I work in a rather large comapny and I have hundreds and hundreds of failed attempts logged by the KDC server, all different users. They can all access the network, however, for some reason or another, these users seem to be trying to reauthenticate over and over and over again. Generating huge SecDump audit logs. Does anyone have any idea why these users would be attempting to reauthenticate hundreds of times a day? I am fully aware of malicious attempts but I don't think this is the case as there are too many users attempting this authentication.
Any help would be greatly appreciated.