Forum Discussion
Toza62
Dec 08, 2020Copper Contributor
Username failed to authenticate with clear text credentials using LDAP simple binds
ATA event shows that %Username% failed to authenticate with clear text credentials using LDAP simple binds on server servername. But, on the server I couldn't any process, service, task with %username% credentials. How to find what is causing event?
Thnx in advance.
- EliOfek
Microsoft
Toza62 The process tha tis doing so is probably not running locally on the DC, it's most likely on the source computer, was that the "Servername" you mentioned?
make sure we resolved it correctly, export the alert to excel and verify that we matched the IP to the correct machine name, to make sure you are looking on the correct machine.
If yes, try running netmon 3.4 on the machien to locate the process which invokes the LDAP failures.
if it happens that rapidly you might be able to spot if with a few minutes of capturing...
- Toza62Copper ContributorYes, exactly. I have source IP address, I checked servers logs (especially security logs ), tasks, services.. etc., but I cannot find nothing with %username% credentials. I will try with netmon 3.4.
Thank you for help.
- Toza62Copper Contributor
Events are repeating each 1h 2 min.