We have a guacamole/mstsc in order to get to our windows instances, the problem in additional requests which comes from background application and i cant determine which one is that.
For example.
I open webbrowser/mstsc enter credentials and everything works fine, i did my work and close it. Then i open it again and cant get to remote machine because of the attempts with auth requests. Sometimes i just need to turn on my PC and do nothing, i mean i dont need to connect to guacamole/mstsc before in order to initialize these requests. I asked our devops he said that some app/apps send requests with wrong password and we need to figure out what is going on by ourselves.
Which application could send this type of requests in the background, any ideas?The problem is that i dont know the time when it will happen, so i cant use fiddler/wireshark for this.
This is the example which our devops send to me:
Auth: [Kerberos KDC,ENC-TS Pre-authentication] user [(null)][username@domain] at ['datetime' EST] with [aes256-cts-hmac-sha1-96] status [NT_STATUS_WRONG_PASSWORD] workstation [(null)] remote host [ipv4:'ip'] mapped to [domain][username]. local host [NULL] He said that sometimes its like 4rps.
BTW. This issue is not only on my PC, our whole team has issues, we dont use corporate PC, but our owns. I use windows 11, some of my colleagues use windows 10.
