Solved

Event ID 4771 Kerberos Pre-Authentication Errors

Posted on 2016-10-18
2
35 Views
Last Modified: 2016-11-28
I am getting a lot of 4771 Kerberos Pre-authentication failed errors.
How can I stop them from occurring?

Thanks
0
Comment
Question by:splitrockit
  • 2
2 Comments
 
LVL 11

Expert Comment

by:loftyworm
ID: 41848918
Can you post some of the events?

It all depends on what is causing it.
0
 
LVL 11

Accepted Solution

by:
loftyworm earned 500 total points
ID: 41848924
I found this to help you look in the event better
"
This event is logged on domain controllers only and only failure instances of this event are logged.

At the beginning of the day when a user sits down at his or her workstation and enters his domain username and password, the workstation contacts a local DC and requests a TGT. If the username and password are correct and the user account passes status and restriction checks, the DC grants the TGT and logs event ID  4768 (authentication ticket granted).  

If the ticket request fails Windows will either log this event, failure 4771, or 4768 if the problem arose during "pre-authentication".  In Windows Kerberos, password verification takes place during pre-authentication.

The User field for this event (and all other events in the Audit account logon event category) doesn't help you determine who the user was; the field always reads N/A. Rather look at the Account Information: fields, which identify the user who logged on and the user account's DNS suffix. The User ID field provides the SID of the account.

Windows logs other instances of event ID 4768 when a computer in the domain needs to authenticate to the DC typically when a workstation boots up or a server restarts. In these instances, you'll find a computer name in the User Name and fields. Computer generated kerberos events are always identifiable by the $ after the computer account's name.
"

https://www.ultimatewindowssecurity.com/securitylog/encyclopedia/event.aspx?eventID=4771
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Restore Server 2012 R2 Registry 4 56
SBS 2011 wireless nic? & dynamic VPN. 3 65
Stop users from saving passwords in IE 11 2 25
AD Account Lockout 22 37
Table of Contents: Lesson 1 - Installing Windows Server 2012 (http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/Windows_Server_2012/A_11592-Become-an-Administrator-Installing-Windows-Server-2012.html) Lesson 2 - Configuring Ser…
Understanding the various editions available is vital when you decide to purchase Windows Server 2012. You need to have a basic understanding of the features and limitations in each edition in order to make a well-informed decision that best suits y…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
This tutorial will walk an individual through the process of installing of Data Protection Manager on a server running Windows Server 2012 R2, including the prerequisites. Microsoft .Net 3.5 is required. To install this feature, go to Server Manager…

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now