Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 4183 Source: MSExchangeIMC

Source
Level
Description
Authentication attempt (AUTH LOGIN) from <remote SMTP server name> as <user name> failed: LogonUser() call failed with error: Logon failure: unknown user name or bad password.
Comments
 
See ME200788 for information about this event.
I have seen this event occuring when the IMC has been under attack from hackers trying to log on to the system through the IMC.
From a newsgroup post: "What it means is that some misconfigured ESMTP server sees the "AUTH LOGIN" and tries to AUTH to your server (thinking that they have a password to every server in the world, no doubt). Since they don't have a valid user name/password in your system, the attempt fails and is recorded in the Applications log.
Send an e-mail to the postmaster of the remote server (domain) and ask him to please stop trying to authenticate with your server. You haven't given him a
user/password to use so his attempts are pointless. This is a common problem with the Netscape server. It's caused by a poor choice of defaults in the configurations and a naive admin. The Netscape server sees the AUTH=LOGIN in the list of ESMTP keywords and thinks it should try to login (using what user and password is anyone's guess)."

The fix for this is to make sure the Exchange service account has the "act as part of the operating system" right. Also make sure that you don't have a domain group security policy overiding the local policy for this right. You will need to stop and restart the Internet Mail Service after correcting this problem.

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net.

Read more...

 

Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.

Read more...