Analyzing authentication logs in IIS

Copper Contributor

Hi there, I am getting these in authentication logs:

 

Exchange.log:24324:2022-10-03 23:04:36 MailServer [IP] POST /owa/auth.owa

&CorrelationID=<empty>;&cafeReqId=XXXXYYY;&LogoffReason=NoCookiesGetOrE14AuthPost&encoding=; 443 user [IP]

Mozilla/5.0+(Macintosh;+Intel+Mac+OS+X+10_15_7)+AppleWebKit/605.1.15+(KHTML,+like+Gecko)+Version/16.1+Safari/605.1.15 302 0 0

 

 

I can't find any documentation around this, but I know

1. CorrelationID=<empty>

2. LogOffReason ( I assume this was an unsuccessful authentication)

3. it's a 302 object moved redirect

 

Can anybody verify if this log entry means an unsuccessful authentication?

0 Replies