Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

Many log entries are generated in Exchange Server 2007 if you turn on the Exchange log to audit the logons that do not use the primary account for shared resource mailboxes


View products that this article applies to.

Symptoms

In Microsoft Exchange Server 2007, you can turn on the Exchange log to audit the logons that use an account that is not the primary account for mailboxes. However, this feature logs all types of logons. Therefore, many log entries are generated if you turn on this feature. There is currently no efficient way for users to audit the logons to the shared resource mailboxes.

Note An example of this event is as follows:

Event ID 1016
Event Source MSExchangeIS Mailbox Store
Event Type Success Audit
Event Category Logons
Description Windows 2000 User <domain\user> logged on to <mailbox address> mailbox, and is not the primary Windows 2000 account on this mailbox.

↑ Back to the top


Resolution

To resolve this problem, install Update Rollup 8 for Exchange 2007 Service Pack 1.

For more information about Update Rollup 8 for Exchange 2007 Service Pack 1, click the following article number to view the article in the Microsoft Knowledge Base:
968012� Description of Update Rollup 8 for Exchange Server 2007 Service Pack 1

↑ Back to the top


More information

You can run the set-eventloglevel command in Exchange Management Shell to turn on the logging against the logon that resembles the following command:
set-eventloglevel -identity "MSExchange IS\9000 Private\Logons" -level low/medium/high/expert
After you install this hotfix, Exchange 2007 server may audit successful access to a user folder in a mailbox. The details of the auditing event are as follows:

Event ID 10100
Event Source MSExchangeIS Auditing
Description The folder <folder name> in Mailbox '<mailbox name>' was opened by user <domain\user>
Display Name: <folder name>
Accessing User: <legacyExchangeDN of the mailbox user>
Mailbox: <legacyExchangeDN of the mailbox user>
Administrative Rights: xx
Client Information (if Available):
Machine Name: <machine>
Process Name: xx
Process Id: xx
Application Id: xx

↑ Back to the top


Status

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

↑ Back to the top


Keywords: KB967038, kbqfe, kbexpertiseadvanced, kbhotfixrollup

↑ Back to the top

Article Info
Article ID : 967038
Revision : 1
Created on : 5/19/2009
Published on : 5/19/2009
Exists online : False
Views : 320