Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 1000 Source: EXPROX

Microsoft Exchange Server has detected that NTLM-based authentication is presently being used between this server and server "<server>". NTLM is  still a secure authentication mechanism and protects users' credentials. However this indicates that there may be a configuration issue preventing  the use of Kerberos authentication. If this condition persists please verify that both this server and server "<server>" are properly configured to use Kerberos authentication. After applying any  changes it may be necessary to restart Internet Information Services on both  the front-end and back-end servers.
See ME909094 for a hotfix applicable to Microsoft Exchange Server 2003.

As per Microsoft: "This event may be logged on an Exchange Server 2003 server configured as a front-end server when both of the following conditions are true:
1.An Exchange Server 2003 front-end server is attempting authentication to a back-end server.
2.The back-end server is running Exchange 2000 Server. Exchange 2000 Server does not support Kerberos authentication".
See MSEX2K3DB for additional information about this event.
This error may also occur if you are using Exchange 2003 in a Front-End/Back-End environment and allow basic authentication between the servers. This is a non-issue according to Microsoft unless the Front-end server is in a DMZ. The authentication methods would then need to be changed in the IIS settings on the back-end server to avoid these messages.
I received this warning after installing Sharepoint Portal Server on a 2003 Domain Controller. ME832769 helped me to resolve the problem.

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to



Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.