So we've received some alerts from Alert Logic indicating the Administrator account is getting locked out. Upon closer inspection on the server these alerts point too it appears the server is seeing a whole flood of login attempts from miscellaneous accounts. I enabled netlogon auditing to get a better idea of where these logons are coming from and the logs are all pointing to the Alert Logic appliance as the culprit. Is there some sort of service or task that Alert Logic Appliances run that triggers these logins? It happens around the same time every night.
Please sign in to leave a comment.