Powershell auf Exch...
 
Benachrichtigungen
Alles löschen

Powershell auf Exchange

5 Beiträge
2 Benutzer
0 Reactions
3,288 Ansichten
(@kruegeto)
New Member
Beigetreten: Vor 3 Jahren
Beiträge: 3
Themenstarter  

Hallo zusammen,

ich hab da mal ne Frage zum Exchange 2016 CU22 auf dem im hintergrund eine Powershell mit komischem / mir unbekannten Verhalten läuft.

Die Shell verhält sich wie folgt:

Powershell startet als Hintergrundprozess, genehmigt sich ~40-50% CPU, der Arbeitsspeicherverbrauch beginnt bei ca. 20MB und steigert sich auf 100MB bis 150MB.

Der Vorgang dauert um die 10Sekunden, danach schleißt sich die Shell und beginnt nach kurzer Zeit von neuem.

Bei anderen Exchanges (2016 CU21 und 2019 CU11) ist das Verhalten nicht zu beobachten.

 

Jemand eine Ahnung was das sein könnte?

Vielen Dank vorab

 

Grüße TK


   
Zitat
(@kruegeto)
New Member
Beigetreten: Vor 3 Jahren
Beiträge: 3
Themenstarter  

Hallo Zusammen,

habe in den IIS-Logs herausgefunden, dass der Powershell Aufruf mit den HealthMailboxen zu tun hat, Auszug aus dem Log anbei

 

