How can I find out which computer on my network is logging into Exchange 2016 and at what time

Stillkill

3/10/23, 6:43 PM

Recently, multiple employees have come to me saying that their exchange accounts were breached over the time span of a few days. I have a theory that there is some form of worm on one of the computers within the domain that is periodically sending out spam/phishing links to customers and contractors. I have tried multiple AV scanners on all of the computers but they're all turning up empty.

The main point of this question: I need to find out where a user login is originating so I can begin to fix the problem. How can I find out where a user login originates and at what time that login occurred so that it can be cross-referenced with some rejected spam emails that were returned to us.

Exchange 2016 CU9 v15.1
Windows Server 2016 v1607

200

0 + 0

windows-server-2016

exchange-2016

Ivan_Wang

3/19/23, 1:58 AM

Hi, It's been a while, is there update? If your problem has been fixed, you could mark the best answer or share the solutions to finish this thread.

Score:0

Server

Ivan_Wang

3/11/23, 7:50 AM

You could navigate to the following location which stores the IIS log:

%SystemDrive%\inetpub\logs\LogFiles\W3SVC1

The IIS log includes the access request info(e.g. IP address, username, services, port) from ECP, OWA, ActiveSync, Mapi etc.

The info in the IIS log is like the following:

Maybe the IIS log can help you find the culprit.

Besides, based on your description, the version of your Exchange server is not the latest, you'd better install the latest CU/SU versions of Exchange. Normally the latest CU/SU includes the fixes for nonsecurity issues and all previously released fixes for security and nonsecurity issues: CU22 for Exchange 2016

Recently, there are several vulnerabilities found in Exchange 2013/2016/2019, one of vulnerabilities is related with spoofing:

0 + 0

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: How can I find out which computer on my network is logging into Exchange 2016 and at what time

TH: ฉันจะรู้ได้อย่างไรว่าคอมพิวเตอร์เครื่องใดในเครือข่ายของฉันเข้าสู่ระบบ Exchange 2016 และเวลาใด

RO: Cum pot afla ce computer din rețeaua mea se conectează la Exchange 2016 și la ce oră

RU: Как узнать, какой компьютер в моей сети входит в Exchange 2016 и в какое время

VI: Làm cách nào để biết máy tính nào trên mạng của tôi đang đăng nhập vào Exchange 2016 và vào thời điểm nào

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.