Dec 08 2020 12:55 AM
ATA event shows that %Username% failed to authenticate with clear text credentials using LDAP simple binds on server servername. But, on the server I couldn't any process, service, task with %username% credentials. How to find what is causing event?
Thnx in advance.
Dec 08 2020 01:06 AM
Events are repeating each 1h 2 min.
Dec 08 2020 03:22 AM
@Toza62 The process tha tis doing so is probably not running locally on the DC, it's most likely on the source computer, was that the "Servername" you mentioned?
make sure we resolved it correctly, export the alert to excel and verify that we matched the IP to the correct machine name, to make sure you are looking on the correct machine.
If yes, try running netmon 3.4 on the machien to locate the process which invokes the LDAP failures.
if it happens that rapidly you might be able to spot if with a few minutes of capturing...
Dec 08 2020 03:30 AM