I have a user that is continuously getting locked out. The DCs are showing it getting locked out on the Exchange Server.
Here's the problem, the security log shows the user being locked out like this;
Workstation Name: A.B.C.D <- Exchange Server IP
Source Network Address: E.F.G.H <- Our Load Balancer IP
So we are looking for a way to locate more info on the device thats causing the lockout. Everything that passes thru the LB before it hits the exchange server, shows up on the Exchange server logs from the LB's IP... Is there any NetMon or ExTra way to maybe find a MAC address of real IP of the device thats possibly causing these lockouts?