itdweeb9999
IS-IT--Management
we have an exchange 2010 server that keeps getting Event ID 1035 in the Application log. The full error is posted below. It appears that this IP is from amsterdam. From what I gather, it seems as though someone is trying to authenticate to my exchange server from the outside. What I'd like to know is, is this fairly normal or does it mean that my receive connector is improperly configured? My "Default" connector has TLS, Basic Authentication and Integrated windows authentication enabled. It also has Anonymous users, Exchange users and server and legacy exchange servers enabled for permission groups.
Inbound authentication failed with error LogonDenied for Receive connector Default <servername>. The authentication mechanism is Ntlm. The source IP address of the client who tried to authenticate to Microsoft Exchange is [37.139.50.146].
Inbound authentication failed with error LogonDenied for Receive connector Default <servername>. The authentication mechanism is Ntlm. The source IP address of the client who tried to authenticate to Microsoft Exchange is [37.139.50.146].