2022-01-04 00:00:00 192.168.0.11 POST /Microsoft-Server-ActiveSync/default.eas User=tKUNDE&DeviceId=H89ETSJKTH2FH1L11HI32UVICO&DeviceType=iPhone&Cmd=Ping&CorrelationID=<empty>;&cafeReqId=2fb702cb-776d-4317-91a0-760773fa224b; 443 DOMAIN-KUNDE.local\tKUNDE 192.168.0.254 Apple-iPhone13C4/1902.81 - 200 0 64 436983
2022-01-04 00:00:00 192.168.0.11 POST /Microsoft-Server-ActiveSync/default.eas User=nlKUNDE&DeviceId=H89ETSJKTH2FH1L11HI32UVICO&DeviceType=iPhone&Cmd=Ping&CorrelationID=<empty>;&cafeReqId=e19b39bf-ad49-40a7-8ad9-e94708e9ba08; 443 DOMAIN-KUNDE.local\nlKUNDE 192.168.0.254 Apple-iPhone13C4/1902.81 - 200 0 64 437010
2022-01-04 00:00:00 192.168.0.11 POST /Microsoft-Server-ActiveSync/default.eas User=cKUNDE&DeviceId=H89ETSJKTH2FH1L11HI32UVICO&DeviceType=iPhone&Cmd=Ping&CorrelationID=<empty>;&cafeReqId=aef824f3-c26a-4236-9ac2-df356b14ea19; 443 DOMAIN-KUNDE.local\cKUNDE 192.168.0.254 Apple-iPhone13C4/1902.81 - 200 0 64 436998
2022-01-04 00:00:10 127.0.0.1 GET /AutoDiscover/ &CorrelationID=<empty>;&cafeReqId=688fa175-c97d-4d3a-a5fd-258e1a458319; 443 DOMAIN-KUNDE\HealthMailbox20bc026 127.0.0.1 AMProbe/Local/ClientAccess - 200 0 0 3
2022-01-04 00:00:13 ::1 GET /Microsoft-Server-ActiveSync/default.eas &CorrelationID=<empty>;&cafeReqId=afb0a729-2321-4384-8d9d-e564619a8be1; 443 HealthMailbox20bc02628fa54ec88b4a52250100983a@DOMAIN-KUNDE.de ::1 AMProbe/Local/ClientAccess - 200 0 0 3
2022-01-04 00:00:13 127.0.0.1 GET /RPC/rpcproxy.dll 32e02c22-9ce9-4421-a670-cd34ca5087d2@DOMAIN-KUNDE.de&CorrelationID=<empty>;&RequestId=b64543f6-5b2e-4c86-9a0f-76ac86e50978&cafeReqId=b64543f6-5b2e-4c86-9a0f-76ac86e50978; 443 DOMAIN-KUNDE\HealthMailbox20bc026 127.0.0.1 AMProbe/Local/ClientAccess - 200 0 0 13
2022-01-04 00:00:14 ::1 POST /mapi/emsmdb/ mailboxId=1d25581d-aed0-495b-88b7-d69ae9121de1@KUNDE-projektentwicklung.de&CorrelationID=<empty>;&ClientRequestInfo=R:8935de32-7c08-4e0d-bae4-e7f673912867:1;RT:Connect;CI:a594f8db-56cf-41a5-9203-41166336680c:1;CID:612f07c0-d36f-4e53-9cec-65fbfd6360bb&cafeReqId=84e3476c-2900-4a88-8f0f-81fde6dda6b2; 443 DOMAIN-KUNDE\HealthMailbox20bc026 ::1 MapiHttpClient - 200 0 0 8
2022-01-04 00:00:14 192.168.0.11 POST /mapi/emsmdb/ mailboxId=1d25581d-aed0-495b-88b7-d69ae9121de1@KUNDE-projektentwicklung.de&CorrelationID=<empty>;&ClientRequestInfo=R:8935de32-7c08-4e0d-bae4-e7f673912867:2;RT:Execute;CI:a594f8db-56cf-41a5-9203-41166336680c:1;CID:3d9c29fc-3321-4fc8-99c7-091a10d98311&cafeReqId=b6713ae7-2330-47a8-b3f5-534a9ccc65e8; 443 DOMAIN-KUNDE\HealthMailbox20bc026 192.168.0.11 MapiHttpClient - 200 0 0 32
2022-01-04 00:00:14 ::1 POST /mapi/emsmdb/ mailboxId=1d25581d-aed0-495b-88b7-d69ae9121de1@KUNDE-projektentwicklung.de&CorrelationID=<empty>;&ClientRequestInfo=R:8935de32-7c08-4e0d-bae4-e7f673912867:3;RT:Disconnect;CI:a594f8db-56cf-41a5-9203-41166336680c:1;CID:8a40df95-da82-4ff7-a6c1-032e8c5c11b3&cafeReqId=0a473f5b-131d-4738-b227-200e8507826a; 443 DOMAIN-KUNDE\HealthMailbox20bc026 ::1 MapiHttpClient - 200 0 0 9
2022-01-04 00:00:19 ::1 POST /OWA/auth.owa &CorrelationID=<empty>;&cafeReqId=f9a5162a-228a-42ca-a3fb-f64678d4d049;&encoding=; 443 HealthMailbox20bc02628fa54ec88b4a52250100983a@DOMAIN-KUNDE.de ::1 AMProbe/Local/ClientAccess - 302 0 0 8
2022-01-04 00:00:19 127.0.0.1 GET /ecp/ReportingWebService/ &CorrelationID=<empty>;&cafeReqId=d3955ba0-5e55-401e-89d9-d3c132a60bbf;&LogoffReason=NoCookiesGetOrE14AuthPost 443 - 127.0.0.1 AMProbe/Local/ClientAccess - 302 0 0 4
2022-01-04 00:00:19 ::1 GET /OAB/ &CorrelationID=<empty>;&cafeReqId=e8e30318-053d-4ded-b7bf-9ccbedaa100c; 443 DOMAIN-KUNDE\HealthMailbox20bc026 ::1 AMProbe/Local/ClientAccess - 200 0 0 10
2022-01-04 00:00:22 ::1 GET /PowerShell/ &CorrelationID=<empty>; 443 - ::1 AMProbe/Local/ClientAccess - 401 111 0 7
2022-01-04 00:00:22 127.0.0.1 GET /PowerShell/ &CorrelationID=<empty>; 443 - 127.0.0.1 AMProbe/Local/ClientAccess - 401 111 0 6
2022-01-04 00:00:22 192.168.0.11 RPC_IN_DATA /rpc/rpcproxy.dll 32e02c22-9ce9-4421-a670-cd34ca5087d2@KUNDE-projektentwicklung.de:6001&CorrelationID=<empty>;&RequestId=02bf00ed-228d-4df8-98c5-fac019ccf394&cafeReqId=02bf00ed-228d-4df8-98c5-fac019ccf394; 443 - 192.168.0.11 MSRPC - 401 1 2148074254 2
2022-01-04 00:00:22 192.168.0.11 RPC_IN_DATA /rpc/rpcproxy.dll 32e02c22-9ce9-4421-a670-cd34ca5087d2@KUNDE-projektentwicklung.de:6001&CorrelationID=<empty>;&RequestId=6e63cdd7-c371-428d-95f9-d79fd939819d&cafeReqId=6e63cdd7-c371-428d-95f9-d79fd939819d; 443 DOMAIN-KUNDE\HealthMailbox20bc026 192.168.0.11 MSRPC - 200 0 0 14
2022-01-04 00:00:22 ::1 RPC_IN_DATA /rpc/rpcproxy.dll 32e02c22-9ce9-4421-a670-cd34ca5087d2@KUNDE-projektentwicklung.de:6001&CorrelationID=<empty>;&RequestId=cef73a1d-7ff8-4242-bf4e-7af27d4815b6&cafeReqId=cef73a1d-7ff8-4242-bf4e-7af27d4815b6; 443 - ::1 MSRPC - 401 1 2148074254 0
2022-01-04 00:00:22 ::1 RPC_OUT_DATA /rpc/rpcproxy.dll 32e02c22-9ce9-4421-a670-cd34ca5087d2@KUNDE-projektentwicklung.de:6001&CorrelationID=<empty>;&RequestId=572fd7d1-ae5c-4a42-9375-5979753d6703&cafeReqId=572fd7d1-ae5c-4a42-9375-5979753d6703; 443 - ::1 MSRPC - 401 1 2148074254 2
2022-01-04 00:00:30 ::1 RPC_OUT_DATA /rpc/rpcproxy.dll 1d25581d-aed0-495b-88b7-d69ae9121de1@KUNDE-projektentwicklung.de:6001&CorrelationID=<empty>;&RequestId=6b79e24b-00af-43a4-872c-6d944bcd4533&cafeReqId=6b79e24b-00af-43a4-872c-6d944bcd4533; 443 DOMAIN-KUNDE\HealthMailbox20bc026 ::1 MSRPC - 200 0 0 70017
2022-01-04 00:00:30 ::1 RPC_IN_DATA /rpc/rpcproxy.dll 1d25581d-aed0-495b-88b7-d69ae9121de1@KUNDE-projektentwicklung.de:6001&CorrelationID=<empty>;&RequestId=66fd41e4-2f71-4d0f-a4fa-a73c683b042d&cafeReqId=66fd41e4-2f71-4d0f-a4fa-a73c683b042d; 443 DOMAIN-KUNDE\HealthMailbox20bc026 ::1 MSRPC - 200 0 64 70030
2022-01-04 00:00:40 ::1 GET /ews/ &CorrelationID=<empty>;&cafeReqId=272e5ca3-b23a-4a45-b9df-c571ebd3702d; 443 DOMAIN-KUNDE\HealthMailbox20bc026 ::1 AMProbe/Local/ClientAccess - 200 0 0 3
