Exchange 2000 Cluster generates events 578

Discussion in 'Security Software' started by Julio E. Danoviz, Jul 26, 2004.

  1. Hello, after installing an Exchange 2000 Cluster in an
    existing email organization we've detected a lot of
    security events id 578 on the DCs (more than six per
    second).

    The company is logging Success Audit for Priviledge Use
    based on business reasons... They "need" to maintain this
    policy (if possible...).

    Before installing the cluster the company's security logs
    reached 100 Mb per week, now it's reaching this limit in
    hours.

    1300 mailboxes and public folders were moved from a member
    server to the cluster.

    Is this behaviour normal on an Exchange 2000 cluster ???

    Here's a snapshot of an event:

    Event Type: Success Audit
    Event Source: Security
    Event Category: Privilege Use
    Event ID: 578
    Date: 7/23/2004
    Time: 1:50:07 PM
    User: DOMAIN\NODE02$ - (Active Exchange Node)
    Computer: DC03 - (Domain Controller)
    Description:
    Privileged object operation:
    Object Server: DS
    Object Handle: 3200072916
    Process ID: 308 - (This process is DC's LSASS.exe)
    Primary User Name: DC03$
    Primary Domain: DOMAIN
    Primary Logon ID: (0x0,0x3E7)
    Client User Name: NODE02$
    Client Domain: DOMAIN
    Client Logon ID: (0x0,0x51F52C1)
    Privileges: SeSecurityPrivilege

    Thanks,

    Julio E. Danoviz, MCSA+Messaging MCSE MCT
     
    Julio E. Danoviz, Jul 26, 2004
    #1
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.