Security Logo Failed Exchange 2007 / IIS

Hi,

I am getting hundreds of security failed logs from windows event viewer.

An account failed to log on.

Subject:

      Security ID:            SYSTEM

      Account Name:            SRV03$

      Account Domain:            xxx

      Logon ID:            0x3e7

Logon Type:                  3

Account For Which Logon Failed:

      Security ID:            NULL SID

      Account Name:            

      Account Domain:            

Failure Information:

      Failure Reason:            Account currently disabled.

      Status:                  0xc000006e

      Sub Status:            0xc0000072

Process Information:

      Caller Process ID:      0xba8

      Caller Process Name:      C:\Windows\System32\inetsrv\w3wp.exe

Network Information:

      Workstation Name:      SRV03

      Source Network Address:      -

      Source Port:            -

Detailed Authentication Information:

      Logon Process:            Authz   

      Authentication Package:      Kerberos

      Transited Services:      -

      Package Name (NTLM only):      -

      Key Length:            0

After I did some research about this event log, I found that it is related to IIS. And I had a look at the log files of IIS and found these errors. There are hundreds of these error in the log file same as the logon failed logs in event viewer.

2015-04-07 02:03:03 192.168.0.3 POST /Microsoft-Server-ActiveSync/default.eas User=user1&DeviceId=ApplDYTHQSUZDVGK&DeviceType=iPad&Cmd=ItemOperations&Log=V121_LdapC2_LdapL0_RpcC28_RpcL34_Pk2503518541_ 443 user1192.168.10.x Apple-iPad3C3/1202.466 200 0 0 254

2015-04-07 02:03:03 192.168.0.3 POST /Microsoft-Server-ActiveSync/default.eas User=user1&DeviceId=ApplDYTHQSUZDVGK&DeviceType=iPad&Cmd=ItemOperations&Log=V121_LdapC2_LdapL0_RpcC34_RpcL40_Pk2503518541_ 443 user1192.168.10.x Apple-iPad3C3/1202.466 200 0 0 332

2015-04-07 02:03:04 192.168.0.3 POST /Microsoft-Server-ActiveSync/default.eas User=user1&DeviceId=ApplDYTHQSUZDVGK&DeviceType=iPad&Cmd=ItemOperations&Log=V121_LdapC1_LdapL15_RpcC17_RpcL16_Pk2503518541_ 443 user1192.168.10.x Apple-iPad3C3/1202.466 200 0 0 162

2015-04-07 02:03:04 192.168.0.3 POST /Microsoft-Server-ActiveSync/default.eas User=user1&DeviceId=ApplDYTHQSUZDVGK&DeviceType=iPad&Cmd=ItemOperations&Log=V121_LdapC1_LdapL0_RpcC13_RpcL18_Pk2503518541_ 443 user1192.168.10.x Apple-iPad3C3/1202.466 200 0 0 102

2015-04-07 02:03:04 192.168.0.3 POST /Microsoft-Server-ActiveSync/default.eas User=user1&DeviceId=ApplDYTHQSUZDVGK&DeviceType=iPad&Cmd=ItemOperations&Log=V121_LdapC1_LdapL0_RpcC13_RpcL14_Pk2503518541_ 443 user1192.168.10.x Apple-iPad3C3/1202.466 200 0 0 92

2015-04-07 02:03:04 192.168.0.3 POST /Microsoft-Server-ActiveSync/default.eas User=user1&DeviceId=ApplDYTHQSUZDVGK&DeviceType=iPad&Cmd=ItemOperations&Log=V121_LdapC2_LdapL0_RpcC28_RpcL31_Pk2503518541_ 443 user1192.168.10.x Apple-iPad3C3/1202.466 200 0 0 318

2015-04-07 02:03:05 192.168.0.3 POST /Microsoft-Server-ActiveSync/default.eas User=user1&DeviceId=ApplDYTHQSUZDVGK&DeviceType=iPad&Cmd=ItemOperations&Log=V121_LdapC2_LdapL15_RpcC28_RpcL24_Pk2503518541_ 443 user1192.168.10.x Apple-iPad3C3/1202.466 200 0 0 248

What would be the cause of this issue here and how can I resolve the failure logs?


  • Edited by paddy28 Wednesday, April 08, 2015 6:56 AM
April 8th, 2015 6:55am
You have posted in an Exchange 2013 forum.  The Exchange previous versions forums are here:  http://social.technet.microsoft.com/Forums/en-US/category/exchangeserverlegacy
Free Windows Admin Tool Kit Click here and download it now
April 12th, 2015 4:39pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics