool, the second attempt may be to restart the corresponding service and the third attempt may be to restart the server. The final attempt may be to put the server offline, so that it no longer accepts traffic.
Exchange 2013 automatically creates several HealthMailbox<guid> objects in Active Directory which are used by Managed Availability to send e-mails through Exchange to verify mail flow every few minutes. These e-mails are used to do health checks for resources from Frontend Transport role to Hub Transport and health checks on mailbox database resources. The same Microsoft Exchange Health Manager Service is responsible for both these health checks.
Two health mailboxes are created for each mailbox database: one for mailboxes and one for Public Folders (if these are deployed). You can view these hidden mailboxes using Active Directory Users and Computers (you need to enable Advanced Features and then navigate to Microsoft Exchange System Objects and then Monitoring Mailboxes) or the Exchange Management Shell by running the following cmdlet:
This is why in an Exchange 2013 environment you will see lots of traffic from the e-mail addresses [email protected], [email protected] and HealthMailbox(…)@domain.com with the subjects of “MBTSubmission/StoreDriverSubmission/(…)-MapiSubmitLAMProve”, “Inbound proxy probe” or “Client submission probe”.
This is by design!