2022-01-04 00:00:55 127.0.0.1 GET /mapi/emsmdb mailboxId=32e02c22-9ce9-4421-a670-cd34ca5087d2@DOMAIN-KUNDE.de&CorrelationID=<empty>;&cafeReqId=4cd1d6e6-75a6-4d5f-9d2a-a55412b9a229; 443 DOMAIN-KUNDE\HealthMailbox20bc026 127.0.0.1 AMProbe/Local/ClientAccess - 200 0 0 2
2022-01-04 00:00:57 ::1 GET /ecp/ &CorrelationID=<empty>;&cafeReqId=95985db8-f062-4068-9fbb-0cfb949130e2;&LogoffReason=NoCookiesGetOrE14AuthPost 443 - ::1 AMProbe/Local/ClientAccess - 302 0 0 2
2022-01-04 00:00:57 127.0.0.1 GET /OWA/Calendar/HealthMailbox20bc02628fa54ec88b4a52250100983a@DOMAIN-KUNDE.de/calendar/calendar.html &CorrelationID=<empty>;&cafeReqId=f2b66472-176b-4776-9099-5863ed61c279; 443 - 127.0.0.1 AMProbe/Local/ClientAccess - 200 0 0 9
2022-01-04 00:01:10 ::1 GET /AutoDiscover/ &CorrelationID=<empty>;&cafeReqId=3da67d2a-8143-4c3d-a921-14b5ece1f8fe; 443 DOMAIN-KUNDE\HealthMailbox20bc026 ::1 AMProbe/Local/ClientAccess - 200 0 0 3
2022-01-04 00:01:13 ::1 GET /RPC/rpcproxy.dll 32e02c22-9ce9-4421-a670-cd34ca5087d2@DOMAIN-KUNDE.de&CorrelationID=<empty>;&RequestId=7391ff0d-ff8b-4efb-b71b-dfeea08b715b&cafeReqId=7391ff0d-ff8b-4efb-b71b-dfeea08b715b; 443 DOMAIN-KUNDE\HealthMailbox20bc026 ::1 AMProbe/Local/ClientAccess - 200 0 0 3
2022-01-04 00:01:13 127.0.0.1 GET /Microsoft-Server-ActiveSync/default.eas &CorrelationID=<empty>;&cafeReqId=42131a4a-2f30-43ef-ba3f-7c0085871721; 443 HealthMailbox20bc02628fa54ec88b4a52250100983a@DOMAIN-KUNDE.de 127.0.0.1 AMProbe/Local/ClientAccess - 200 0 0 2
2022-01-04 00:01:19 127.0.0.1 POST /OWA/auth.owa &CorrelationID=<empty>;&cafeReqId=7c532f75-df12-4946-a024-8ff3595c9792;&encoding=; 443 HealthMailbox20bc02628fa54ec88b4a52250100983a@DOMAIN-KUNDE.de 127.0.0.1 AMProbe/Local/ClientAccess - 302 0 0 7
2022-01-04 00:01:19 ::1 GET /ecp/ReportingWebService/ &CorrelationID=<empty>;&cafeReqId=a0212aa2-5bda-4675-8a83-3cda367e2ca0;&LogoffReason=NoCookiesGetOrE14AuthPost 443 - ::1 AMProbe/Local/ClientAccess - 302 0 0 3
2022-01-04 00:01:19 127.0.0.1 GET /OAB/ &CorrelationID=<empty>;&cafeReqId=ee75d1bc-7ad3-453f-8987-70a1d98182f0; 443 DOMAIN-KUNDE\HealthMailbox20bc026 127.0.0.1 AMProbe/Local/ClientAccess - 200 0 0 9
2022-01-04 00:01:22 ::1 GET /PowerShell/ &CorrelationID=<empty>; 443 - ::1 AMProbe/Local/ClientAccess - 401 111 0 10
2022-01-04 00:01:22 127.0.0.1 GET /PowerShell/ &CorrelationID=<empty>; 443 - 127.0.0.1 AMProbe/Local/ClientAccess - 401 111 0 7
2022-01-04 00:01:32 ::1 RPC_OUT_DATA /rpc/rpcproxy.dll 32e02c22-9ce9-4421-a670-cd34ca5087d2@KUNDE-projektentwicklung.de:6001&CorrelationID=<empty>;&RequestId=bdfbc454-1104-4ac2-952d-53cf05faa610&cafeReqId=bdfbc454-1104-4ac2-952d-53cf05faa610; 443 DOMAIN-KUNDE\HealthMailbox20bc026 ::1 MSRPC - 200 0 0 70017
2022-01-04 00:01:32 ::1 RPC_IN_DATA /rpc/rpcproxy.dll 32e02c22-9ce9-4421-a670-cd34ca5087d2@KUNDE-projektentwicklung.de:6001&CorrelationID=<empty>;&RequestId=aa50f3ec-5ba8-4348-806f-22e5a882928f&cafeReqId=aa50f3ec-5ba8-4348-806f-22e5a882928f; 443 DOMAIN-KUNDE\HealthMailbox20bc026 ::1 MSRPC - 200 0 64 70025
2022-01-04 00:01:40 ::1 GET /ews/ &CorrelationID=<empty>;&cafeReqId=46cdaf04-2df1-4f07-8983-6910cfc14774; 443 DOMAIN-KUNDE\HealthMailbox20bc026 ::1 AMProbe/Local/ClientAccess - 200 0 0 3
2022-01-04 00:01:56 127.0.0.1 GET /mapi/emsmdb mailboxId=32e02c22-9ce9-4421-a670-cd34ca5087d2@DOMAIN-KUNDE.de&CorrelationID=<empty>;&cafeReqId=a7f395b1-e9b2-4065-9be0-8b35a6bb42ab; 443 DOMAIN-KUNDE\HealthMailbox20bc026 127.0.0.1 AMProbe/Local/ClientAccess - 200 0 0 3
2022-01-04 00:01:57 ::1 GET /ecp/ &CorrelationID=<empty>;&cafeReqId=9f064882-6ae5-48f2-8ddb-c9b22063d17d;&LogoffReason=NoCookiesGetOrE14AuthPost 443 - ::1 AMProbe/Local/ClientAccess - 302 0 0 1
2022-01-04 00:01:57 127.0.0.1 GET /OWA/Calendar/HealthMailbox20bc02628fa54ec88b4a52250100983a@DOMAIN-KUNDE.de/calendar/calendar.html &CorrelationID=<empty>;&cafeReqId=bf18f5d6-b067-4728-913c-2b4f20d5524d; 443 - 127.0.0.1 AMProbe/Local/ClientAccess - 200 0 0 4
2022-01-04 00:02:10 ::1 GET /AutoDiscover/ &CorrelationID=<empty>;&cafeReqId=0b491124-5af8-4869-9e4f-975eacd6fb07; 443 DOMAIN-KUNDE\HealthMailbox20bc026 ::1 AMProbe/Local/ClientAccess - 200 0 0 1
2022-01-04 00:02:13 127.0.0.1 GET /Microsoft-Server-ActiveSync/default.eas &CorrelationID=<empty>;&cafeReqId=c4308a02-ab29-43cc-9f6a-f16623bf01e8; 443 HealthMailbox20bc02628fa54ec88b4a52250100983a@DOMAIN-KUNDE.de 127.0.0.1 AMProbe/Local/ClientAccess - 200 0 0 4
2022-01-04 00:02:13 ::1 GET /RPC/rpcproxy.dll 32e02c22-9ce9-4421-a670-cd34ca5087d2@DOMAIN-KUNDE.de&CorrelationID=<empty>;&RequestId=4c1809ec-e155-4daf-bdc4-3c6207b0e1e0&cafeReqId=4c1809ec-e155-4daf-bdc4-3c6207b0e1e0; 443 DOMAIN-KUNDE\HealthMailbox20bc026 ::1 AMProbe/Local/ClientAccess - 200 0 0 4
2022-01-04 00:02:15 ::1 POST /powershell clientApplication=ActiveMonitor;PSVersion=5.1.14393.4583&CorrelationID=<empty>;&cafeReqId=24c02b16-008f-4e22-aa52-76f9db082097; 80 - ::1 Microsoft+WinRM+Client - 200 0 0 1
2022-01-04 00:02:15 ::1 POST /powershell clientApplication=ActiveMonitor;PSVersion=5.1.14393.4583&CorrelationID=<empty>;&cafeReqId=abc5635d-0667-4567-8480-c51026123a71; 80 DOMAIN-KUNDE\HealthMailbox20bc026 ::1 Microsoft+WinRM+Client - 200 0 0 22
2022-01-04 00:02:15 ::1 POST /powershell clientApplication=ActiveMonitor;PSVersion=5.1.14393.4583&sessionID=Version_15.1_(Build_2374.0)=rJqNiZqNgbqnz83RjIuNkJqdmpPSlpKSkJ2Wk5aakdGTkJyek4HOxsvNz8nMy8zOgc3Pzc3Sz87Sz8urz8/Fzs3Fzso=&CorrelationID=<empty>;&cafeReqId=b8352bc4-0f0e-4a98-bb50-39388af1cee3; 80 - ::1 Microsoft+WinRM+Client - 200 0 0 2
2022-01-04 00:02:15 ::1 POST /powershell clientApplication=ActiveMonitor;PSVersion=5.1.14393.4583&sessionID=Version_15.1_(Build_2374.0)=rJqNiZqNgbqnz83RjIuNkJqdmpPSlpKSkJ2Wk5aakdGTkJyek4HOxsvNz8nMy8zOgc3Pzc3Sz87Sz8urz8/Fzs3Fzso=&CorrelationID=<empty>;&cafeReqId=7e710f69-be05-4156-8779-456391558fc8; 80 DOMAIN-KUNDE\HealthMailbox20bc026 ::1 Microsoft+WinRM+Client - 200 0 0 127
2022-01-04 00:02:15 ::1 POST /powershell clientApplication=ActiveMonitor;PSVersion=5.1.14393.4583&sessionID=Version_15.1_(Build_2374.0)=rJqNiZqNgbqnz83RjIuNkJqdmpPSlpKSkJ2Wk5aakdGTkJyek4HOxsvNz8nMy8zOgc3Pzc3Sz87Sz8urz8/Fzs3Fzsk=&CorrelationID=<empty>;&cafeReqId=5d2091b1-c1d7-42a0-a580-678c80339109; 80 DOMAIN-KUNDE\HealthMailbox20bc026 ::1 Microsoft+WinRM+Client - 200 0 0 15
