We are seeing a large amount of security audit failures with no source workstation listed. Usually these happen in quick blips with well over 1,000 accounts tried in a short time span. In each instance, there is never a source workstation listed and 99% of the errors show a 0xc0000064 error since there is no such account. Is there anywhere else to check where I can tell where this took place from? We have multiple DC's, but only one DC is showing the audit failures.
Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
Logon Account: ****
Error Code: 0xc0000064