[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Mac Mail Client generating Security-Auditing 4625 Events

Posted on 2014-08-27
5
Medium Priority
?
231 Views
Last Modified: 2014-12-16
I have a mac user that is connected to our Exchange 2010 server and is generating a lot of failed authentication events.  Because we monitor failed logins, I would like to fix the underlying issue.  Does anyone know how to prevent these failed login attemps, even though the user is properly configured and receiving email properly?

IIS-LOG.PNG
4625.PNG
0
Comment
Question by:tcloud
  • 3
  • 2
5 Comments
 
LVL 41

Expert Comment

by:Eoin OSullivan
ID: 40289826
What email client are they using on OSX is it definitely only Apple Mail or are there other mail clients also at play such as Outlook or Postbox or something else?

Are you sure that there are NO incorrect accounts setup in Apple Mail .. there can be multiple accounts setup under the preferences .. also check the SMTP server list.

You might also want to open the apple Keychain Access application and delete any saved keys for any Mail application .. in case an incorrect one is saved somewhere and being used by the Mail application.

If you cannot find an incorrect password or account setup somewhere the default advice will be to remove the Exchange account from Apple Mail, quite and restart Mac Mail and then re-add the Exchange account.
0
 

Author Comment

by:tcloud
ID: 40298426
Clearing KeyChain entries and removing/re-adding account did not resolve the issue.
0
 
LVL 41

Expert Comment

by:Eoin OSullivan
ID: 40298486
Is there any chance there is another email client or service at issue here?  

Can you open the Activity Monitor on OSX .. located in the Applications: Utilities subfolder .. and see can you find any other app or process which might be trying to connect to your Exchange server.

Alternatively open a terminal window ... and run the following command .. it will show you all processes running which have open port 80 ...
sudo lsof -i :80 -S

Open in new window

modify the command to check any other ports or a port range
sudo lsof -i :53200-53300 -S

Open in new window

0
 

Author Comment

by:tcloud
ID: 40299125
No other client or app.  We removed account for a couple of days and the messages stopped.  As soon as we re-added, they started up again.
0
 
LVL 41

Accepted Solution

by:
Eoin OSullivan earned 2000 total points
ID: 40299560
Ok. So you've narrowed it specifically to apple mail. Sounds like all you could do is use the ipfw firewall in osx to block the outgoing traffic and stop the error as there is no way to control that in apple mail itself.
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Steps to fix “Unable to mount database. (hr=0x80004005, ec=1108)”.
Steps to fix error: “Couldn’t mount the database that you specified. Specified database: HU-DB; Error code: An Active Manager operation fail”
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…
Suggested Courses

834 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question