hotfixHere’s a heads up on a new SCOM 2007 KB article we published this morning:


When using the Exchange 2010 Management Pack in System Center Operations Manager 2007, you may receive a security audit failure event in the Security event log every 5 minutes. An example of the event is below:

Log Name: Security
Source: Microsoft-Windows-Security-Auditing
Event ID: 4625

Task Category: Logon
Level: Information
Keywords: Audit Failure
User: N/A
Computer: XXX

An account failed to log on.

Security ID: NULL SID
Account Name: -
Account Domain: -
Logon ID: 0x0

Logon Type: 3

Account For Which Logon Failed:
Security ID: NULL SID
Account Name: Aextest_39076b2bb6ec4
Account Domain: XXXXXX

Failure Information:
Failure Reason: Unknown user name or bad password.
Status: 0xc000006d
Sub Status: 0xc0000064

Process Information:
Caller Process ID: 0x0
Caller Process Name: -

Network Information:
Workstation Name: XXXXXX
Source Network Address: XXXXXX
Source Port: 30956

Detailed Authentication Information:
Logon Process: NtLmSsp
Authentication Package: NTLM
Transited Services: -
Package Name (NTLM only): -
Key Length: 0

Note that the account name will have the format Aextest_<GUID>.


The actual Exchange mailbox account used is extest_<GUID>. This extra “A” is passed on due to an issue with the Exchange Correlation Engine when Outlook Anywhere is OFF (disabled). This is the default on a new installation of Exchange 2010.


Two possible workarounds are below:

1. Enable Outlook Anywhere (see


2. Disable every rule that is using the Test-OutlookConnectivity Exchange 2010 Powershell CMDLet. A list of these rules can be found here:

More Information

This article applies to System Center Operations Manager 2007 RTM, SP1 and R2.


For the most current version of this article please see the following:

2591305 : Event ID 4625 is logged every 5 minutes when using the Exchange 2010 Management Pack in System Center Operations Manager 2007

J.C. Hornbeck | System Center Knowledge Engineer

App-V Team blog:
AVIcode Team blog:
ConfigMgr Support Team blog:
DPM Team blog:
MED-V Team blog:
OOB Support Team blog:
Opalis Team blog:
Orchestrator Support Team blog:
OpsMgr Support Team blog:
SCMDM Support Team blog:
SCVMM Team blog:
Server App-V Team blog:
Service Manager Team blog:
System Center Essentials Team blog:
WSUS Support Team blog:

clip_image001 clip_image002