Home
  •  

Exchange ActiveSync logon failure: Forbidden

Exchange_ActiveSync_logon_failure_Forbidden (Rule)

Knowledge Base article:

Summary

The user account is not enabled for Exchange ActiveSync or Exchange ActiveSync is turned off globally.

Causes

There is an incorrect configuration, or Exchange ActiveSync is disabled.

Resolutions

Ensure that the Mailbox Access account is enabled for Exchange ActiveSync in the Exchange System Manager and that Exchange ActiveSync is enabled globally.

Element properties:

TargetMicrosoft.Exchange.Protocol.EAS
CategoryEventCollection
EnabledTrue
Alert GenerateTrue
Alert SeverityWarning
Alert PriorityNormal
RemotableTrue
Alert Message
Exchange ActiveSync logon failure: Forbidden
{0}
Event LogOperations Manager

Member Modules:

ID Module Type TypeId RunAs 
EventDS DataSource Microsoft.Windows.EventProvider Default
GenerateAlert WriteAction System.Health.GenerateAlert Default

Source Code:

<Rule ID="Exchange_ActiveSync_logon_failure_Forbidden" Enabled="onStandardMonitoring" Target="Exch2003Core!Microsoft.Exchange.Protocol.EAS" ConfirmDelivery="false" Remotable="true" Priority="Normal" DiscardLevel="100">

  <Category>EventCollection</Category>

  <DataSources>

    <DataSource ID="EventDS" TypeID="Windows!Microsoft.Windows.EventProvider">

      <ComputerName>.</ComputerName>

      <LogName>Operations Manager</LogName>

      <Expression>

        <And>

          <Expression>

            <SimpleExpression>

              <ValueExpression>

                <XPathQuery>Params/Param[1]</XPathQuery>

              </ValueExpression>

              <Operator>Equal</Operator>

              <ValueExpression>

                <Value>EAS logon verification</Value>

              </ValueExpression>

            </SimpleExpression>

          </Expression>

          <Expression>

            <SimpleExpression>

              <ValueExpression>

                <XPathQuery Type="UnsignedInteger">EventDisplayNumber</XPathQuery>

              </ValueExpression>

              <Operator>Equal</Operator>

              <ValueExpression>

                <Value Type="UnsignedInteger">2307</Value>

              </ValueExpression>

            </SimpleExpression>

          </Expression>

        </And>

      </Expression>

    </DataSource>

  </DataSources>

  <WriteActions>

    <WriteAction ID="GenerateAlert" TypeID="SystemHealth!System.Health.GenerateAlert">

      <Priority>1</Priority>

      <Severity>1</Severity>

      <AlertOwner>$Data/PublisherName$</AlertOwner>

      <AlertMessageId>$MPElement[Name="Exchange_ActiveSync_logon_failure_Forbidden.AlertMessage"]$</AlertMessageId>

      <AlertParameters>

        <AlertParameter1>$Data/EventDescription$</AlertParameter1>

      </AlertParameters>

      <Suppression>

        <SuppressionValue/>

      </Suppression>

    </WriteAction>

  </WriteActions>

</Rule>