Exchange Server - MSExchangeSA locking domain administrator account

  Bharat Suneja [MSFT] replied...

Is the service configured to log on using the administrator account?
Exchange 2003 does not require a service account - it uses LocalSystem by
default.

Exchange Server 2003  -->  Understanding Windows Services Architecture
http://technet.microsoft.com/en-us/library/aa998749(EXCHG.65).aspx
--
Bharat Suneja
Microsoft Corporation
blog: exchangepedia.com/blog

This posting is provided "AS IS" with no warranties, and confers no
rights. Please do not send email directly to this alias. This alias is for
newsgroup purposes only.
------------------------------------------

  boxer replied...

Hi Barat,

(MAD.EXE) Microsoft Exchange System Attendant service is using Logon as
Local system account

Regards

Boxer

  Rich Matheisen [MVP] replied...

So change it to use "Local System account". There is no good reason why
it should be using some other account.
---
Rich Matheisen
MCSE+I, Exchange MVP

  boxer replied...

Hi  Rich,

but it is under "Local System account"

So it is not problem in this

Regards

  Rich Matheisen [MVP] replied...

A logon type of "7" is someone, or something, unlocking the console
after it's been locked by a screensaver.

Not sure why mad.exe would be doing that unless there's something
really wrong. Malware? Virus? Rootkit?
---
Rich Matheisen
MCSE+I, Exchange MVP

  boxer replied...

Look this (this guy has similiar case)

http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/Q_23741341.html

Exchange 2003 AD problem, MAD.exe, after changing admin passwords
Asked by UrsX in Exchange Email Server
Tags: Microsoft, Exchange, 2003 SP2
Hi everyone,
ever since we changed admin passwords (domain users administrator and
exchange admin), we have "strange" behaviour of Exchange. To be precise, it
is since the system-restart after changing the passwords. The problem may
also just be related to something else which took effect after the restart,
but I don't think so.
This is what we've got: every 5 Minutes 2 unsuccessful user logons (Security
event 529) by the domain administrator, Advapi, process 2560. 2560 stands
for MAD.exe.

_______________________________________________________

That's what I am talking about
There is no viruses or similiar threats, we have Sophos antivirus installed
and updated.

Regards

  Rich Matheisen [MVP] replied...

Okay -- so what was their fix for this?
---
Rich Matheisen
MCSE+I, Exchange MVP

  boxer replied...

I can not see the solution because it is not free. You must pay some
dollars, entering credit card number etc . I do not wont to do that because
I do not pay with my credit card over the Internet ...

There is Free trial but you must enter credit card number... (silly them)

Regards

Updates for Exchange 2003 SP2 Exchange Server Exchange Server 2003 SP2. I just ran Microsoft Update. It says that I need the following updates: - Security Update for Exchange Server 2003 SP2 (KB931832) - Non-cluster - Update for Exchange Server 2003 SP2 (KB924334) - Non-cluster

Exchange Server 2003 and Windows Server 2003 x64 Exchange Server Exchange Server 2003 and Windows Server 2003 x64. I ordered Windows Server Standard R2 x64 in

exchange server 2003 sp2 Exchange Server exchange server 2003 sp2 is not getting installed over exchange server 2003 on windows advance server 2003 ? pls

Migrating an 2003 Exchange Server to a New 2003 Exchange Server Exchange Server I would like to know if anyone has a procedure set for migrating an existing

Can I install Exchange Server 2003 on a Terminal Server? Exchange Server Can I install Exchange Server 2003 on a Terminal Server? Customer has a Server 2003 Terminal Server with six clients