Article ID: 968310 - View products that this article applies to.
In Microsoft Exchange Server 2007, log entries are generated when you enable the Exchange log to audit user logons that do not use the primary account for their mailbox. For example, the events that are generated in this scenario resemble the following:
Many log entries are generated in this scenario because all varieties of logons are audited. There is currently no way to audit logons only from actual users and not from system access events.
Event ID 1016 Event Source MSExchangeIS Mailbox Store Event Type Success Audit Event Category Logons Description Windows 2000 User <domain\user> logged on to <mailbox address> mailbox, and is not the primary Windows 2000 account on this mailbox.
Note You can run the set-eventloglevel command in Exchange Management Shell to enable logging against user logons. This command resembles the following:
To resolve this problem, install Update Rollup 8 for Exchange 2007 Service Pack 1. For more information about Update Rollup 8 for Exchange Server 2007 Service Pack 1, see the following Exchange Help topic:
Description of Update Rollup 8 for Exchange Server 2007 Service Pack 1For more information about how to obtain the latest Exchange service pack or update rollup, see the following Exchange Help topic:
How to Obtain the Latest Service Pack or Update Rollup for Exchange 2007
After you install this hotfix rollup, Exchange 2007 server will audit only successful instances of access to a user's folder in a mailbox. The auditing event details will resemble the following:
Event ID 10100 Event Source MSExchangeIS Auditing Description The folder <folder name> in Mailbox '<mailbox name>' was opened by user <domain\user> Display Name: <folder name> Accessing User: <legacyExchangeDN of the mailbox user> Mailbox: <legacyExchangeDN of the mailbox user> Administrative Rights: xx Client Information (if Available): Machine Name: <machine> Process Name: xx Process Id: xx Application Id: xx
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
Article ID: 968310 - Last Review: May 19, 2009 - Revision: 1.1