Article ID: 147362
Article Last Modified on 10/28/2006
APPLIES TO
- Microsoft Exchange Server 4.0 Standard Edition
This article was previously published under Q147362
SYMPTOMS
By default, the Microsoft Exchange Service Account can log in to any mailbox. However, when a Service Account is used to log in to a mailbox, this event should be logged in the Windows NT Application Event Log as Event ID 1016 with the following text:
where ExchService is the Service Account and ExUser1 is the mailbox that the Service Account logs in to.
This information is logged whether or not you have logging turned on for the Microsoft Exchange Private Information Store (IS). This information is not always logged properly as in the following example:
- Turn off logging on the Private IS.
- Log in as the Service Account (ExchService) and open the ExUser1 mailbox.
You initially get the following event logged in the Windows NT Event Viewer: - In the Microsoft Exchange client, open the Tools menu, click Services, click Exchange Server, click Properties, click Advanced Page, and add ExUser2 mailbox to the list to open.
The Windows NT Event log will have the same entry:The log message should say:
CAUSE
This is logged properly if logging is set to at least Minimum on the Private IS, but will not be logged properly if logging is set to None.
MORE INFORMATION
For more information about preventing administrators from viewing user mail, please see the following article in the Microsoft Knowledge Base:
147354 XADM: Service Account Can Log In to any Mailbox
STATUS
Microsoft has confirmed this to be a problem in Microsoft Exchange version 4.0. This problem has been corrected in the latest Service Pack for Microsoft Exchange Server. For information on obtaining the Service Pack, query on the following word in the Microsoft Knowledge Base (without the spaces):
S E R V P A C K
Keywords: kbusage KB147362