May 19 2021 12:30 AM
Current SharePoint 2019 server is hosted at domain A and environment have one way trust with Domain S.
Domain S admin currently received multiple login failed from Domain A service account , those service account is for SharePoint application pool , SharePoint Timer service .
My question is why these service account go to domain S for authentication ? not only go for domain A authenticate only ?
*we are unable to get more information from Domain S , only have simple alert which is
Threat Name: An account failed to log on
checked on the windows event log , SharePoint usl log, IIS log not see any related activity for the service account.
*noticed have warning about event id 40961 : (not sure this have related or not? )
The Warning Event details as follows;
Details : The security System could not establish a secured connection with the server ldap/server.mydomain.net/mydomain.net@MYDOMAIN.NET. No authentication protocol was available
*our SharePoint page have using Claims to Windows Token service for Domain S , normally the sharepoint page is login for Domain S user , Domain A service account only use for services.
Hope someone can share about the authentication of this logic ?
thanks
Sep 26 2021 06:46 PM