Event ID/Source search
Keyword searchExample: Windows cannot unload your registry file
Event ID: 1016 Source: MSExchangeIS Mailbox Store
|Source: MSExchangeIS Mailbox Store|
|Type: Success Audit|
<user name> logged on to <mailbox name> mailbox, and is not the primary Windows 2000 account on this mailbox.
|English: Request a translation of the event description in plain English.|
|Concepts to understand:|
What is the role of the Microsoft Exchange Information Store service?
ME839862 provides information on troubleshooting the RPC Cancel Request dialog box in Outlook 2003 or in Outlook 2002. It has information that might prove useful in troubleshooting this event.
Read McAfee solution nai30262 for information on McAfee GroupShield 5.0.2 for Microsoft Exchange 5.5. Go to the McAfee Knowledge Search page and search for this solution to read it.
As per Microsoft: "This behavior occurs as a result of the security auditing features of Exchange 2000. When a user who is not the primary account associated with a particular mailbox logs on to that mailbox, this event is logged to prevent unauthorized users from accessing private mailbox data". See ME278000 for details on this event.
See ME867640 and MSEX2KDB for additional information about this event.
It is important to analyze the actual user names displayed in the event and see if any Exchange operation would somehow authorize them to login to that mailbox (i.e. accounts used by backup services, assistants logging in to their bosses schedule, antivirus, etc...). However, this event may as well indicate that someone unauthorized managed to access that mailbox.
As per ME173692, this event may be generated in the Application Event log when you attempt to access another user's mailbox or schedule.
From newsgroup posts:
- "This will also occurr if anyone browses your free/busy information, etc. A whole lot of benign things will generate that message."
- "You may have email anti virus software which scans your mailbox, or backup software, each would require to access your mailbox using the associated service accout whic will have rights to open all mailboxes."
If the account that is logging in the SYSTEM (i.e. Windows 2000 User NT AUTHORITY\SYSTEM) then it could be that you have just installed Exchange or you started the Exchange information store with new blank databases. See ME252543.
|Private comment: Subscribers only. See example of private comment|
|Links: ME173692, ME252543, ME278000, ME839862, ME867640, McAfee Knowledge Search, MSEX2KDB|
|Search: Google - Bing - Microsoft - Yahoo - EventID.Net Queue (0) - More links...|
Send comments or solutions
- Notify me when updated