Hi, new to the forums here :)
I have a problem during a server check up, when I took a look at the event viewer at my server (Windows 2012 R2) apparently everyday at 17:49 (server time) a warning occurred with the event ID 2887 - LDAP Interface.
I've already done a trap to get the IP Address that is doing this LDAP signing and it turns out that the IP belongs in the firewall that I've owned.
The IP X.X.0.1 belongs to my firewall and unfortunately I cannot determine what client triggers this warning as the firewall do not have any pre-scheduled task for LDAP binding request and every device that connects to the firewall do not have any schedule that occurs at this exact time either. Correct me if I'm wrong but I don't think a firewall can initiate a LDAP binding request so I believe that a client connecting to the firewall must be triggering the firewall to do this.
My question, is there any other methods besides entrapment on how to find the real source of the LDAP binding request? Thanks.