[Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Failure audit every few minutes for pop3 users

Posted on 2005-05-02
5
Medium Priority
?
635 Views
Last Modified: 2010-08-05
I have exchange 2003 with a handful of pop3 users.  They retrieve email ok but I notice that when they have Outlook open I get periodic "faiure audits" error 680 user does not exist in the security log.  It doesn't seem to affect anything, but I'm concerned about security on these accounts.  Whats the deal with pop3 on exchange?  Thanks.
0
Comment
Question by:wburke121
  • 2
  • 2
5 Comments
 
LVL 9

Expert Comment

by:athelu
ID: 13909898
could you post a copy of the actual event message?
0
 

Author Comment

by:wburke121
ID: 13909974
Event Type:      Failure Audit
I only get this error for accounts that use pop3 on our exchange 2003 server

Event Source:      Security
Event Category:      Account Logon
Event ID:      680
Date:            5/2/2005
Time:            11:28:56 AM
User:            NT AUTHORITY\SYSTEM
Computer:      <<deleted for security reasons>>
Description:
Logon attempt by:      MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
 Logon account:      <<deleted for security reasons>>>
 Source Workstation:      <<deleted for security reasons>>
 Error Code:      0xC0000064


For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
0
 
LVL 26

Expert Comment

by:Vahik
ID: 13913732
680 failure means some one used wrong users name password and failed to authenticate
against ur domain....there must be one success 680 right after for the same user if it was
a mistake...

http://www.windowsecurity.com/articles/Deciphering-Authentication-Events-Domain-Controllers.html
0
 

Author Comment

by:wburke121
ID: 13920079
No, the users made no mistake and is actually getting pop3 mail from the exchange server.  We have 3 users who use pop3. It works, but while they have Outlook open on their PCs, either locally or remotely, this error shows up every 10 minutes on the Exchange server.
0
 
LVL 9

Accepted Solution

by:
athelu earned 1000 total points
ID: 13921284
Sounds like the connection is being continually validated, which is typical, but that the connection is attempting a preffered authentication method first (ie ntlm/kerberos) and when that fails, it resorts to basic. That is why you see the logon failure message, but the users still successfully authenticate. Similar to what vahik was saying, there should be a successfull log on message right after the failed attempt in the log.

Take a look at your POP3 connector on the back-end server. I am sure that it has simple authentication enabled, and one of its options will be NTLM.  if the NTLM authentication is failing (which it will unless connected on the local network) then the users credentials will be passed in basic (clear text).  To test whether this is the case, you could remove the check box from the basic authentication box, and i assume the clients would then fail to be able to retrieve mail.

I would HIGHLY recommend installing a SSL cert on the server and requireing SSL connections for POP3 and IMAP4. I cannot say this enogh. The users would be forced to make a change in the outlook settings to use the SSL ports, but that is a small price to pay for the increased security.
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There can be many situations demanding the conversion of Outlook OST files to PST format and as such, there is no shortage of automated tools to perform this conversion. However, what makes Stellar OST to PST converter stand above the rest? Let us e…
This article will help to fix the below errors for MS Exchange Server 2016 I. Certificate error "name on the security certificate is invalid or does not match the name of the site" II. Out of Office not working III. Make Internal URLs and Externa…
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…
Suggested Courses

868 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question