2022-01-04 00:02:15 ::1 POST /powershell clientApplication=ActiveMonitor;PSVersion=5.1.14393.4583&sessionID=Version_15.1_(Build_2374.0)=rJqNiZqNgbqnz83RjIuNkJqdmpPSlpKSkJ2Wk5aakdGTkJyek4HOxsvNz8nMy8zOgc3Pzc3Sz87Sz8urz8/Fzs3Fzsk=&CorrelationID=<empty>;&cafeReqId=36efd3fe-f124-4c69-a40c-35097dd1affd; 80 DOMAIN-KUNDE\HealthMailbox20bc026 ::1 Microsoft+WinRM+Client - 200 0 0 26
2022-01-04 00:02:15 ::1 POST /powershell clientApplication=ActiveMonitor;PSVersion=5.1.14393.4583&sessionID=Version_15.1_(Build_2374.0)=rJqNiZqNgbqnz83RjIuNkJqdmpPSlpKSkJ2Wk5aakdGTkJyek4HOxsvNz8nMy8zOgc3Pzc3Sz87Sz8urz8/Fzs3Fzsk=&CorrelationID=<empty>;&cafeReqId=6f8feadf-d681-4383-b2bc-81d46ad049c6; 80 - ::1 Microsoft+WinRM+Client - 200 0 0 2
2022-01-04 00:02:15 ::1 POST /powershell clientApplication=ActiveMonitor;PSVersion=5.1.14393.4583&sessionID=Version_15.1_(Build_2374.0)=rJqNiZqNgbqnz83RjIuNkJqdmpPSlpKSkJ2Wk5aakdGTkJyek4HOxsvNz8nMy8zOgc3Pzc3Sz87Sz8urz8/Fzs3Fzsk=&CorrelationID=<empty>;&cafeReqId=378c949a-4648-4df9-9e4c-fe924ec3ad57; 80 DOMAIN-KUNDE\HealthMailbox20bc026 ::1 Microsoft+WinRM+Client - 200 0 0 20
2022-01-04 00:02:15 ::1 POST /powershell clientApplication=ActiveMonitor;PSVersion=5.1.14393.4583&sessionID=Version_15.1_(Build_2374.0)=rJqNiZqNgbqnz83RjIuNkJqdmpPSlpKSkJ2Wk5aakdGTkJyek4HOxsvNz8nMy8zOgc3Pzc3Sz87Sz8urz8/Fzs3Fzsk=&CorrelationID=<empty>;&cafeReqId=36ce8eac-fee1-4f2b-b917-5b6654e8b474; 80 DOMAIN-KUNDE\HealthMailbox20bc026 ::1 Microsoft+WinRM+Client - 200 0 0 8
2022-01-04 00:02:15 ::1 POST /powershell clientApplication=ActiveMonitor;PSVersion=5.1.14393.4583&sessionID=Version_15.1_(Build_2374.0)=rJqNiZqNgbqnz83RjIuNkJqdmpPSlpKSkJ2Wk5aakdGTkJyek4HOxsvNz8nMy8zOgc3Pzc3Sz87Sz8urz8/Fzs3Fzsk=&CorrelationID=<empty>;&cafeReqId=3de75645-82f1-4e46-8522-3c9dce69ba32; 80 DOMAIN-KUNDE\HealthMailbox20bc026 ::1 Microsoft+WinRM+Client - 500 0 64 73
2022-01-04 00:02:15 ::1 POST /powershell clientApplication=ActiveMonitor;PSVersion=5.1.14393.4583&sessionID=Version_15.1_(Build_2374.0)=rJqNiZqNgbqnz83RjIuNkJqdmpPSlpKSkJ2Wk5aakdGTkJyek4HOxsvNz8nMy8zOgc3Pzc3Sz87Sz8urz8/Fzs3Fzsk=&CorrelationID=<empty>;&cafeReqId=d7dac75b-dddc-42eb-b5d6-4e75f02ff916; 80 DOMAIN-KUNDE\HealthMailbox20bc026 ::1 Microsoft+WinRM+Client - 200 0 0 10
2022-01-04 00:02:19 127.0.0.1 GET /ecp/ReportingWebService/ &CorrelationID=<empty>;&cafeReqId=250c6472-5cf9-4061-b030-34d0f8927f2b;&LogoffReason=NoCookiesGetOrE14AuthPost 443 - 127.0.0.1 AMProbe/Local/ClientAccess - 302 0 0 4
2022-01-04 00:02:19 127.0.0.1 POST /OWA/auth.owa &CorrelationID=<empty>;&cafeReqId=162548b1-891f-4259-b0af-9a51921eb92c;&encoding=; 443 HealthMailbox20bc02628fa54ec88b4a52250100983a@DOMAIN-KUNDE.de 127.0.0.1 AMProbe/Local/ClientAccess - 302 0 0 5
2022-01-04 00:02:19 ::1 GET /OAB/ &CorrelationID=<empty>;&cafeReqId=19fb99c7-f495-4999-886b-68bd0a5fabdb; 443 DOMAIN-KUNDE\HealthMailbox20bc026 ::1 AMProbe/Local/ClientAccess - 200 0 0 6
2022-01-04 00:02:20 ::1 RPC_IN_DATA /rpc/rpcproxy.dll 1d25581d-aed0-495b-88b7-d69ae9121de1@KUNDE-projektentwicklung.de:6001&CorrelationID=<empty>;&RequestId=49a0fd9c-e284-4650-977c-5e93fbeb767d&cafeReqId=49a0fd9c-e284-4650-977c-5e93fbeb767d; 443 - ::1 MSRPC - 401 1 2148074254 2
2022-01-04 00:02:20 ::1 RPC_IN_DATA /rpc/rpcproxy.dll 1d25581d-aed0-495b-88b7-d69ae9121de1@KUNDE-projektentwicklung.de:6001&CorrelationID=<empty>;&RequestId=25c16309-5d07-4cc4-a15a-8f90510214ea&cafeReqId=25c16309-5d07-4cc4-a15a-8f90510214ea; 443 DOMAIN-KUNDE\HealthMailbox20bc026 ::1 MSRPC - 200 0 0 16
2022-01-04 00:02:20 192.168.0.11 POST /mapi/emsmdb/ mailboxId=32e02c22-9ce9-4421-a670-cd34ca5087d2@KUNDE-projektentwicklung.de&CorrelationID=<empty>;&ClientRequestInfo=R:f75d79db-9051-48dc-8820-4064e4c1ac9f:1;RT:Connect;CI:a594f8db-56cf-41a5-9203-41166336680c:1;CID:902571ae-9cd7-4ad2-bf73-95ecf2e26784&cafeReqId=2248a865-5c22-4324-9bd9-74c3f9a2fd60; 443 DOMAIN-KUNDE\HealthMailbox20bc026 192.168.0.11 MapiHttpClient - 200 0 0 26
2022-01-04 00:02:20 ::1 RPC_IN_DATA /rpc/rpcproxy.dll 1d25581d-aed0-495b-88b7-d69ae9121de1@KUNDE-projektentwicklung.de:6001&CorrelationID=<empty>;&RequestId=3a54c240-46b6-4972-9a6b-f390ac43578a&cafeReqId=3a54c240-46b6-4972-9a6b-f390ac43578a; 443 - ::1 MSRPC - 401 1 2148074254 0
2022-01-04 00:02:20 ::1 RPC_OUT_DATA /rpc/rpcproxy.dll 1d25581d-aed0-495b-88b7-d69ae9121de1@KUNDE-projektentwicklung.de:6001&CorrelationID=<empty>;&RequestId=c8652446-514a-43e9-90a0-224ceff51514&cafeReqId=c8652446-514a-43e9-90a0-224ceff51514; 443 - ::1 MSRPC - 401 1 2148074254 1
2022-01-04 00:02:20 ::1 POST /mapi/emsmdb/ mailboxId=32e02c22-9ce9-4421-a670-cd34ca5087d2@KUNDE-projektentwicklung.de&CorrelationID=<empty>;&ClientRequestInfo=R:f75d79db-9051-48dc-8820-4064e4c1ac9f:2;RT:Execute;CI:a594f8db-56cf-41a5-9203-41166336680c:1;CID:2eb53d4d-843d-4007-83d2-f825496ef874&cafeReqId=c2fec842-c8fb-41f6-9a24-a57a5f0653aa; 443 DOMAIN-KUNDE\HealthMailbox20bc026 ::1 MapiHttpClient - 200 0 0 11
2022-01-04 00:02:20 192.168.0.11 POST /mapi/emsmdb/ mailboxId=32e02c22-9ce9-4421-a670-cd34ca5087d2@KUNDE-projektentwicklung.de&CorrelationID=<empty>;&ClientRequestInfo=R:f75d79db-9051-48dc-8820-4064e4c1ac9f:3;RT:Disconnect;CI:a594f8db-56cf-41a5-9203-41166336680c:1;CID:359fb34a-8ded-4bda-b7c7-6031c4baa3e3&cafeReqId=3f14e097-f202-4563-ab22-5700b80307a3; 443 DOMAIN-KUNDE\HealthMailbox20bc026 192.168.0.11 MapiHttpClient - 200 0 0 7
2022-01-04 00:02:22 ::1 GET /PowerShell/ &CorrelationID=<empty>; 443 - ::1 AMProbe/Local/ClientAccess - 401 111 0 7
2022-01-04 00:02:22 127.0.0.1 GET /PowerShell/ &CorrelationID=<empty>; 443 - 127.0.0.1 AMProbe/Local/ClientAccess - 401 111 0 6
2022-01-04 00:02:40 ::1 GET /ews/ &CorrelationID=<empty>;&cafeReqId=c985c042-32d2-425e-800c-21ccc68c4b51; 443 DOMAIN-KUNDE\HealthMailbox20bc026 ::1 AMProbe/Local/ClientAccess - 200 0 0 2
