Ok here is another stumper that has been happening for a while now.

I see a developer attempting to log in to the box, from a different domain, and it fails. The problem is the machine name it is coming from is LOCALHOST. Now I know you can't name your box LOCALHOST so I'm wondering where NT is picking this name up from. The dev doesn't have physical access to the server in question, nor does he have remote access to that box. The machine in question is a Windows NT 4.0 server that is only an application server. It happens at around 06:30 every morning and only happens once, except on Sundays when it happens twice back to back. Here is a sanitized log entry for this event:

Code:
SEC,7/7/05,06:38:32,Security,529,Failure,Logon/Logoff ,NT AUTHORITY\SYSTEM,APPSERVER,Logon Failure:^`   Reason:         Unkn
own user name or bad password^`         User Name:      DEV1^`  Domain:         OTHERDOMAIN^`      Logon Type:     3^`     Logon Proces
s:      KSecDD^`        Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0^`         Workstation Name:       \\LOCALHOST
I have googled for an answer, and I even have checked out Microsofts knowledge base trying to find anything similar to this, but have so far been unsuccessful. So I figured that I would turn to my AO bretheren in the hopes that they may have an idea that I haven't thought of.