Failure Audit - What does it mean?

Posted on 2004-11-12
Last Modified: 2010-04-11
When I see a failure audit in my event viewer like this one....

Event Type:      Failure Audit
Event Source:      Security
Event Category:      Object Access
Event ID:      565
Date:            11/12/2004
Time:            8:53:58 AM
User:            DOMAIN\jsmith
Computer:      EXSERVER
Object Open:
       Object Server:      Microsoft Exchange
       Object Type:      Microsoft Exchange Logon
       Object Name:      /o=DOMAIN/ou=first administrative group/cn=Recipients/cn=jmarino
       New Handle ID:      -
       Operation ID:      {0,46016404}
       Process ID:      2352
       Primary User Name:      EXSERVER$
       Primary Domain:      DOMAIN
       Primary Logon ID:      (0x0,0x3E7)
       Client User Name:      jsmith
       Client Domain:      DOMAIN
       Client Logon ID:      (0x0,0x2BCAD90)
       Accesses            Unknown specific access (bit 0)
       Privileges            -


What is it telling me exactly??
Question by:DVation191
    LVL 2

    Expert Comment

    It looks like jsmith is trying to access jmarino's mailbox and was denied.
    LVL 20

    Author Comment

    does it give any more details than that? like how they tried doing that?
    LVL 2

    Expert Comment

    Maybe this person tried to open jmarinos calendar and instead they tried to open the inbox by accident and got the deny error.  Inbox is the default when you go to open other users folder.
    LVL 3

    Accepted Solution

    As per Microsoft: "This behavior occurs if you do not have the Send As or Owner rights for the mailbox that you are trying to open. The failure audit events are logged to notify the administrator that the user who is accessing the mailbox does not have Send As or Owner rights to the mailbox itself even though the user has delegate access to the mailbox. These failure audit events are logged in the Security log of the Event Viewer so that the administrator of the Exchange 2000 organization can verify that security permissions are set correctly". See Q813229 for more details.
    Also, this event will be generated when there are missing DNS PTR records, incorrect PTR records (mismatch between FQDNs in A records and PTR records) or missing reverse lookup zones.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    How to run any project with ease

    Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
    - Combine task lists, docs, spreadsheets, and chat in one
    - View and edit from mobile/offline
    - Cut down on emails

    This is a short article about OS X KeRanger, and what people can do to get rid of it.
    By default, Carbonite Server Backup manages your encryption key for you using Advanced Encryption Standard (AES) 128-bit encryption. If you choose to manage your private encryption key, your backups will be encrypted using AES 256-bit encryption.
    Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…
    Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

    759 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    14 Experts available now in Live!

    Get 1:1 Help Now