The lsass.exe process leaks an amount of handles in Exchange Server 2013

Applies to: Exchange Server 2013 EnterpriseExchange Server 2013 Standard Edition


In a Microsoft Exchange 2013 environment that has cumulative update 9 or cumulative update 10 applied, lots of handles are leaked by the MailboxDeliveryAvailability probe in the Lsass.exe process.


This issue occurs because the obsolete MailboxDeliveryAvailability health management probe, monitor, and responder that are defined on Microsoft Exchange Health Manager service startup are still enabled by default. Therefore, the auto-replaced MailboxDeliveryAvailabilityAggregation probe, monitor, and responder are not fully implemented.


To fix this issue, install Cumulative Update 11 or any available later version cumulative update for Exchange Server 2013.


To work around this issue, use one of the following methods:

  • Run the following global monitoring override to disable the MailboxTransport\MailboxDeliveryAvailability health monitor probe:
    Add-GlobalMonitoringOverride -Identity "MailboxTransport\MailboxDeliveryAvailability" -ItemType Probe -PropertyName Enabled -PropertyValue 0 –ApplyVersion "" 
  • Restart the Exchange Health Manager service (MSExchangeHMWorker.exe) to release the handles in the Lsass.exe process.


Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.