When you use the New-TestCasConnectivityUser.PS1 script to create test mailboxes for OWA, ActiveSync, and Exchange Web Services connectivity monitoring, the CAS user account that is created by running the script is locked out (depending on your Group Policy settings) after multiple invalid logon attempts by the Default Application Pool on the Microsoft Exchange server that hosts the RPC and RPC with Certs virtual directory.
You may also see invalid logon events in the security log that resemble the following:
By default, ASP.NET impersonation is not enabled on the RPC and RPC with Certs virtual directories for Exchange Server. This behavior is by design.
This issue is resolved in Exchange Server 2010 Service Pack 1. For information about how to obtain Service Pack 1 for Exchange Server 2010, go to the following Microsoft Download Center website:
Article ID: 2744091 - Last Review: 21 Dec 2012 - Revision: 1
Microsoft System Center Operations Manager 2007, Microsoft System Center Operations Manager 2007 R2, Microsoft System Center Operations Manager 2007 Service Pack 1, Exchange Server 2010 Enterprise, Microsoft System Center 2012 Operations Manager