I'm new to using DPA - while monitoring some alerts, I found that we had repeated attempts for a "login failed for user 'domain\User': attempting to use an NT account name with SQL Server Authentication [CLIENT: <local machine>]"
After doing a bit of research, we have identified that the attempted logins were coming from a Task Manager Detail with a PID associated to SWJobEngineWorker2.exe that runs every 5 minutes, and everything I've found seems to be that this is related to NPM.
There are also 3 other Detail/Services that are constant: SWJobEngineSvc2.exe, and 2 instances of SWJobEngineWorker2x64.exe
We do not have any stored credentials in Solarwinds for this particular domain\User, and it doesn't appear that we're using AppInsights to monitor, and nothing seems to be failing, as DPA is monitoring the SQL server just fine.
How can I find out what is using this ghost account and remove it?
NOTE: There are NO services on this particular server that use this domain\User account and the only SW service running is 'SolarWinds Agent' using LogOnAs Local System.