When running a manual of scheduled scan of mailbox stores the Windows Security log fills with Logon failures.
In Windows Security Event log an entry similar to the following appears:
Log Name: Security
Source: Microsoft-Windows-Security-Auditing
Date: X/XX/20XX XX:XX:XX AM
Event ID: 4625
Task Category: Logon
Level: Information
Keywords: Audit Failure
User: N/A
Computer: Exchangeservername.example.com
Description:
An account failed to log on.
Subject:
Security ID: S-1-5-18
Account Name: Local Exchange Server
Account Domain: Exchange Server Domain
Logon ID: xxxxx
Logon Type: 3
Account For Which Logon Failed:
Security ID: S-1-0-0
Account Name:
Account Domain:
Failure Information:
Failure Reason: Account currently disabled.
Status: 0xc000006e
Sub Status: 0xc0000072
Process Information:
Caller Process ID: 0x810
Caller Process Name: C:\Windows\System32\inetsrv\w3wp.exe
Network Information:
Workstation Name: Exchange Server Name
Source Network Address: Exchange Server IP
Source Port:
Detailed Authentication Information:
Logon Process: Authz
Authentication Package: Kerberos
Transited Services: -
Package Name (NTLM only): -
Key Length: 0
When Symantec Mail Security for Microsoft Exchange (SMSMSE) scans the Exchange Databases, SMSMSE impersonates each user to gain access to their mailbox contents. These events are written to the Security event log when SMSMSE attempts to impersonate a user account that is currently disabled to scan the mailbox associated with that disabled user account.
These events can be safely ignored, they will not impact functionality of the server. To prevent these events from being written to the Security event log: