Put the domain controller in verbose logging for the
netlogon service to actually find out where the logon attempt was coming
from.
First, open up command prompt as an administrator and execute the following command:
nltest /dbflag:0x2080ffff
Once done, execute the following command to turn off the debugging:
nltest /dbflag:0x0
This logs every transaction made to the file: %windir%\debug\netlogon.log (note, you need to run notepad as an administrator to read this file).
source: https://support.microsoft.com/en-us/help/109626/enabling-debug-logging-for-the-netlogon-service
