hotfixHere’s a heads up on a new SCOM 2007 KB article we published this morning:

Symptoms

When using the Exchange 2010 Management Pack in System Center Operations Manager 2007, you may receive a security audit failure event in the Security event log every 5 minutes. An example of the event is below:

Log Name: Security
Source: Microsoft-Windows-Security-Auditing
Date:
Event ID: 4625

Task Category: Logon
Level: Information
Keywords: Audit Failure
User: N/A
Computer: XXX

Description:
An account failed to log on.

Subject:
Security ID: NULL SID
Account Name: -
Account Domain: -
Logon ID: 0x0

Logon Type: 3

Account For Which Logon Failed:
Security ID: NULL SID
Account Name: Aextest_39076b2bb6ec4
Account Domain: XXXXXX

Failure Information:
Failure Reason: Unknown user name or bad password.
Status: 0xc000006d
Sub Status: 0xc0000064

Process Information:
Caller Process ID: 0x0
Caller Process Name: -

Network Information:
Workstation Name: XXXXXX
Source Network Address: XXXXXX
Source Port: 30956

Detailed Authentication Information:
Logon Process: NtLmSsp
Authentication Package: NTLM
Transited Services: -
Package Name (NTLM only): -
Key Length: 0

Note that the account name will have the format Aextest_<GUID>.

Cause

The actual Exchange mailbox account used is extest_<GUID>. This extra “A” is passed on due to an issue with the Exchange Correlation Engine when Outlook Anywhere is OFF (disabled). This is the default on a new installation of Exchange 2010.

Resolution

Two possible workarounds are below:

1. Enable Outlook Anywhere (see http://technet.microsoft.com/en-us/library/cc179036.aspx).

or

2. Disable every rule that is using the Test-OutlookConnectivity Exchange 2010 Powershell CMDLet. A list of these rules can be found here: http://technet.microsoft.com/en-us/library/ee758035(EXCHG.140).aspx

More Information

This article applies to System Center Operations Manager 2007 RTM, SP1 and R2.

=====

For the most current version of this article please see the following:

2591305 : Event ID 4625 is logged every 5 minutes when using the Exchange 2010 Management Pack in System Center Operations Manager 2007

J.C. Hornbeck | System Center Knowledge Engineer

App-V Team blog: http://blogs.technet.com/appv/
AVIcode Team blog: http://blogs.technet.com/b/avicode
ConfigMgr Support Team blog: http://blogs.technet.com/configurationmgr/
DPM Team blog: http://blogs.technet.com/dpm/
MED-V Team blog: http://blogs.technet.com/medv/
OOB Support Team blog: http://blogs.technet.com/oob/
Opalis Team blog: http://blogs.technet.com/opalis
Orchestrator Support Team blog: http://blogs.technet.com/b/orchestrator/
OpsMgr Support Team blog: http://blogs.technet.com/operationsmgr/
SCMDM Support Team blog: http://blogs.technet.com/mdm/
SCVMM Team blog: http://blogs.technet.com/scvmm
Server App-V Team blog: http://blogs.technet.com/b/serverappv
Service Manager Team blog: http://blogs.technet.com/b/servicemanager
System Center Essentials Team blog: http://blogs.technet.com/b/systemcenteressentials
WSUS Support Team blog: http://blogs.technet.com/sus/

clip_image001 clip_image002