Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium


Failure Audit - What does it mean?

Posted on 2004-11-12
Medium Priority
Last Modified: 2010-04-11
When I see a failure audit in my event viewer like this one....

Event Type:      Failure Audit
Event Source:      Security
Event Category:      Object Access
Event ID:      565
Date:            11/12/2004
Time:            8:53:58 AM
User:            DOMAIN\jsmith
Computer:      EXSERVER
Object Open:
       Object Server:      Microsoft Exchange
       Object Type:      Microsoft Exchange Logon
       Object Name:      /o=DOMAIN/ou=first administrative group/cn=Recipients/cn=jmarino
       New Handle ID:      -
       Operation ID:      {0,46016404}
       Process ID:      2352
       Primary User Name:      EXSERVER$
       Primary Domain:      DOMAIN
       Primary Logon ID:      (0x0,0x3E7)
       Client User Name:      jsmith
       Client Domain:      DOMAIN
       Client Logon ID:      (0x0,0x2BCAD90)
       Accesses            Unknown specific access (bit 0)
       Privileges            -


What is it telling me exactly??
Question by:DVation191

Expert Comment

ID: 12566984
It looks like jsmith is trying to access jmarino's mailbox and was denied.
LVL 20

Author Comment

ID: 12567899
does it give any more details than that? like how they tried doing that?

Expert Comment

ID: 12569837
Maybe this person tried to open jmarinos calendar and instead they tried to open the inbox by accident and got the deny error.  Inbox is the default when you go to open other users folder.

Accepted Solution

rkotowic earned 1600 total points
ID: 12597348
As per Microsoft: "This behavior occurs if you do not have the Send As or Owner rights for the mailbox that you are trying to open. The failure audit events are logged to notify the administrator that the user who is accessing the mailbox does not have Send As or Owner rights to the mailbox itself even though the user has delegate access to the mailbox. These failure audit events are logged in the Security log of the Event Viewer so that the administrator of the Exchange 2000 organization can verify that security permissions are set correctly". See Q813229 for more details.
Also, this event will be generated when there are missing DNS PTR records, incorrect PTR records (mismatch between FQDNs in A records and PTR records) or missing reverse lookup zones.

Featured Post

Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The article explains the process to deploy a Self-Service password reset portal I developed a few years ago. Hopefully, it will prove useful to someone.  Any comments, bug reports etc. are welcome...
This blog will spread awareness about Dropbox. We have given the statements based upon our experience. Along with this, there is a section of some new plans that should be added in Dropbox this year. This will make the storage service enhanced from …
This video Micro Tutorial shows how to password-protect PDF files with free software. Many software products can do this, such as Adobe Acrobat (but not Adobe Reader), Nuance PaperPort, and Nuance Power PDF, but they are not free products. This vide…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…

571 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question