The Active Directory KDC enables Kerberos preauthentication and I keep getting the event "Pre-authentication Failed - outside work hours 675” to my centralized events manager every time a user login.
Pre-authentication failed:
User Name: UserX
User ID: TULSA\UserX
Service Name: krbtgt/DomainName
Pre-Authentication Type: 0x0
Failure Code: 0x19
Client Address: 192.168.1.X
Pre-authentication failed:
User Name: UserX
User ID: Domain/UserX
Service Name: krbtgt/Domain
Pre-Authentication Type: 0x2
Failure Code: 0x18
Client Address: 192.168.1.X
I noticed that there are two error codes 0x19 and 0x18 and two preauthenticatio types: 0x0 and 0x2. What is the difference these two events? How can I stop them?
Are there any security risks behind disabling Kerberos Preauthentication on user accounts?
Please help me solve this issue.
Thanks
Abdellah
Looks like a bad password
Thanks
Mike