Windows Live
Facebook
Twitter
Linkedin
Digg it
Yahoo
Delicious
StumbleUpon
Yammer
Reddit
Technorati
FriendFeed
EmailArticle ID: 2251714 - Last Review: September 9, 2010 - Revision: 1.0 The connecting information is not logged when a user accesses a mailbox that is hosted on an Exchange Server 2007 server by using POP3 or by using IMAP4
SYMPTOMSA user accesses a mailbox that is hosted on a Microsoft Exchange Server 2007 server successfully by using POP3 or by using IMAP4. However, the connecting information is not logged on the Exchange Server 2007 server, such as the user’s IP address, User ID, and time stamp. Note This does not comply with Directive 2006/24/EC set by the European Union regarding data retention. RESOLUTIONTo resolve this problem, install the following update rollup: 2279665
(http://support.microsoft.com/kb/2279665/
)
Description of Update Rollup 1 for Exchange Server 2007 Service Pack 3
After you apply this update, a new attribute named ProtocolLogonAudit is created for the Exchange organization object. You can use the Set-OrganizationConfig cmdlet to set the value for the ProtocolLogonAudit attribute to True or False. The default setting is False. Therefore, the successful connecting information not to be logged. Additionally, there is a setting for each Exchange Server 2007 server to override the Exchange organization setting. You can set the value for the ProtocolLogonAudit attribute in the Microsoft.Exchange.Imap4.exe.config file and in the Microsoft.Exchange.Pop3.exe.config file for each Exchange Server 2007 server in the Exchange organization. To log all the connecting information, add the following information in the <appSettings> section in the Microsoft.Exchange.Imap4.exe.config file and in the Microsoft.Exchange.Pop3.exe.config file: <appSettings> ...... <add key="ProtocolLogonAudit" value="1" /> </appSettings> Note If you set the value to "0" or you do not configure this setting, the Exchange Server 2007 server uses the Exchange organization setting. If you set the value to "2", the auditing is disabled. Then the successful connecting information is not logged. After you enable the ProtocolLogonAudit attribute, you have to restart the Microsoft Exchange IMAP4 service and the Microsoft Exchange POP3 service for the settings to take effect. Then, If a user accesses a mailbox successfully by using POP3 or by using IMAP4, the following event is logged: Event Type: Information Event Source: MSExchangeIMAP4/MSExchangePOP3 Event ID: 2104 Description: User "<user name>" logged into mailbox "<mailbox name>" RemoteUser: <domain>\<user account> Mailbox: <mailbox name> ProtocolServiceName:<IMAP4 or POP3> TimeStamp: <date, time> ClientEndpoinr: <IP address:port> STATUSMicrosoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section. MORE INFORMATIONFor more information about Directive 2006/24/EC set by the European Union, visit the following website: General information about Directive 2006/24/EC set by the European Union
(http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:32006L0024:EN:HTML)
| Other Resources Other Support Sites
CommunityGet Help NowArticle Translations
|
Back to the top
