Microsoft KB Archive/813229

= XADM: Failure Audit Security Event ID Messages Are Logged When You Open a Mailbox That You Have Delegate Access To =

Article ID: 813229

Article Last Modified on 2/28/2007

-

APPLIES TO


 * Microsoft Exchange 2000 Enterprise Server
 * Microsoft Exchange 2000 Server Standard Edition

-



SYMPTOMS
When you try to open the Microsoft Outlook folders of a different user, and you have delegate access for those folders, one or more of the following failure audit event ID messages are logged in the Security log of the Windows Event Viewer: Date:

Source: Security

Time:

Category: Object Access

Type: Failure

Event ID: 565

User:

Computer:

Description:

Object Open:

Object Server: Microsoft Exchange

Object Type: Microsoft Exchange Logon

Object Name: /o=Organization/ou=Organizational unit/cn=Recipients/cn=user

New Handle ID: -

Operation ID: {0,32586782}

Process ID: 2168

Primary User Name: $

Primary Domain:

Primary Logon ID: (0x0,0x3E7)

Client User Name:

Client Domain:

Client Logon ID: (0x0,0x1F13BE3)

Accesses Unknown specific access (bit 0)

Privileges -

-and-

Date:

Source: Security

Time:

Category: Object Access

Type: Failure

Event ID: 565

User:

Computer:

Description:

Object Open:

Object Server: Microsoft Exchange

Object Type: Microsoft Exchange Logon

Object Name: /o=Organization/ou=Organizational unit/cn=Recipients/cn=user

New Handle ID: -

Operation ID: {0,33480094}

Process ID: 2168

Primary User Name: $

Primary Domain:

Primary Logon ID: (0x0,0x3E7)

Client User Name:

Client Domain:

Client Logon ID: (0x0,0x1FEDD89)

Accesses Unknown specific access (bit 8)

Privileges -

Properties:

READ_CONTROL

WRITE_DAC

WRITE_OWNER

MAX_ALLOWED

Unknown specific access (bit 4)

Unknown specific access (bit 6)

Unknown specific access (bit 7)

Unknown specific access (bit 8)

Unknown specific access (bit 9)

Unknown specific access (bit 11)

Unknown specific access (bit 12)

Unknown specific access (bit 15)

%{ab721a54-1e2f-11d0-9819-00aa0040529b}

Even though the failure audit event messages are logged in the Security log, you can successfully open the folders that you have delegate access to.



CAUSE
This behavior may occur if the following conditions are true:
 * You access another user's mailbox by using delegate access.
 * Audit logging is turned on for object access.

This behavior occurs if you do not have the Send As or Owner rights for the mailbox that you are trying to open. The failure audit events are logged to notify the administrator that the user who is accessing the mailbox does not have Send As or Owner rights to the mailbox itself even though the user has delegate access to the mailbox. These failure audit events are logged in the Security log of the Event Viewer so that the administrator of the Exchange 2000 organization can verify that security permissions are set correctly.



WORKAROUND
You can safely ignore the failure audit events.



STATUS
This behavior is by design.



MORE INFORMATION
When you try to open the mailbox of another user by using delegate access, Windows verifies that you have Send As and Owner rights for that mailbox. When you try to open mailboxes in the private information store of an Exchange 2000 computer, the following behavior occurs:
 * If you own the mailbox, the logon object that corresponds to your user account is flagged with the Owner rights to the mailbox. Because of this, all subsequent operations that you perform on objects that are in the mailbox are not checked for access permissions. This speeds operations when you open your mailbox.
 * If you do not own the mailbox but you have delegate access, every operation that you perform is verified to make sure that you possess sufficient rights. This helps to make sure that you only perform actions in folders that you have rights for. Because of this, when you try to open the mailbox of another user, the initial rights verifications (for the Send As and Owner rights) return a failure audit result.

Keywords: kbprb KB813229

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.