2022-01-04 00:02:56 127.0.0.1 GET /mapi/emsmdb mailboxId=32e02c22-9ce9-4421-a670-cd34ca5087d2@DOMAIN-KUNDE.de&CorrelationID=<empty>;&cafeReqId=7ef77970-bd75-4b67-9de6-d5081916fde6; 443 DOMAIN-KUNDE\HealthMailbox20bc026 127.0.0.1 AMProbe/Local/ClientAccess - 200 0 0 4
2022-01-04 00:02:57 ::1 GET /ecp/ &CorrelationID=<empty>;&cafeReqId=c6eac512-c679-47cb-b0ea-fd93f15e71fc;&LogoffReason=NoCookiesGetOrE14AuthPost 443 - ::1 AMProbe/Local/ClientAccess - 302 0 0 1
2022-01-04 00:02:57 127.0.0.1 GET /OWA/Calendar/HealthMailbox20bc02628fa54ec88b4a52250100983a@DOMAIN-KUNDE.de/calendar/calendar.html &CorrelationID=<empty>;&cafeReqId=96e2b090-4a3d-4869-86eb-c9dc15c2c6ee; 443 - 127.0.0.1 AMProbe/Local/ClientAccess - 200 0 0 3
2022-01-04 00:03:05 ::1 POST /Microsoft-Server-ActiveSync/default.eas Cmd=Settings&User=HealthMailbox20bc02628fa54ec88b4a52250100983a@DOMAIN-KUNDE.de&DeviceId=EASProbeDeviceId141&DeviceType=EASProbeDeviceType&CorrelationID=<empty>;&cafeReqId=b134ece9-93e5-44df-9f23-b255a508acb8; 443 HealthMailbox20bc02628fa54ec88b4a52250100983a@DOMAIN-KUNDE.de ::1 TestActiveSyncConnectivity - 200 0 0 27
2022-01-04 00:03:10 127.0.0.1 GET /AutoDiscover/ &CorrelationID=<empty>;&cafeReqId=7d32f0d0-1143-4988-970d-5c813734b76a; 443 DOMAIN-KUNDE\HealthMailbox20bc026 127.0.0.1 AMProbe/Local/ClientAccess - 200 0 0 2
2022-01-04 00:03:13 127.0.0.1 GET /RPC/rpcproxy.dll 32e02c22-9ce9-4421-a670-cd34ca5087d2@DOMAIN-KUNDE.de&CorrelationID=<empty>;&RequestId=e6e2666d-d749-40f9-9fa6-6d0d27726335&cafeReqId=e6e2666d-d749-40f9-9fa6-6d0d27726335; 443 DOMAIN-KUNDE\HealthMailbox20bc026 127.0.0.1 AMProbe/Local/ClientAccess - 200 0 0 3
2022-01-04 00:03:13 ::1 GET /Microsoft-Server-ActiveSync/default.eas &CorrelationID=<empty>;&cafeReqId=bb20285f-77e2-46b1-b232-05784e23b241; 443 HealthMailbox20bc02628fa54ec88b4a52250100983a@DOMAIN-KUNDE.de ::1 AMProbe/Local/ClientAccess - 200 0 0 2
2022-01-04 00:03:14 ::1 POST /mapi/emsmdb/ mailboxId=1d25581d-aed0-495b-88b7-d69ae9121de1@KUNDE-projektentwicklung.de&CorrelationID=<empty>;&ClientRequestInfo=R:f03c4364-7573-4b36-b35e-0a6c2f2d03e8:1;RT:Connect;CI:a594f8db-56cf-41a5-9203-41166336680c:1;CID:73478b1d-1f66-4f1b-9bf1-d83aaec8a798&cafeReqId=5e5892a4-96fb-4085-aae9-d4e0db19113f; 443 DOMAIN-KUNDE\HealthMailbox20bc026 ::1 MapiHttpClient - 200 0 0 10
2022-01-04 00:03:14 192.168.0.11 POST /mapi/emsmdb/ mailboxId=1d25581d-aed0-495b-88b7-d69ae9121de1@KUNDE-projektentwicklung.de&CorrelationID=<empty>;&ClientRequestInfo=R:f03c4364-7573-4b36-b35e-0a6c2f2d03e8:2;RT:Execute;CI:a594f8db-56cf-41a5-9203-41166336680c:1;CID:c95ac51e-a6d9-42de-9a9c-7770e6aae204&cafeReqId=48c3d680-8832-4a2c-9502-31856d7b708e; 443 DOMAIN-KUNDE\HealthMailbox20bc026 192.168.0.11 MapiHttpClient - 200 0 0 15
2022-01-04 00:03:14 ::1 POST /mapi/emsmdb/ mailboxId=1d25581d-aed0-495b-88b7-d69ae9121de1@KUNDE-projektentwicklung.de&CorrelationID=<empty>;&ClientRequestInfo=R:f03c4364-7573-4b36-b35e-0a6c2f2d03e8:3;RT:Disconnect;CI:a594f8db-56cf-41a5-9203-41166336680c:1;CID:f124d06f-7857-40ea-a3c2-46e7973dd819&cafeReqId=8789e29a-e0ae-4ec2-805d-e05258349097; 443 DOMAIN-KUNDE\HealthMailbox20bc026 ::1 MapiHttpClient - 200 0 0 6
2022-01-04 00:03:19 ::1 GET /ecp/ReportingWebService/ &CorrelationID=<empty>;&cafeReqId=a1ab9e19-8be7-4877-b974-d7131f34bd13;&LogoffReason=NoCookiesGetOrE14AuthPost 443 - ::1 AMProbe/Local/ClientAccess - 302 0 0 5
2022-01-04 00:03:19 127.0.0.1 GET /OAB/ &CorrelationID=<empty>;&cafeReqId=4cee9a10-2bf7-492f-87b6-855e88b6e35e; 443 DOMAIN-KUNDE\HealthMailbox20bc026 127.0.0.1 AMProbe/Local/ClientAccess - 200 0 0 9
2022-01-04 00:03:19 ::1 POST /OWA/auth.owa &CorrelationID=<empty>;&cafeReqId=2a59c67d-ab4a-4073-b045-708683e0d514;&encoding=; 443 HealthMailbox20bc02628fa54ec88b4a52250100983a@DOMAIN-KUNDE.de ::1 AMProbe/Local/ClientAccess - 302 0 0 44
2022-01-04 00:03:22 127.0.0.1 GET /PowerShell/ &CorrelationID=<empty>; 443 - 127.0.0.1 AMProbe/Local/ClientAccess - 401 111 0 7
2022-01-04 00:03:22 ::1 GET /PowerShell/ &CorrelationID=<empty>; 443 - ::1 AMProbe/Local/ClientAccess - 401 111 0 6
2022-01-04 00:03:22 192.168.0.11 RPC_IN_DATA /rpc/rpcproxy.dll 32e02c22-9ce9-4421-a670-cd34ca5087d2@KUNDE-projektentwicklung.de:6001&CorrelationID=<empty>;&RequestId=57e9ac40-66ee-42e7-b62f-e75933700a38&cafeReqId=57e9ac40-66ee-42e7-b62f-e75933700a38; 443 - 192.168.0.11 MSRPC - 401 1 2148074254 2
2022-01-04 00:03:22 192.168.0.11 RPC_IN_DATA /rpc/rpcproxy.dll 32e02c22-9ce9-4421-a670-cd34ca5087d2@KUNDE-projektentwicklung.de:6001&CorrelationID=<empty>;&RequestId=5fa723aa-4eea-4b71-82f5-5f31a843cc47&cafeReqId=5fa723aa-4eea-4b71-82f5-5f31a843cc47; 443 DOMAIN-KUNDE\HealthMailbox20bc026 192.168.0.11 MSRPC - 200 0 0 16
2022-01-04 00:03:22 ::1 RPC_IN_DATA /rpc/rpcproxy.dll 32e02c22-9ce9-4421-a670-cd34ca5087d2@KUNDE-projektentwicklung.de:6001&CorrelationID=<empty>;&RequestId=cbb824c8-7eaf-4bd1-9f83-14f083dde6e5&cafeReqId=cbb824c8-7eaf-4bd1-9f83-14f083dde6e5; 443 - ::1 MSRPC - 401 1 2148074254 1
2022-01-04 00:03:22 ::1 RPC_OUT_DATA /rpc/rpcproxy.dll 32e02c22-9ce9-4421-a670-cd34ca5087d2@KUNDE-projektentwicklung.de:6001&CorrelationID=<empty>;&RequestId=a238a32f-395f-4f8b-aa38-4c907f7531c2&cafeReqId=a238a32f-395f-4f8b-aa38-4c907f7531c2; 443 - ::1 MSRPC - 401 1 2148074254 2
2022-01-04 00:03:30 ::1 RPC_OUT_DATA /rpc/rpcproxy.dll 1d25581d-aed0-495b-88b7-d69ae9121de1@KUNDE-projektentwicklung.de:6001&CorrelationID=<empty>;&RequestId=39c43fa1-7f9e-42d1-bd0f-2e72f9052cf7&cafeReqId=39c43fa1-7f9e-42d1-bd0f-2e72f9052cf7; 443 DOMAIN-KUNDE\HealthMailbox20bc026 ::1 MSRPC - 200 0 0 70020
2022-01-04 00:03:30 ::1 RPC_IN_DATA /rpc/rpcproxy.dll 1d25581d-aed0-495b-88b7-d69ae9121de1@KUNDE-projektentwicklung.de:6001&CorrelationID=<empty>;&RequestId=0ba05e86-f0f5-42d7-b07b-44db01788e15&cafeReqId=0ba05e86-f0f5-42d7-b07b-44db01788e15; 443 DOMAIN-KUNDE\HealthMailbox20bc026 ::1 MSRPC - 200 0 64 70029
2022-01-04 00:03:41 127.0.0.1 GET /ews/ &CorrelationID=<empty>;&cafeReqId=9cbaa40a-3be5-43f9-be88-1aa96e799924; 443 DOMAIN-KUNDE\HealthMailbox20bc026 127.0.0.1 AMProbe/Local/ClientAccess - 200 0 0 2
