Hello,
Thank you for posting in the Microsoft community forum.
According to the information you have provided, you are experiencing successive failed login attempts on the remote server. Since the source network address is not provided in the log, it is recommended that you enable advanced auditing policies for further diagnosis.
Here are the general steps to enable the policy and check it further:
Step 1: Enable the audit policy
- Open the Group Policy Management Console (GPMC).
- Navigate to Computer Configuration -> Windows Settings -> Security Settings -> Advanced Audit Policy Configuration -> Audit Policy -> Login/Logout.
- Double-click Audit Login, select Success and Fail, and click OK.
Step 2: Check the event log
- Press Win + R, type eventvwr, and press Enter to open the event viewer:
- In the left pane, expand Windows Logs and choose Security.
- In the right pane, click Filter current logs. Enter 4624 (successful login) and 4625 (failed login) in the Event ID field and click OK.
Step 3: Look for failed login attempts
Look for frequent failed login attempts, especially from unknown IP addresses. Use firewall rules to block these IP addresses.
In addition, you can try using a network monitoring tool, such as Microsoft Network Monitor, to capture network traffic and identify the reasons for login failures.
I hope this helps.
Best regards
Jacen