I have set up SASL Security configured AD Endpoint, with Failover for AD, and User ID in Endpoint Configuration is specified as '<username>' only, e.g. srv_ca (without Windows domain). I found the following repetitive "Invalid Credentials" errors in AD log.
GetStatusOfAllServers: total servers=11
GetStatusOfAllServers: total threads=11
GetStatusOfAllServers: WaitForMultipleObjects: object 0..11
ldap__bind_s() ..... Thread 0x28d8 Connection to Server: DC1.MYDOMAIN.COM; Port: 389
Credentials: CN=srv_ca,OU=Service Accounts,DC=MYDOMAIN,DC=COM
Return Code: 49 --- Reason: Invalid Credentials
ldap__bind_s() ..... ldap__bind_s() ..... ldap__bind_s() ..... ldap__bind_s() ..... ldap__bind_s() ..... ldap__bind_s() ..... Thread 0x3ba4 Connection to Server: DC1.MYDOMAIN.COM; Port: 389
Credentials: CN=srv_ca,OU=Service Accounts,DC=MYDOMAIN,DC=COM
Return Code: 49 --- Reason: Invalid Credentials
I have multiple Backup Domain Controllers and configured AD Fail-over. Functionality wise, the Fail-over is not impacted however my Security Team considers this attempting to login AD server suspicious activities.
Release : 14.3, 14.3 CP1
Component : Identity Manager