2022-01-04 00:03:56 ::1 GET /mapi/emsmdb mailboxId=32e02c22-9ce9-4421-a670-cd34ca5087d2@DOMAIN-KUNDE.de&CorrelationID=<empty>;&cafeReqId=23744bbc-2f31-4733-815d-1fac1c71390f; 443 DOMAIN-KUNDE\HealthMailbox20bc026 ::1 AMProbe/Local/ClientAccess - 200 0 0 2
2022-01-04 00:03:57 127.0.0.1 GET /ecp/ &CorrelationID=<empty>;&cafeReqId=ad0c3499-e439-4362-b975-af46a0508bf8;&LogoffReason=NoCookiesGetOrE14AuthPost 443 - 127.0.0.1 AMProbe/Local/ClientAccess - 302 0 0 2
2022-01-04 00:03:57 ::1 GET /OWA/Calendar/HealthMailbox20bc02628fa54ec88b4a52250100983a@DOMAIN-KUNDE.de/calendar/calendar.html &CorrelationID=<empty>;&cafeReqId=a39bd9f1-66d9-4918-966a-35a81341b9a6; 443 - ::1 AMProbe/Local/ClientAccess - 200 0 0 7
2022-01-04 00:04:10 127.0.0.1 GET /AutoDiscover/ &CorrelationID=<empty>;&cafeReqId=4facb0e3-6727-4d12-96c6-6f31d297d99d; 443 DOMAIN-KUNDE\HealthMailbox20bc026 127.0.0.1 AMProbe/Local/ClientAccess - 200 0 0 3
2022-01-04 00:04:13 127.0.0.1 GET /RPC/rpcproxy.dll 32e02c22-9ce9-4421-a670-cd34ca5087d2@DOMAIN-KUNDE.de&CorrelationID=<empty>;&RequestId=6181703e-8f8b-422e-942e-bfac4d58d9b0&cafeReqId=6181703e-8f8b-422e-942e-bfac4d58d9b0; 443 DOMAIN-KUNDE\HealthMailbox20bc026 127.0.0.1 AMProbe/Local/ClientAccess - 200 0 0 4
2022-01-04 00:04:13 ::1 GET /Microsoft-Server-ActiveSync/default.eas &CorrelationID=<empty>;&cafeReqId=286fe17e-b067-4aa0-9b2c-fa26f1ecd18f; 443 HealthMailbox20bc02628fa54ec88b4a52250100983a@DOMAIN-KUNDE.de ::1 AMProbe/Local/ClientAccess - 200 0 0 2
2022-01-04 00:04:19 ::1 POST /OWA/auth.owa &CorrelationID=<empty>;&cafeReqId=11885120-ed8b-4afd-9a1e-18af323cdbbb;&encoding=; 443 HealthMailbox20bc02628fa54ec88b4a52250100983a@DOMAIN-KUNDE.de ::1 AMProbe/Local/ClientAccess - 302 0 0 4
2022-01-04 00:04:19 127.0.0.1 GET /ecp/ReportingWebService/ &CorrelationID=<empty>;&cafeReqId=d7aea6b1-d060-4faf-9e59-f9ce58c53c5f;&LogoffReason=NoCookiesGetOrE14AuthPost 443 - 127.0.0.1 AMProbe/Local/ClientAccess - 302 0 0 1
2022-01-04 00:04:19 ::1 GET /OAB/ &CorrelationID=<empty>;&cafeReqId=c058f488-69a7-4b8d-afdf-b2f8eefe56bb; 443 DOMAIN-KUNDE\HealthMailbox20bc026 ::1 AMProbe/Local/ClientAccess - 200 0 0 8
2022-01-04 00:04:22 ::1 GET /PowerShell/ &CorrelationID=<empty>; 443 - ::1 AMProbe/Local/ClientAccess - 401 111 0 17
2022-01-04 00:04:22 127.0.0.1 GET /PowerShell/ &CorrelationID=<empty>; 443 - 127.0.0.1 AMProbe/Local/ClientAccess - 401 111 0 8
2022-01-04 00:04:41 ::1 GET /ews/ &CorrelationID=<empty>;&cafeReqId=1fcabddc-9d79-4697-8702-3ea7d897f934; 443 DOMAIN-KUNDE\HealthMailbox20bc026 ::1 AMProbe/Local/ClientAccess - 200 0 0 3
2022-01-04 00:04:56 127.0.0.1 GET /mapi/emsmdb mailboxId=32e02c22-9ce9-4421-a670-cd34ca5087d2@DOMAIN-KUNDE.de&CorrelationID=<empty>;&cafeReqId=970f8110-492b-4b18-8d41-ff69f90c5f87; 443 DOMAIN-KUNDE\HealthMailbox20bc026 127.0.0.1 AMProbe/Local/ClientAccess - 200 0 0 3
2022-01-04 00:04:57 ::1 GET /ecp/ &CorrelationID=<empty>;&cafeReqId=b81b6b6f-62a5-48f9-b831-715bfcaa0bb9;&LogoffReason=NoCookiesGetOrE14AuthPost 443 - ::1 AMProbe/Local/ClientAccess - 302 0 0 2
2022-01-04 00:04:57 127.0.0.1 GET /OWA/Calendar/HealthMailbox20bc02628fa54ec88b4a52250100983a@DOMAIN-KUNDE.de/calendar/calendar.html &CorrelationID=<empty>;&cafeReqId=0def0b67-8d9d-4622-9dd5-a11ddf5732ba; 443 - 127.0.0.1 AMProbe/Local/ClientAccess - 200 0 0 10
2022-01-04 00:05:10 ::1 GET /AutoDiscover/ &CorrelationID=<empty>;&cafeReqId=fbb9d7f4-da80-43aa-9724-2bf9e7e9884f; 443 DOMAIN-KUNDE\HealthMailbox20bc026 ::1 AMProbe/Local/ClientAccess - 200 0 0 2
2022-01-04 00:05:13 127.0.0.1 GET /Microsoft-Server-ActiveSync/default.eas &CorrelationID=<empty>;&cafeReqId=03c6296e-5351-4653-9d63-b191f348d340; 443 HealthMailbox20bc02628fa54ec88b4a52250100983a@DOMAIN-KUNDE.de 127.0.0.1 AMProbe/Local/ClientAccess - 200 0 0 3
2022-01-04 00:05:13 ::1 GET /RPC/rpcproxy.dll 32e02c22-9ce9-4421-a670-cd34ca5087d2@DOMAIN-KUNDE.de&CorrelationID=<empty>;&RequestId=4a3a754b-6dd2-45cd-852b-b330df1a016f&cafeReqId=4a3a754b-6dd2-45cd-852b-b330df1a016f; 443 DOMAIN-KUNDE\HealthMailbox20bc026 ::1 AMProbe/Local/ClientAccess - 200 0 0 3
2022-01-04 00:05:19 127.0.0.1 POST /OWA/auth.owa &CorrelationID=<empty>;&cafeReqId=6f1b45a7-2861-4b4d-8c85-3a9c4ed9708b;&encoding=; 443 HealthMailbox20bc02628fa54ec88b4a52250100983a@DOMAIN-KUNDE.de 127.0.0.1 AMProbe/Local/ClientAccess - 302 0 0 4
2022-01-04 00:05:19 127.0.0.1 GET /ecp/ReportingWebService/ &CorrelationID=<empty>;&cafeReqId=52189443-a4fc-420f-a8d4-6b7328f90559;&LogoffReason=NoCookiesGetOrE14AuthPost 443 - 127.0.0.1 AMProbe/Local/ClientAccess - 302 0 0 2
2022-01-04 00:05:19 ::1 GET /OAB/ &CorrelationID=<empty>;&cafeReqId=b3aa0281-b9eb-4511-8786-d72acf5cdb1e; 443 DOMAIN-KUNDE\HealthMailbox20bc026 ::1 AMProbe/Local/ClientAccess - 200 0 0 11
2022-01-04 00:05:20 ::1 RPC_IN_DATA /rpc/rpcproxy.dll 1d25581d-aed0-495b-88b7-d69ae9121de1@KUNDE-projektentwicklung.de:6001&CorrelationID=<empty>;&RequestId=c6bb8d63-b66b-4b81-ad7c-67c5d5442a4d&cafeReqId=c6bb8d63-b66b-4b81-ad7c-67c5d5442a4d; 443 - ::1 MSRPC - 401 1 2148074254 2
2022-01-04 00:05:20 192.168.0.11 POST /mapi/emsmdb/ mailboxId=32e02c22-9ce9-4421-a670-cd34ca5087d2@KUNDE-projektentwicklung.de&CorrelationID=<empty>;&ClientRequestInfo=R:511b3201-a863-493c-bb14-043ca5be14aa:1;RT:Connect;CI:a594f8db-56cf-41a5-9203-41166336680c:1;CID:77621f5f-b679-43f7-887e-2729ac754c41&cafeReqId=56d6a7a6-ee13-4453-abf9-cfb93250dd9b; 443 DOMAIN-KUNDE\HealthMailbox20bc026 192.168.0.11 MapiHttpClient - 200 0 0 21
2022-01-04 00:05:20 ::1 RPC_IN_DATA /rpc/rpcproxy.dll 1d25581d-aed0-495b-88b7-d69ae9121de1@KUNDE-projektentwicklung.de:6001&CorrelationID=<empty>;&RequestId=b6443a7f-1b18-4860-adff-a8651459be87&cafeReqId=b6443a7f-1b18-4860-adff-a8651459be87; 443 DOMAIN-KUNDE\HealthMailbox20bc026 ::1 MSRPC - 200 0 0 18
2022-01-04 00:05:20 ::1 RPC_IN_DATA /rpc/rpcproxy.dll 1d25581d-aed0-495b-88b7-d69ae9121de1@KUNDE-projektentwicklung.de:6001&CorrelationID=<empty>;&RequestId=cf3e4e69-1665-4049-9a90-5383bc971cdf&cafeReqId=cf3e4e69-1665-4049-9a90-5383bc971cdf; 443 - ::1 MSRPC - 401 1 2148074254 2
