HI there...
i have this error ID pop up (a thousand times) on a remote computer that i connected to via smb.
The remote PC is on a different network than my work pc. This network is connected to my work pc through a BOVPN tunnel.
What i did:
Windows Explorer --> \ipadressremotepc\c$
I was promted usercredentials wich i typed in and they were accepted.
Windows explorer showed me the files under c$ and i copied a few files to my work pc.
Solarwinds tripped the logon attempts test with multiple thousands of 4625 errors.
Like always there is not much information given in the windows logs.
The error messages show that my pc is trying to connect to that remote pc with my credentials, not the usercredentials of said remote pc.
How do i find out what application or process is trying so desperatly to connect to the remote pc?
How do i stop this behavior?
This is oviosly Windows still trying to contact the remote machine. Its constantly trying to open up an SMBv2 connection and fails.
I have wireshark running an can see that my pc tries to contact the remote pc.
I also have processexplorer open an i found this connection in one of the open svchost.exe processes..... i found it and lost it again becuse it showed the ip of the remote pc but it quickly dissapeared...
Thanks