Recently an employee has left the company and I get these error messages either late at night or early morning. This employee username and email has been removed from the system. The server that the account is trying to access is the email server. Here is the error message, I had change up the username and Supplied Realm Name which has the Domain info.
Is there a service trying to access this employee's account?
676,AUDIT FAILURE,Security NT AUTHORITY\SYSTEM,Authentication Ticket Request Failed, User Name: John Doe Supplied Realm Name: AB Domain
Thanks for your help.