2022-01-04 00:05:20 ::1 POST /mapi/emsmdb/ mailboxId=32e02c22-9ce9-4421-a670-cd34ca5087d2@KUNDE-projektentwicklung.de&CorrelationID=<empty>;&ClientRequestInfo=R:511b3201-a863-493c-bb14-043ca5be14aa:2;RT:Execute;CI:a594f8db-56cf-41a5-9203-41166336680c:1;CID:d44b94b0-1b37-4e4b-92c8-241261004bf5&cafeReqId=8189df5f-e39c-48dc-86df-331c74a4e582; 443 DOMAIN-KUNDE\HealthMailbox20bc026 ::1 MapiHttpClient - 200 0 0 13
2022-01-04 00:05:20 ::1 RPC_OUT_DATA /rpc/rpcproxy.dll 1d25581d-aed0-495b-88b7-d69ae9121de1@KUNDE-projektentwicklung.de:6001&CorrelationID=<empty>;&RequestId=0b23efbc-6603-493c-9684-2560eb09e4ad&cafeReqId=0b23efbc-6603-493c-9684-2560eb09e4ad; 443 - ::1 MSRPC - 401 1 2148074254 0
2022-01-04 00:05:20 192.168.0.11 POST /mapi/emsmdb/ mailboxId=32e02c22-9ce9-4421-a670-cd34ca5087d2@KUNDE-projektentwicklung.de&CorrelationID=<empty>;&ClientRequestInfo=R:511b3201-a863-493c-bb14-043ca5be14aa:3;RT:Disconnect;CI:a594f8db-56cf-41a5-9203-41166336680c:1;CID:14633a47-578d-493f-8f61-0875141f5236&cafeReqId=8e6102cc-fd90-4918-a194-e1233ef8a329; 443 DOMAIN-KUNDE\HealthMailbox20bc026 192.168.0.11 MapiHttpClient - 200 0 0 10
2022-01-04 00:05:22 ::1 GET /PowerShell/ &CorrelationID=<empty>; 443 - ::1 AMProbe/Local/ClientAccess - 401 111 0 6
2022-01-04 00:05:22 127.0.0.1 GET /PowerShell/ &CorrelationID=<empty>; 443 - 127.0.0.1 AMProbe/Local/ClientAccess - 401 111 0 9
2022-01-04 00:05:41 ::1 GET /ews/ &CorrelationID=<empty>;&cafeReqId=103c81b2-0dd8-4a9b-9026-f95f95598a53; 443 DOMAIN-KUNDE\HealthMailbox20bc026 ::1 AMProbe/Local/ClientAccess - 200 0 0 2
2022-01-04 00:05:47 192.168.0.11 POST /Microsoft-Server-ActiveSync/default.eas User=hausmeister&DeviceId=D1CUMP2LTH44980VGDUML7MVN4&DeviceType=iPhone&Cmd=Ping&CorrelationID=<empty>;&cafeReqId=d1f0ca00-f840-4909-9216-43e1687d160e; 443 DOMAIN-KUNDE.local\hausmeister 192.168.0.254 Apple-iPhone11C8/1903.56 - 200 0 64 1004070
2022-01-04 00:05:56 127.0.0.1 GET /mapi/emsmdb mailboxId=32e02c22-9ce9-4421-a670-cd34ca5087d2@DOMAIN-KUNDE.de&CorrelationID=<empty>;&cafeReqId=f24a07a9-ab69-41f9-81da-8d23dabf5cae; 443 DOMAIN-KUNDE\HealthMailbox20bc026 127.0.0.1 AMProbe/Local/ClientAccess - 200 0 0 3
2022-01-04 00:05:56 ::1 RPC_IN_DATA /rpc/rpcproxy.dll 32e02c22-9ce9-4421-a670-cd34ca5087d2@KUNDE-projektentwicklung.de:6001&CorrelationID=<empty>;&RequestId=86c0802b-8c7c-4e5e-9317-45332b514887&cafeReqId=86c0802b-8c7c-4e5e-9317-45332b514887; 443 DOMAIN-KUNDE\HealthMailbox20bc026 ::1 MSRPC - 200 0 64 153757
2022-01-04 00:05:56 ::1 RPC_OUT_DATA /rpc/rpcproxy.dll 32e02c22-9ce9-4421-a670-cd34ca5087d2@KUNDE-projektentwicklung.de:6001&CorrelationID=<empty>;&RequestId=ec139f92-b47e-46fa-8dc0-28bf78892e51&cafeReqId=ec139f92-b47e-46fa-8dc0-28bf78892e51; 443 DOMAIN-KUNDE\HealthMailbox20bc026 ::1 MSRPC - 200 0 64 153750
2022-01-04 00:05:57 ::1 GET /ecp/ &CorrelationID=<empty>;&cafeReqId=c38109fa-bfd3-4896-a5fa-ee0dbaa81c74;&LogoffReason=NoCookiesGetOrE14AuthPost 443 - ::1 AMProbe/Local/ClientAccess - 302 0 0 2
2022-01-04 00:05:57 127.0.0.1 GET /OWA/Calendar/HealthMailbox20bc02628fa54ec88b4a52250100983a@DOMAIN-KUNDE.de/calendar/calendar.html &CorrelationID=<empty>;&cafeReqId=5783ee2d-b84f-434d-b396-c8d694705666; 443 - 127.0.0.1 AMProbe/Local/ClientAccess - 200 0 0 5
2022-01-04 00:06:10 ::1 GET /AutoDiscover/ &CorrelationID=<empty>;&cafeReqId=87ca3269-0f97-4446-9e6b-d68a937f7c36; 443 DOMAIN-KUNDE\HealthMailbox20bc026 ::1 AMProbe/Local/ClientAccess - 200 0 0 9
2022-01-04 00:06:13 ::1 GET /RPC/rpcproxy.dll 32e02c22-9ce9-4421-a670-cd34ca5087d2@DOMAIN-KUNDE.de&CorrelationID=<empty>;&RequestId=7acea74e-18c3-4095-8b93-bf558523d39e&cafeReqId=7acea74e-18c3-4095-8b93-bf558523d39e; 443 DOMAIN-KUNDE\HealthMailbox20bc026 ::1 AMProbe/Local/ClientAccess - 200 0 0 3
2022-01-04 00:06:13 127.0.0.1 GET /Microsoft-Server-ActiveSync/default.eas &CorrelationID=<empty>;&cafeReqId=30e07304-b283-411b-87bc-67cb1a7bfe18; 443 HealthMailbox20bc02628fa54ec88b4a52250100983a@DOMAIN-KUNDE.de 127.0.0.1 AMProbe/Local/ClientAccess - 200 0 0 2
2022-01-04 00:06:14 ::1 POST /mapi/emsmdb/ mailboxId=1d25581d-aed0-495b-88b7-d69ae9121de1@KUNDE-projektentwicklung.de&CorrelationID=<empty>;&ClientRequestInfo=R:30250e46-a31e-4d2a-866c-8af6244102b0:1;RT:Connect;CI:a594f8db-56cf-41a5-9203-41166336680c:1;CID:2f39e220-c9bf-4d9c-9608-32195d61769e&cafeReqId=2986cee7-af3f-4dc0-83b8-620841a7ba8f; 443 DOMAIN-KUNDE\HealthMailbox20bc026 ::1 MapiHttpClient - 200 0 0 8
2022-01-04 00:06:14 192.168.0.11 POST /mapi/emsmdb/ mailboxId=1d25581d-aed0-495b-88b7-d69ae9121de1@KUNDE-projektentwicklung.de&CorrelationID=<empty>;&ClientRequestInfo=R:30250e46-a31e-4d2a-866c-8af6244102b0:2;RT:Execute;CI:a594f8db-56cf-41a5-9203-41166336680c:1;CID:65c18cce-9f02-489c-a189-7581fa9e6a0a&cafeReqId=7882c8c3-2b2e-4779-810b-7a168b1e7f2e; 443 DOMAIN-KUNDE\HealthMailbox20bc026 192.168.0.11 MapiHttpClient - 200 0 0 21
2022-01-04 00:06:14 ::1 POST /mapi/emsmdb/ mailboxId=1d25581d-aed0-495b-88b7-d69ae9121de1@KUNDE-projektentwicklung.de&CorrelationID=<empty>;&ClientRequestInfo=R:30250e46-a31e-4d2a-866c-8af6244102b0:3;RT:Disconnect;CI:a594f8db-56cf-41a5-9203-41166336680c:1;CID:d173acf0-d8c9-4eec-80fb-3e8b2662278c&cafeReqId=4e851b4e-f9a4-474c-84d1-4b997b494ac4; 443 DOMAIN-KUNDE\HealthMailbox20bc026 ::1 MapiHttpClient - 200 0 0 7
2022-01-04 00:06:19 127.0.0.1 POST /OWA/auth.owa &CorrelationID=<empty>;&cafeReqId=7923206a-d4b6-4cac-af20-c5d06d89eaf5;&encoding=; 443 HealthMailbox20bc02628fa54ec88b4a52250100983a@DOMAIN-KUNDE.de 127.0.0.1 AMProbe/Local/ClientAccess - 302 0 0 2
2022-01-04 00:06:19 127.0.0.1 GET /ecp/ReportingWebService/ &CorrelationID=<empty>;&cafeReqId=04aca6a6-daad-4b46-8fa6-a6afef49ae77;&LogoffReason=NoCookiesGetOrE14AuthPost 443 - 127.0.0.1 AMProbe/Local/ClientAccess - 302 0 0 2
2022-01-04 00:06:19 ::1 GET /OAB/ &CorrelationID=<empty>;&cafeReqId=30928c0e-6c55-4d74-bc9c-b2a5ddca23f1; 443 DOMAIN-KUNDE\HealthMailbox20bc026 ::1 AMProbe/Local/ClientAccess - 200 0 0 5
2022-01-04 00:06:22 ::1 GET /PowerShell/ &CorrelationID=<empty>; 443 - ::1 AMProbe/Local/ClientAccess - 401 111 0 6

