Announcement

Collapse
No announcement yet.

Account lockout issues due to imap

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Account lockout issues due to imap

    I have exchange 2010 setup with multiple CAS/HT servers (multirole) along with a hardware load balancer.

    We are facing account lockout issues with one of the mailbox which is used by multiple users.
    Recently password has been changed by the user and i think they have used this account to run some third party services which they are not aware or forgot.

    As per the security logs of the domain controller, one of the exchange server is causing account lockout issue using IMAP service.
    Enabled netlogon logs but can't find the client system name (null value is observed instead of client system name).

    Enabled protocol logging for IMAP but didn't help, need your expert advice to trace the hostname or the IP address of the client system.

  • #2
    You need to enable logging in IMAP on all CAS role servers. If that is the protocol being logged, then the logs will show you the IP address they are coming from.

    Simon.
    --
    Simon Butler
    Exchange MVP

    Blog: http://blog.sembee.co.uk/
    More Exchange Content: http://exchange.sembee.info/
    Exchange Resources List: http://exbpa.com/
    In the UK? Hire me: http://www.sembee.co.uk/

    Sembee is a registered trademark, used here with permission.

    Comment


    • #3
      I have already tried by enabling IMAP protocol logging on the server which is causing lockout issues but didn't find the ip address of the client system. Note- there is a physical load balancer between client system and exchange servers.

      Comment


      • #4
        Does the address the clients are using point to the load balancer?
        If so, then you should probably reconfigure the load balancer to pass through the real IP address to the Exchange server so it is logged correctly.

        Simon.
        --
        Simon Butler
        Exchange MVP

        Blog: http://blog.sembee.co.uk/
        More Exchange Content: http://exchange.sembee.info/
        Exchange Resources List: http://exbpa.com/
        In the UK? Hire me: http://www.sembee.co.uk/

        Sembee is a registered trademark, used here with permission.

        Comment


        • #5
          Yes, source IP address are not reveled by the Load balancer and we are planning the same but it will take some time. Do we have any other option to find the actual host name or the client IP address.

          Comment


          • #6
            If you cannot get the original information of the client, then you have no chance in tracking it down.

            Simon.
            --
            Simon Butler
            Exchange MVP

            Blog: http://blog.sembee.co.uk/
            More Exchange Content: http://exchange.sembee.info/
            Exchange Resources List: http://exbpa.com/
            In the UK? Hire me: http://www.sembee.co.uk/

            Sembee is a registered trademark, used here with permission.

            Comment

            Working...
            X