We're noticing that whenever PMP changes the password of an account on a remote client device a failed logon attempt is recorded on the client and on the domain controllers. We first spotted this when ADAudit started reporting hundreds of failed logons. The strange thing is that the account PMP is using to logon is just called "S" and not the account the service runs under. It's also worth noting that the password is successfully changed.
Below is the event, I've hashed out the server name and IP but it is the PMP servers details. And you can see the account name being used is S.
An account failed to log on.
Subject:
Security ID: NULL SID
Account Name: -
Account Domain: -
Logon ID: 0x0
Logon Type: 3
Account For Which Logon Failed:
Security ID: NULL SID
Account Name: S
Account Domain: *********
Failure Information:
Failure Reason: Unknown user name or bad password.
Status: 0xC000006D
Sub Status: 0xC0000064
Process Information:
Caller Process ID: 0x0
Caller Process Name: -
Network Information:
Workstation Name: *******
Source Network Address: 10.*.*.*
Source Port: 49439
Detailed Authentication Information:
Logon Process: NtLmSsp
Authentication Package: NTLM
Transited Services: -
Package Name (NTLM only): -
Key Length: 0
Any ideas what this is? I've just finished setting up a new instance of PMP so it's only been running for about 2 weeks. This issue was also happening on the old instance too.