• RSS
  • Twitter
  • FaceBook

Exchange Server Forums

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Exchange auditing logs "Access is denied (5)"

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [Microsoft Exchange 2007] >> Compliance >> Exchange auditing logs "Access is denied (5)" Page: [1]
Login
Message << Older Topic   Newer Topic >>
Exchange auditing logs "Access is denied (5)" - 11.Feb.2013 12:04:13 PM   
RustyShackleford

 

Posts: 226
Joined: 13.Jan.2010
Status: offline
I just enabled auding of mailbox folder access. The log entries are successfully created and I can see them. However, my co-workder cannot. When he tries to access the Exchange auditing log he gets "Event viewer cannot open the event log or custom view. Verify the Event log service is running or query is too long. Access is denied (5)."

We are both domain admins. However, I am an Exchange Org admin and he is not. Bing \ Google provided little help. However, the only useful hit I found did specifically mention being an Exchange Org Admin.

I find it quite surprising that someone must be an Exchange Org Admin to see these specific logs. Our compliance officer will need to see these logs but I cannot give him high level Exchange admin rights.

Is there another way to provide access to Exchange auditing logs?

Thank you
Post #: 1
RE: Exchange auditing logs "Access is denied (5)&q... - 25.Feb.2013 3:45:12 AM   
richardjenson7

 

Posts: 32
Joined: 25.Nov.2012
Status: offline
Hi
It seems to be windows permission problem.
Your user should be in admin group on target server.

take a look at this link

http://social.technet.microsoft.com/Forums/nb-NO/exchangesvradmin/thread/a65eceef-4a1a-4ab4-a2e0-816123bb23b3

< Message edited by zbnet -- 1.Jul.2013 2:06:06 AM >

(in reply to RustyShackleford)
Post #: 2
RE: Exchange auditing logs "Access is denied (5)&q... - 4.Mar.2013 8:09:00 PM   
RustyShackleford

 

Posts: 226
Joined: 13.Jan.2010
Status: offline
Richard,

Thank you for the reply. I checked and my co-workers do have admin rights on the server. They are all domain admin and domain admins have local administrator rights.

Rusty

(in reply to richardjenson7)
Post #: 3
RE: Exchange auditing logs "Access is denied (5)&q... - 5.Mar.2013 12:44:03 PM   
RustyShackleford

 

Posts: 226
Joined: 13.Jan.2010
Status: offline
Found it - finally!

The volume of logged audit events is directly related to the load on a server together with the number of user operations of the audited type occurring at any time. Because the Application log is also a source of diagnostic and troubleshooting data, Access Auditing does not log events to the Application log. In Exchange 2007 Service Pack 3 (SP3), installing the Mailbox server role on a server creates a new event log. This is the Exchange Auditing event log. By default, the Exchange Auditing event log is located under \Exchange Server\Logs\AuditLogs. On a Windows Server 2008-based computer, this event log is located under Applications and Services Logs\Exchange Auditing. The default file location for this log file is %PROGRAMFILES%\Exchange Server\Logging\Auditlogs. The default access control list (ACL) on the Exchange Auditing log allows the following permissions:
Exchange Recipient Administrators: Read and Clear access
Exchange Organization Administrators: Read and Clear access
Exchange Servers: Read and Write access
Local Service All Access
To change the default ACL list, you have to update the CustomSD value in the registry. Update the CustomSD value to include the group or user that you want to access the Exchange Auditing Event Log. The CustomSD value is located under the following registry key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Exchange Auditing

Read these links for more info and important info regarding CustomSD in SDDL format:
http://technet.microsoft.com/en-us/library/ee221156(d=printer,v=exchg.80).aspx
http://ilantz.com/2010/10/26/adding-read-only-permissions-to-exchange-2007-auditing-logs/

(in reply to RustyShackleford)
Post #: 4

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [Microsoft Exchange 2007] >> Compliance >> Exchange auditing logs "Access is denied (5)" Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts


Follow TechGenix on Twitter