Failed to remove monitoring mailbox object of database "DBname". Exception: Active directory operation failed on Servername. This error is not retriable. Additional information: Access is denied. Active directory response: 000000005: SecErr: DSID-031520B2, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0.The database was removed, but there seemed to be some sort of Active Directory error when deleting the monitoring mailboxes associated with the database.
Next I tried to view the monitoring mailboxes by using:
Get-Mailbox -MonitoringThis showed me mailboxes with the following error:
WARNING: The object domainname/Microsoft Exchange System Objects/Monitoring Mailboxes/HealthMailboxbiglongGUID has been corrupted, and it's in an inconsistent state. The following validation errors happened: WARNING: Database is mandatory or UserMailbox.After doing some searching, this problem is a result of Exchange 2013 not having sufficient permissions to the domainname/Microsoft Exchange System Objects/Monitoring Mailboxes OU. The database attribute is blank because the database it referenced no longer exists.
The simple fix is to manually delete the objects referenced by the errors from that OU by using Active Directory Users and Computers. After removing the object, the error is gone. You cannot use the Remove-Mailbox cmdlet to remove the accounts because Exchange does not have the necessary permissions.
It may be possible to resolve this error by giving Exchange Trusted Subsystem additional permissions to this OU, but I'll leave that for the Exchange team in the next cumulative update.
Note: Exchange 2013 RTM created the user accounts for these mailboxes in the Users folder. Exchange 2013 CU1 creates them in this new location. This may account for the changed behaviour causing the errors.
Deleting the health mailboxes is low risk because they should be recreated by the Microsoft Exchange Health Manager service on the Exchange 2013 server when that service is restarted.
Update: If the health monitoring mailboxes are not being recreated after you delete them, verify that the domainname/Microsoft Exchange System Objects/Monitoring Mailboxes OU exists. One commenter below was having issues and running ADPrep again created the container which allowed the health mailboxes to be recreated.