Hello there,
Try enabling auditing for logon failure.
Logon to your domain controller with administrative privileges and launch the Group Policy Management console.
Right-click the appropriate Group Policy Object linked to the Domain Controllers container and select Edit.
Expand the Computer Configuration → Windows Setting → Security Settings → Local Policies → Audit Policy node.
Configure audit policies as follows:
Account Management: Success
Audit account logon events: Failure
Audit logon events: Failure
-------------------------------------------------------------------------------------------------------------------------------------------
--If the reply is helpful, please Upvote and Accept it as an answer–