Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

Health mailbox's password is exposed in logs for a failed probe in Exchange Server 2016 and 2013


View products that this article applies to.

Symptoms

Assume that you use probes for monitoring Microsoft Exchange Server 2016 and Exchange Server 2013. When there's a failed probe, the details of the health mailbox service's account and its password are logged, and you may notice that the password is shown in plain text. Here is an example of the details for a failed ActiveSync probe:

Invoke-MonitoringProbe -Identity: "ActiveSync.Protocol\ActiveSyncDeepTestProbe" –Server: ServerName | fl
RunspaceId: RunspaceId
Server: ServerName
MonitorIdentity: ActiveSync.Protocol\ActiveSyncDeepTestProbe 
RequestId: RequestId
Error: Error occurred:
          User: UserName
          Password: Password
          Target: RequestURL
          Response: <Settings xmlns="Settings:"><Status>StatusValue</Status></Settings>

↑ Back to the top


Cause

This issue occurs because the password isn't correctly handled in the probe message.

↑ Back to the top


Resolution

To fix this issue, install one of the following updates:

↑ Back to the top


Status

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

↑ Back to the top


References

Learn about the terminology that Microsoft uses to describe software updates.

↑ Back to the top


Keywords: kbcontentauto, kb, kbsurveynew, kbexpertiseadvanced, Health mailbox's password is exposed, use probes for monitoring Microsoft Exchange Server 2016 and Exchange Server 2013, a failed probe, CI73146

↑ Back to the top

Article Info
Article ID : 4057216
Revision : 19
Created on : 3/7/2018
Published on : 3/20/2018
Exists online : False
Views : 395