We have noticed ~15k failed login attempts a day on one of our admin-accounts in the domain.
The source server is found and the event type is "Network", the source is a DC that has not been touched (except WinUpd) for years so a virus seems unlikely but of course possible.
Is there a way to trace exactly what the failed attempts point at? We have recently changed FSMO roles between two other DCs in the domain, maybe that has something to do with it?
Source: Windows Questions