Solved

Event ID 4771 Kerberos Pre-Authentication Errors

Posted on 2016-10-18
2
38 Views
Last Modified: 2016-11-28
I am getting a lot of 4771 Kerberos Pre-authentication failed errors.
How can I stop them from occurring?

Thanks
0
Comment
Question by:splitrockit
  • 2
2 Comments
 
LVL 11

Expert Comment

by:loftyworm
ID: 41848918
Can you post some of the events?

It all depends on what is causing it.
0
 
LVL 11

Accepted Solution

by:
loftyworm earned 500 total points
ID: 41848924
I found this to help you look in the event better
"
This event is logged on domain controllers only and only failure instances of this event are logged.

At the beginning of the day when a user sits down at his or her workstation and enters his domain username and password, the workstation contacts a local DC and requests a TGT. If the username and password are correct and the user account passes status and restriction checks, the DC grants the TGT and logs event ID  4768 (authentication ticket granted).  

If the ticket request fails Windows will either log this event, failure 4771, or 4768 if the problem arose during "pre-authentication".  In Windows Kerberos, password verification takes place during pre-authentication.

The User field for this event (and all other events in the Audit account logon event category) doesn't help you determine who the user was; the field always reads N/A. Rather look at the Account Information: fields, which identify the user who logged on and the user account's DNS suffix. The User ID field provides the SID of the account.

Windows logs other instances of event ID 4768 when a computer in the domain needs to authenticate to the DC typically when a workstation boots up or a server restarts. In these instances, you'll find a computer name in the User Name and fields. Computer generated kerberos events are always identifiable by the $ after the computer account's name.
"

https://www.ultimatewindowssecurity.com/securitylog/encyclopedia/event.aspx?eventID=4771
0

Featured Post

VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Table of Contents: Lesson 1 - Installing Windows Server 2012 (http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/Windows_Server_2012/A_11592-Become-an-Administrator-Installing-Windows-Server-2012.html) Lesson 2 - Configuring Ser…
The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
This tutorial will walk an individual through the process of configuring basic necessities in order to use the 2010 version of Data Protection Manager. These include storage, agents, and protection jobs. Launch Data Protection Manager from the deskt…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

785 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question