Microsoft Windows Security Event ID 4771: Kerberos pre-authentication failed
Posted on 2013-11-18
I have an SBS 2011 Standard domain controller and I have noticed a lot of audit failures lately that doesn't make a whole lot of sense to me. This is the Event ID:
Kerberos pre-authentication failed.
Security ID: DOMAIN\SERVER$
Account Name: SERVER$
Service Name: krbtgt/DOMAIN
Client Address: ::1
Client Port: 0
Ticket Options: 0x40810010
Failure Code: 0x18
Pre-Authentication Type: 2
Certificate Issuer Name:
Certificate Serial Number:
Certificate information is only provided if a certificate was used for pre-authentication.
Pre-authentication types, ticket options and failure codes are defined in RFC 4120.
If the ticket was malformed or damaged during transit and could not be decrypted, then many fields in this event might not be present.
It seems like this audit failure is referring to the SBS server itself since the 'Client Address' is always ::1. What would be failing the authentication check on the SBS server since the Account Name points to itself?
Any information is appreciated.