Troubleshooter: Evaluating the Severity of Event ID 1000

We recently upgraded one of our Exchange 2000 Server front-end servers to Exchange Server 2003. After we did so, we began seeing event-log messages for event ID 1000 from the Exprox component. The text of the log messages makes the event sound like a security problem. Should we be worried?

This infamous event first became widely known as the result of a bug in Exchange 2003: If you installed Exchange as a back-end server, then installed Microsoft Windows SharePoint Services under Windows Server 2003, Exchange could no longer use Kerberos authentication and began logging event ID 1000. The event was considered a security problem because the lack of Kerberos authentication, combined with Microsoft IIS's default behavior of reusing HTTP connections, could let a user read another user's email. (My understanding is that Exchange 2003 Service Pack 1—SP1—will fix the bug.) However, you might see the same error because of a perfectly innocuous situation. Exchange 2003 front-end servers try to use Kerberos to talk to Exchange 2000 back-end servers, but because Exchange 2000 doesn't implement Kerberos authentication between front- and back-end servers, the front-end server will log event ID 1000. This situation is most likely the problem in your case, but to be on the safe side, review the Microsoft security bulletin "Exchange 2003 and Outlook Web Access Issue" (

TAGS: Security
Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.