I am one of the few on the planet that still hosts my own servers in house. Sorry, but I don’t really see the benefit of moving everything to the cloud when keeping it in house allows me the control and flexibility I want. I especially like having an Exchange OWA server in house.
With that said, hosting your own systems can be troublesome as well. Maintaining the hardware, infrastructure and security are items that would get farmed out in a cloud environment. This post focuses on the security end, or rather attempting to track hack attempts.
In January, I sent up a trigger to alert me every time a user is locked out. -> Know instantly when a user is locked out <- Its a good read if you’re interested. This trigger reads the event logs, looks for the lockout event and sends the info to me via email. A great help in being proactive with my users. It also alerts me to hack attempts. Too many incorrect login attempts on OWA would trigger a lockout event. During a recent weekend, I was receiving lockout emails every 30 minutes. So who was doing this? What did they want?
How to check Exchange OWA IIS logs
Continue reading “Who’s Hacking My Exchange OWA? Check with Log Parser 2.2”
Having a small shop and wearing a lot of hats here in the office tends to create a slew of challenges. Most of the time I have a ton of projects brewing so focusing on one can be difficult at times. My migration to a new Exchange 2016 server will be gradual taking about 2 to 3 weeks to complete. During the initial setup I like to let certain steps “stew” overnight to make sure there are no disruptions. I also like to be sure I have a contingency plan to undo any unforeseen issues.