There was no default logon or the logon failed with the credentials entered by the User.
A User failed to log on - e.g. by entering the wrong password in the mail.
Check in the User Management if the User Account is correctly enabled.
If you have too many errors like this check how the Web Site Authentication is configured.
How to Configure IIS Web Site Authentication
Use an administrative account to log on to the Web server.
Start IIS Manager or open the IIS snap-in.
Expand Server_name, where Server_name is the name of the server, and then expand Web Sites.
Use one of the following methods (as appropriate to your situation), and then click Properties:
To configure authentication for all Web content that is hosted on the IIS server, right-click Web Sites.
To configure authentication for an individual Web site, right-click the Web site that you want.
To configure authentication for a virtual directory or a physical directory in a Web site, click the Web site that you want, and then right-click the directory that you want, such as _vti_pvt.
To configure authentication for an individual page or file in a Web site, click the Web site that you want, click the folder that contains the file or the page that you want, and then right-click the file or the page that you want.
In the ItemName Properties dialog box (where ItemName is the name of the item that you selected), click the Directory Security or the File Security tab (as appropriate).
Under Anonymous access and authentication control, click Edit.
Click to select the Anonymous access check box to turn on anonymous access. To turn off anonymous access, click to clear this check box.
Note: If you turn off anonymous access, you must configure some other form of authenticated access.
To change the account that is used for anonymous access to this resource, click Browse, click the user account that you want to use, and then click OK.
Under Authenticated access, click to select the Windows Integrated authentication check box if you want to use integrated Windows authentication.
Note: This authentication method was formerly known as Microsoft Windows NT Challenge/Response or NT LAN Manager (NTLM).
Click to select the Digest authentication for Windows domain servers check box if you want to use digest authentication. When you receive the following message, click Yes:
Digest authentication only works with Active Directory domain accounts. For more information about configuring Active Directory domain accounts to allow digest authentication, click Help.
Are you sure you wish to continue?Type the realm name in the Realm box.
Note: You must configure user accounts with the Store password using reversible encryption account option selected.
Click to select the Basic authentication (password is sent in clear text) check box if you want to use basic authentication. When you receive the following message, click Yes:
The authentication option you have selected results in passwords being transmitted over the network without data encryption. Someone attempting to compromise your system security could use a protocol analyzer to examine user passwords during the authentication process. For more detail on user authentication, consult the online help. This warning does not apply to HTTPS (or SSL) connections.
Are you sure you want to continue?
To specify a domain with which to authenticate users who are using basic authentication, type the domain that you want in the Default domain box.
You also have the option to enter a value in the Realm box at this point.
Click to select the .NET Passport authentication check box if you want to use .NET Passport authentication.
Note: When you select this option, the other authentication methods are unavailable.
Click OK, and then in the Item Name Properties dialog box, click OK. If the Inheritance Overrides dialog box opens, follow these steps:
Click Select All to apply the new authentication settings to all of the files or the folders that are located in the item that you changed.
Click OK.
Quit IIS Manager or close the IIS snap-in.
| Target | Microsoft.Windows.InternetInformationServices.2003.SMTPServer | ||
| Category | EventCollection | ||
| Enabled | True | ||
| Event_ID | 412 | ||
| Event Source | SMTPSVC | ||
| Alert Generate | True | ||
| Alert Severity | Warning | ||
| Alert Priority | Normal | ||
| Remotable | True | ||
| Alert Message |
| ||
| Event Log | System | ||
| Comment | Mom2005ID='{F3F3670E-54F9-464C-9390-D84F616ECF32}' |
| ID | Module Type | TypeId | RunAs |
|---|---|---|---|
| DataSource | DataSource | Microsoft.Windows.EventProvider | Default |
| GenerateAlert | WriteAction | System.Health.GenerateAlert | Default |
Home
<Rule ID="Security__User_failed_to_log_on__1_7_Rule" Comment="Mom2005ID='{F3F3670E-54F9-464C-9390-D84F616ECF32}'" Enabled="onEssentialMonitoring" Target="Microsoft.Windows.InternetInformationServices.2003.SMTPServer" ConfirmDelivery="false" Remotable="true" Priority="Normal" DiscardLevel="100">
<Category>EventCollection</Category>
<DataSources>
<DataSource ID="DataSource" TypeID="Windows!Microsoft.Windows.EventProvider">
<ComputerName>$Target/Host/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/NetworkName$</ComputerName>
<LogName>System</LogName>
<Expression>
<And>
<Expression>
<SimpleExpression>
<ValueExpression>
<XPathQuery>PublisherName</XPathQuery>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value>SMTPSVC</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
<Expression>
<SimpleExpression>
<ValueExpression>
<XPathQuery>EventDisplayNumber</XPathQuery>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value>412</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
</And>
</Expression>
</DataSource>
</DataSources>
<WriteActions>
<WriteAction ID="GenerateAlert" TypeID="SystemHealth!System.Health.GenerateAlert">
<Priority>1</Priority>
<Severity>1</Severity>
<AlertOwner>$Data/PublisherName$</AlertOwner>
<AlertMessageId>$MPElement[Name="Security__User_failed_to_log_on__1_7_Rule.AlertMessage"]$</AlertMessageId>
<AlertParameters>
<AlertParameter1>$Data/EventDescription$</AlertParameter1>
</AlertParameters>
<Suppression>
<SuppressionValue/>
</Suppression>
</WriteAction>
</WriteActions>
</Rule>