Hello all,

I'm having an issue with a program called splunk along with lansweeper. We are currently getting upwards of 100,000+ event triggers caused by our lansweeper account evidently trying to login to a few servers. An example of one of the splunk alerts follows:

Jul 8 09:54:17 <IP Address> Jul 8 13:54:13 SEC02 ossec: Alert Level: 3; Rule: 18107 - Windows Logon Success.; Location: (<Azure Server 2>) any->WinEvtLog; user: <Lansweeper account>; 2020 Jul 08 09:54:10 WinEvtLog: Security: AUDIT_SUCCESS(4624): Microsoft-Windows-Security-Auditing: <Lansweeper account>: <Company Name>: <azure server 2. company name.com>: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-21-796845957-1078145449-725345543-35416 Account Name: <Lansweeper Account> Account Domain: <company name> Logon ID: 0xe4bfe94 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: <Lansweeper Server> Source Network Address:<IP Address> Source Port: <port> Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V2 Key Length: 128

This is one of 3 nearly identical emails received in the same millisecond. Additionally, when I try to scan the servers in question on the Lansweeper console I get this error message:

ActiveDirectory_DomainService Event 1481 Directory Service <company name>\<Lansweeper account name> 07/09/2020 12:06:11

Internal error: The operation on the object failed.

Additional Data
Error value:
2 0000208D: NameErr: DSID-03100213, problem 2001 (NO_OBJECT), data 0, best match of:
''

For security reasons I have not attached errorlog.txt yet.

I have a ticket in with Lansweeper support, but have not heard back from them yet. This is a pressing issue, so I'm coming to the forums with it.