Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 1035 Source: POP3Connector

A error occurred in connecting to the <server> POP3 server for user <user>. The error is 11004. The server may be down for maintenance or your server is not connected to the Internet.
From a newsgroup post: "We have seen these events caused by mismatched MTU's. In some cases, it can be resolved by adjusting the MTU on the router used to connect to the internet or in other cases, you can modify the MTU on the server. As a test, try running the following command; you can replace the <pop
Server> name with the ones that you receive the events connecting to:

“ping -f -l 1472 <pop server>”

See if this pings or returns message "packet needs to be fragmented but DF set". If it returns the second message, then adjust the 1472 value down (in increments of 10 for instance) until you find the largest value that pings. If you can ping through with 1472, then the MTU is not likely to be the cause. However, you can still check the MTU value in the registry of the server to see if it has been set to a value higher than 1500. If the MTU value does not exist in the registry then the server defaults to the MTU for media you are connecting with which is most likely 1500. If you receive a request timed out, that server may not respond to pings.
Once you know the largest value that pings, you can manually set the MTU in the registry of the server using the following steps:

1. Click Start, and then click Control Panel.

2. Double-click "Network and Internet Connections", and then click to open the Network Connections folder.

3. If more than one network connection is listed for each connection double-click the connection and then click the Support tab of the Status interface that opens. The connection that shows a “Default Gateway” entry is probably the network connection that is used to connect to the Internet. Note the name of the connection (for example, "Local Area Connection 2").

4. Start Registry Editor (Regedit.exe).

5. Under the HKEY_LOCAL_MACHINE tree, go to the following key: “SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\”

6. Under that key are one or more keys that have numeric identifiers. Each of these keys has a Connection subkey. Examine each of the keys that look like this:
<ID_for_Adapter>\Connection Name value in the Connection subkey provides the network connection name that is used in the Network Connections folder. When you find the one that matches the name that you found in step 3, make a note of the <ID_for_Adapter> that the network connection name is under.

7. Return to HKEY_LOCAL_MACHINE, and then locate the following key “SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\<ID_for_Adapter>” where <ID_for_Adapter> is the number that you noted in step 6. When you highlight this key, several values appear on the right side of the screen, including DefaultGateway and EnableDHCP.

8. Right-click the right side of the screen, click New, and then click DWORD Value. Name the value MTU.
9. Double-click the value so that you can edit the value, change Base to Decimal, and then enter the largest acceptable MTU size, which is the size that you identified by using the Ping tests.

10. Quit Registry Editor.

If you need to do this on your router, please refer to it's documentation for adjusting/setting the MTU".

ME314496 shows default MTU size for different Network topologies.

From a newsgroup post: "I experience the same errors. Microsoft Tech Support told me that those events are simply to let you know that there was a problem connecting to or downloading from the ISP. They are not events that you can correct; they are more informational in nature even though they show up as errors. If the ISP’s mail servers are slow, or they are experiencing high volumes of connections, then the POP3 connector will have problems connecting and downloading the mail. When this happens, it will log an event. If there is a problem with a piece of mail, it will also log an event".
We have seen this with a particular account when the email server was down or the email was being checked at the same time in two different locations.

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to



Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.