I have set up SASL Security configured AD Endpoint, with Failover for AD, and User ID in Endpoint Configuration is specified as '<username>' only, e.g. srv_ca (without Windows domain). I found the following repetitive "Invalid Credentials" errors in AD log.

GetStatusOfAllServers: total servers=11
GetStatusOfAllServers: total threads=11
GetStatusOfAllServers: WaitForMultipleObjects: object 0..11
ldap__bind_s() ..... Thread 0x28d8 Connection to Server: DC1.MYDOMAIN.COM; Port: 389
 Credentials: CN=srv_ca,OU=Service Accounts,DC=MYDOMAIN,DC=COM
 Return Code: 49 --- Reason: Invalid Credentials
ldap__bind_s() ..... ldap__bind_s() ..... ldap__bind_s() ..... ldap__bind_s() ..... ldap__bind_s() ..... ldap__bind_s() ..... Thread 0x3ba4 Connection to Server: DC1.MYDOMAIN.COM; Port: 389
 Credentials: CN=srv_ca,OU=Service Accounts,DC=MYDOMAIN,DC=COM
 Return Code: 49 --- Reason: Invalid Credentials

I have multiple Backup Domain Controllers and configured AD Fail-over. Functionality wise, the Fail-over is not impacted however my Security Team considers this attempting to login AD server suspicious activities.

This is a known issue that is recorded in DE447532

Release : 14.3, 14.3 CP1

Component : Identity Manager

At the time this article is written, the following production fix is available to address this issue
          HF-DE447045-DE447715-DE447532.zip
Please raise a Support Call Ticket and request for the fix.

This hot fix is for CCS, i.e. external Connector Server on Windows. This fix replaces E2KPS.dll and W2KNamespace.dll in CCS bin directory.

This hot fix is also applicable on top of CSS that is installed from External Connector installation you have downloaded from vApp with IM 14.3 CP1.
Currently this issue is planned to be addressed in IM 14.3 CP2.