The connecting information is not logged when a user accesses a mailbox that is hosted on an Exchange Server 2007 server by using POP3 or by using IMAP4

Article translations Article translations
Article ID: 2251714 - View products that this article applies to.
Expand all | Collapse all

SYMPTOMS

A user accesses a mailbox that is hosted on a Microsoft Exchange Server 2007 server successfully by using POP3 or by using IMAP4. However, the connecting information is not logged on the Exchange Server 2007 server, such as the user’s IP address, User ID, and time stamp.

Note This does not comply with Directive 2006/24/EC set by the European Union regarding data retention.

RESOLUTION

To resolve this problem, install the following update rollup:
2279665 Description of Update Rollup 1 for Exchange Server 2007 Service Pack 3

After you apply this update, a new attribute named ProtocolLogonAudit is created for the Exchange organization object. You can use the Set-OrganizationConfig cmdlet to set the value for the ProtocolLogonAudit attribute to True or False. The default setting is False. Therefore, the successful connecting information not to be logged.

Additionally, there is a setting for each Exchange Server 2007 server to override the Exchange organization setting. You can set the value for the ProtocolLogonAudit attribute in the Microsoft.Exchange.Imap4.exe.config file and in the Microsoft.Exchange.Pop3.exe.config file for each Exchange Server 2007 server in the Exchange organization. To log all the connecting information, add the following information in the <appSettings> section in the Microsoft.Exchange.Imap4.exe.config file and in the Microsoft.Exchange.Pop3.exe.config file:
<appSettings>
......
<add key="ProtocolLogonAudit" value="1" />
</appSettings>
Note If you set the value to "0" or you do not configure this setting, the Exchange Server 2007 server uses the Exchange organization setting. If you set the value to "2", the auditing is disabled. Then the successful connecting information is not logged.

After you enable the ProtocolLogonAudit attribute, you have to restart the Microsoft Exchange IMAP4 service and the Microsoft Exchange POP3 service for the settings to take effect. Then, If a user accesses a mailbox successfully by using POP3 or by using IMAP4, the following event is logged:
Event Type: Information
Event Source: MSExchangeIMAP4/MSExchangePOP3
Event ID: 2104
Description:
User "<user name>" logged into mailbox "<mailbox name>"
RemoteUser: <domain>\<user account>
Mailbox: <mailbox name>
ProtocolServiceName:<IMAP4 or POP3>
TimeStamp: <date, time>
ClientEndpoinr: <IP address:port>

STATUS

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

MORE INFORMATION

For more information about Directive 2006/24/EC set by the European Union, visit the following website:
General information about Directive 2006/24/EC set by the European Union

Properties

Article ID: 2251714 - Last Review: September 9, 2010 - Revision: 1.0
APPLIES TO
  • Microsoft Exchange Server 2007 Service Pack 3
  • Microsoft Exchange Server 2007 Enterprise Edition
  • Microsoft Exchange Server 2007 Standard Edition
Keywords: 
kbqfe kbfix kbsurveynew kbhotfixrollup kbexpertiseinter KB2251714

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com