SSO Gateway 12.7.2 / Exchange Monitor 12.0 x64 / exchange 2016 server
EM resolves most IPs to [email protected]
any ideas or known issues ?
Event log monitor is likely scraping logs that show that user logging in (If it detects no user, it'll show no user logged in.)
Do you have any processes that are logging in and running updates or anything else?
Since ELM is just reading the last user that logged in via the computer's event logs, it will read whatever user actually appears in those logs.
WatchGuard Customer Support
it is the exchange monitor = EM not the ELM
but , maybe a service running on all PCs with [email protected] as service account is connecting to exchange ?
Exchange is the slowest of the options to update as it can't poll very often. It's effectively scraping the logs of the exchange server to get the user that is currently logged into a mailbox.
I'd suggest opening a support case so that our team can take a look at the logs with you.
ok i found something in the IIS log.
some ews addon app is causing this
some more questions on auth:
-BOVPNs only work via Event Log Monitor -if- SSO across bovpns are turned on.
-PC client software reads the event codes on the PC itself. It gets configuration form the SSO Gateway software. It gets the IP of that from the firewall.
-It will likely not work well if something else is the default gateway, as it uses the gateway to get the location of the SSO Gateway.