Mac Mail Client generating Security-Auditing 4625 Events

I have a mac user that is connected to our Exchange 2010 server and is generating a lot of failed authentication events.  Because we monitor failed logins, I would like to fix the underlying issue.  Does anyone know how to prevent these failed login attemps, even though the user is properly configured and receiving email properly?

IIS-LOG.PNG
4625.PNG
tcloudAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Eoin OSullivanConsultantCommented:
What email client are they using on OSX is it definitely only Apple Mail or are there other mail clients also at play such as Outlook or Postbox or something else?

Are you sure that there are NO incorrect accounts setup in Apple Mail .. there can be multiple accounts setup under the preferences .. also check the SMTP server list.

You might also want to open the apple Keychain Access application and delete any saved keys for any Mail application .. in case an incorrect one is saved somewhere and being used by the Mail application.

If you cannot find an incorrect password or account setup somewhere the default advice will be to remove the Exchange account from Apple Mail, quite and restart Mac Mail and then re-add the Exchange account.
0
tcloudAuthor Commented:
Clearing KeyChain entries and removing/re-adding account did not resolve the issue.
0
Eoin OSullivanConsultantCommented:
Is there any chance there is another email client or service at issue here?  

Can you open the Activity Monitor on OSX .. located in the Applications: Utilities subfolder .. and see can you find any other app or process which might be trying to connect to your Exchange server.

Alternatively open a terminal window ... and run the following command .. it will show you all processes running which have open port 80 ...
sudo lsof -i :80 -S

Open in new window

modify the command to check any other ports or a port range
sudo lsof -i :53200-53300 -S

Open in new window

0
tcloudAuthor Commented:
No other client or app.  We removed account for a couple of days and the messages stopped.  As soon as we re-added, they started up again.
0
Eoin OSullivanConsultantCommented:
Ok. So you've narrowed it specifically to apple mail. Sounds like all you could do is use the ipfw firewall in osx to block the outgoing traffic and stop the error as there is no way to control that in apple mail itself.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.