In reviewing our logs, ever attempt by someone to check their email using OWA and/or possibly Exchange results in multiple denials followed by a Granted entry.
We have multiple Accounts.
- In one Account, we see four Denied and then a Granted.
- In another Account we see three Denied and then Granted.
Other things we noticed:
- The reasons for the Denied are listed as “Location Unknown” with an IP of 0.0.0.0 but the matching Granted has a proper location and IP.
- This does not happen for every user, but it does happen for most.
- All four or five log entries are within the same minute as well.
Can anyone explain why this may be happening and/or what we can do to to clean it up?