Sign in with Microsoft
Sign in or create an account.
Hello,
Select a different account.
You have multiple accounts
Choose the account you want to sign in with.

A user accesses a mailbox that is hosted on a Microsoft Exchange Server 2007 server successfully by using POP3 or by using IMAP4. However, the connecting information is not logged on the Exchange Server 2007 server, such as the user’s IP address, User ID, and time stamp.

Note This does not comply with Directive 2006/24/EC set by the European Union regarding data retention.

Symptoms

To resolve this problem, install the following update rollup:

2279665 Description of Update Rollup 1 for Exchange Server 2007 Service Pack 3


After you apply this update, a new attribute named ProtocolLogonAudit is created for the Exchange organization object. You can use the Set-OrganizationConfig cmdlet to set the value for the ProtocolLogonAudit attribute to True or False. The default setting is False. Therefore, the successful connecting information not to be logged.

Additionally, there is a setting for each Exchange Server 2007 server to override the Exchange organization setting. You can set the value for the ProtocolLogonAudit attribute in the Microsoft.Exchange.Imap4.exe.config file and in the Microsoft.Exchange.Pop3.exe.config file for each Exchange Server 2007 server in the Exchange organization. To log all the connecting information, add the following information in the <appSettings> section in the Microsoft.Exchange.Imap4.exe.config file and in the Microsoft.Exchange.Pop3.exe.config file:
<appSettings>
......
<add key="ProtocolLogonAudit" value="1" />
</appSettings>
Note If you set the value to "0" or you do not configure this setting, the Exchange Server 2007 server uses the Exchange organization setting. If you set the value to "2", the auditing is disabled. Then the successful connecting information is not logged.

After you enable the ProtocolLogonAudit attribute, you have to restart the Microsoft Exchange IMAP4 service and the Microsoft Exchange POP3 service for the settings to take effect. Then, If a user accesses a mailbox successfully by using POP3 or by using IMAP4, the following event is logged:
Event Type: Information

Event Source: MSExchangeIMAP4/MSExchangePOP3

Event ID: 2104

Description:

User "<user name>" logged into mailbox "<mailbox name>"
RemoteUser: <domain>\<user account>
Mailbox: <mailbox name>
ProtocolServiceName:<IMAP4 or POP3>
TimeStamp: <date, time>
ClientEndpoinr: <IP address:port>

Resolution

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

Status

For more information about Directive 2006/24/EC set by the European Union, visit the following website:

General information about Directive 2006/24/EC set by the European Union

More Information

Facebook LinkedIn Email

Need more help?

Want more options?

Discover Community

Explore subscription benefits, browse training courses, learn how to secure your device, and more.

Microsoft 365 subscription benefits

Microsoft 365 training

Microsoft security

Accessibility center

Communities help you ask and answer questions, give feedback, and hear from experts with rich knowledge.

Ask the Microsoft Community

Microsoft Tech Community

Windows Insiders

Microsoft 365 Insiders

Was this information helpful?

What affected your experience?
By pressing submit, your feedback will be used to improve Microsoft products and services. Your IT admin will be able to collect this data. Privacy Statement.

Thank you for your feedback!

×