[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

disabled guest account still gets locked

Posted on 2014-01-24
5
Medium Priority
?
1,607 Views
Last Modified: 2014-03-28
sbs 2003.  i have the default guest account disabled however, malicious bots try to authenticate with my smtp server using this guest account.  after the defined number of failed attempts i get 539 account lockout events for the guest account in the event log.  i don't understand why i get a lockout when the account is disabled.

i tried to duplicate this by loging onto my smtp server via telnet to port 25, ehlo, auth login command but the base64 that i use for "guest" (online decoder) results in a "guust" account login in the event log.  i'm not sure what i'm doing wrong here but what i'm trying to figure out is why do i get an account lockout on a disabled account?

any ideas
0
Comment
Question by:scraby
  • 2
4 Comments
 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 39806567
I am not sure how they are trying to authenticate to your Exchange Receive Connector using Guest Account but typically it is a best practice to rename both the guest account and also administrator account. Have you tried to rename the guest account? You can do this via GPO

Rename Guest and Administrator Account GPO

Will.
0
 
LVL 7

Author Comment

by:scraby
ID: 39806782
well, neither of these answers my question of how a disabled account is getting locked out?  i renamed the guest account anyway.
0
 
LVL 53

Assisted Solution

by:Will Szymkowski
Will Szymkowski earned 1000 total points
ID: 39806827
What do the logs say in regards to the lock out? Do they give you a source IP or anything in relation to that? Maybe it is a Guest Account on a different machine.

Anyways renaming the Guest account should be done as a best practice. Check and see if the account continues to get these error messages.

Will.
0
 
LVL 20

Accepted Solution

by:
compdigit44 earned 1000 total points
ID: 39813668
Have you enabled verbose SMTP logging?
Have you checked your firewall logs?
Are you sure the source of the attack is external and not internal?
On your IIS SMTP virtual server, what are your relaying settings set to?
0

Featured Post

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Mailbox Corruption is a nightmare every Exchange DBA wishes he never has. Recovering from it can be super-hectic if not entirely futile. And though techniques like the New-MailboxRepairRequest cmdlet have been designed to help with fixing minor corr…
This article will help to fix the below errors for MS Exchange Server 2016 I. Certificate error "name on the security certificate is invalid or does not match the name of the site" II. Out of Office not working III. Make Internal URLs and Externa…
This video shows how to quickly and easily deploy an email signature for all users in Office 365 and prevent it from being added to replies and forwards. (the resulting signature is applied on the server level in Exchange Online) The email signat…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses

873 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question