Hi guys,
I have two servers, and for some reason something on Server A is trying to login into Server B. They're both in the same subnet due to DHCP, but they're not in the same domain. Server A is trying to login into Server B using the domain of Server A, which then fails. It tries this once every minute.
My problem is isolating what is making the login request. I can see in the Event Viewer logs the port it tried to connect on, which appears to be random. I tried Wireshark, and I can see the offending packets, but I can't seem to find out what program is generating that packet.
Any ideas how to narrow down what program is making the authentication request?