 Wie kann man das lösen?

 Danke für eure Vorschläge

Grüße TK

 

 


   
AntwortZitat

(@geloeschter-benutzer)
Reputable Member
Beigetreten: Vor 2 Jahren
Beiträge: 263
 

hi,

führe den Befehl mal aus und schaue, ob alle Mailboxen ohne Warning zurückkommen:

Get-Mailbox -Monitoring

Vielleicht erhält du folgende Warnung(en):

WARNING: The object dspace.de/Microsoft Exchange System Objects/Monitoring Mailboxes/HealthMailboxd<mailboxid> has been corrupted or isn't compatible with Microsoft support
requirements, and it's in an inconsistent state. The following validation errors happened:
WARNING: Database is mandatory on UserMailbox.

Dann kannst du die Mailboxen auch neu erzeugen lassen. Siehe dazu folgender Link:

https://msexchangeguru.com/2015/08/24/health-mailboxes/

 

Gruß,
Ralf


   
AntwortZitat
(@kruegeto)
New Member
Beigetreten: Vor 3 Jahren
Beiträge: 3
Themenstarter  

Hi,

vielen Dank für deine Antwort.

Die Mailboxen habe ich schon neu erstellt und der Abruf mit Get-Mailbox -Monitoring bringt keine Fehlermeldungen

 

Gruß Tobias


   
AntwortZitat

(@geloeschter-benutzer)
Reputable Member
Beigetreten: Vor 2 Jahren
Beiträge: 263
 

dann mal ne normale PS öffnen (administrativ) und dort die Exchange commandlets importieren

Add-PSSnapin *exchange*

damit kannst du dann wenigstens erstmal arbeiten

 

Gruß,
Ralf


   
AntwortZitat
Teilen: