Our SQL Server 2019 (Server A) is configured to use linked servers with SQL Server 2019 (Server B). Kerberos Authentication is enabled and SPNs are configured correctly. All the accounts needed are both logins in both servers and have the required database permissions. Linked server security setting is set to "be made using current logins current credentials"
For the past month in Server A, I have been noticing the NT Authority\Anonymous Logon error stemming from Server B that occurs every 2 minutes. We have not had any complaints from user side or application side, so it is not a major issue. There is no job configured in Server B that runs every 2 mins. In the past when encountering this issue, we were able to identify the account from a complaint on user/app side and added the account to the list of logins with remote password in the linked server security settings, which fixed the issue. However, this issue is different as I am unsure which account is the one causing these errors.
My question is, what is the best way to create a profile trace to track down the culprit account that is erroring and filling up the SQL logs? Specifically, which filters (aside from filtering on host name Server B) should I look into? Which events should I have my traces track? And what specifically should I be looking deeper into?
Please provide any insight or recommendation. Thank you in advance!