I noticed this issue when I reconnected a disabled mailbox to different user account. Also after Clean-MailboxDatabase (Connecting the Disconnected in Exchange 2010) had the mailbox disabled MailboxState (the status can be checked via Get-MailboxStatistics).
Exchange server could not deliver/route messages to the mailbox and also indicated problem in application log.
- An ambiguous mailbox GUID b6a7be4d-c4dd-4797-a1f3-9b75b11ea26b was found on 0x2 mailboxes in the Active Directory. The store cannot map this Mailbox GUID to a unique user.
- Process Microsoft.Exchange.InfoWorker.Common.Delayed`1[System.String]: MailTips query failed for mailbox.
- Microsoft OutlookDelivery has failed to these recipients or groups: “user” There’s a problem with the recipient’s mailbox. Please try resending the message. If the problem continues, please contact your helpdesk.
- #554 5.2.0 STOREDRV.Deliver.Exception:StoragePermanentException.MapiExceptionAmbiguousAlias; Failed to process message due to a permanent exception with message Cannot open mailbox
- #554-5.2.1 mailbox disabled 554 5.2.1 STOREDRV.Deliver.Exception:AccountDisabledException.MapiExceptionMailboxDisabled; Failed to process message due to a permanent exception with message Cannot open mailbox
- Cannot get the security descriptor of mailbox ‘b3a7be4d-c4ad-4797-a1f3-9b83b11ea26b’ in Exchange mailbox database ‘158d5a5c-c376-43c5-b137-1f0caab770f1’.
- MapiExceptionAmbiguousAlias: Unable to get mailbox SecurityDescriptor. (hr=0x80004005, ec=2202)
I could not able to reconnect the mailbox to any other accounts, because the mailbox was always in the same “corrupted” state.I did and checked many things some of them are here:
- Use the Update-Recipient cmdlet to add Microsoft Exchange attributes to recipient objects created by the global address list (GAL) synchronization management agent in
Microsoft Forefront Identity Manager (FIM) 2010. The recipient objects you modify using this cmdlet must reside on a server running Microsoft Exchange Server 2010 or later.
- The ApplyMandatoryProperties parameter specifies whether to modify the mandatory properties of a mailbox. Creating a mailbox through the Microsoft Exchange extensions to the
Active Directory Users and Computers console isn’t supported. If a mailbox is created with this tool, it’s identified as a legacy mailbox, even though it resides on a server running Microsoft Exchange. This parameter modifies the mandatory properties of a mailbox in this state
to correct the problem and remove the legacyMailbox tag from the mailbox.
- You cannot access a mailbox for several hours after you disconnect and then
reconnect the mailbox in an Exchange Server 2010 SP2 environment. To resolve this issue, install the following update rollup: 2685289 Description of Update Rollup 3 for Exchange
Server 2010 Service Pack 2
- XADM: How to Map an msExchMailboxGuid Attribute to a User in Active Directory
- Users and Computers (FindUtility)
- Find GUID
Unfortunately I did not find the root cause, but it seemed to be AD related issue caused by renaming of user’s attributes by windows team recently.
Disconnected mailbox has been connected to the original account and its data has been exported to the different mailbox. The mailbox has been disconnected again and removed from mailbox store.