Solved

Exchange 2003 - SMTP Protocol Diagnostic Logging - User Authentication - Doesn't Work

Posted on 2009-03-30
8
1,463 Views
Last Modified: 2013-11-30
Various articles I have found here and on the web (e.g. http://www.amset.info/exchange/spam-cleanup.asp) suggest that setting the Exchange Server SMTP Protocol Diagnostic Logging Level to Maximum will cause ID 1708 events to be posted to the Application log reporting the SMTP authentication username and client PC. There doesn't seem to be much room for error, but I just cannot get this to work. Anybody got any idea what I might be doing wrong?
0
Comment
Question by:jeff1946
  • 5
  • 2
8 Comments
 
LVL 14

Accepted Solution

by:
Kaffiend earned 167 total points
Comment Utility
Restart the MSExchange Transport service.

Then, test and see if the logging is working by trying to send email using SMTP authentication. It could be that authenticated SMTP is not the problem, thus you would not see any EventID 1708s.  

(Your Exchange server needs to be set up to do authenticated SMTP for any of this to work, of course)
0
 
LVL 1

Author Comment

by:jeff1946
Comment Utility
Kaffiend,

Thanks for your reply.

I restarted all the Exchange services. Sent messages with a non-Outlook SMTP client configured for SMTP Authentication through the server configured to require SMTP authentication. Still no 1708 events in the App log.
0
 
LVL 1

Author Comment

by:jeff1946
Comment Utility
I just noticed that the server logs Security events 538, 576, and 540 each time I send a mail message from my SMTP client. But still no App event 1708.
0
 
LVL 65

Assisted Solution

by:Mestha
Mestha earned 333 total points
Comment Utility
Even Microsoft state that event should show.
http://support.microsoft.com/kb/895853

Simon.
0
Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

 
LVL 1

Author Comment

by:jeff1946
Comment Utility
Can either of you (Kaffiend or Mestha) or anyone else for that matter confirm that this actually works on another Win2K3/Exchange2K3 server?
0
 
LVL 65

Assisted Solution

by:Mestha
Mestha earned 333 total points
Comment Utility
The article you are referring to in your original question I wrote. So I know it works.

Simon.
0
 
LVL 1

Author Comment

by:jeff1946
Comment Utility
Well, the E-E system keeps nagging me about this open question, but the fact is I never got to the bottom of it. My Exchange Server has NEVER logged event 1708, depite leaving the SMTP logging option at maximum for 6 months. All the clients are SMTP clients. There are no IMAP/Exchange clients. Nuts.
0
 
LVL 1

Author Closing Comment

by:jeff1946
Comment Utility
Question unresolved after 6 months. Closing to stop the E-E system nag mail.
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

Local Continuous Replication is a cost effective and quick way of backing up Exchange server data. The following article describes the steps required to configure Local Continuous Replication. Also, the article tells you how to restore from a backup…
Scam emails are a huge burden for many businesses. Spotting one is not always easy. Follow our tips to identify if an email you receive is a scam.
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…
how to add IIS SMTP to handle application/Scanner relays into office 365.

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now