Hello I'm seeing a bunch of failed logon attempts, what's confusing me is the usernames. Rather than the normal user naming convention, first.last or first.mi.last I'm seeing 1234567890@mil
I assume these are users CAC ID's but not sure why its attempting to login this way. I recently added AD Certificate Services Roll would this have anything to do with it?
A Kerberos authentication ticket (TGT) was requested.
Account Name: 1234567890@mil
Supplied Realm Name: DOMAIN NAME
User ID: NULL SID
Service Name: krbtgt/DOMAIN
Service ID: NULL SID
Client Address: ::ffff:XXX.XX.XXX.XXX
Client Port: 7130
Ticket Options: 0x40810010
Result Code: 0x6
Ticket Encryption Type: 0xffffffff
Pre-Authentication Type: -
Certificate Issuer Name:
Certificate Serial Number:
Certificate information is only provided if a certificate was used for pre-authentication.
Pre-authentication types, ticket options, encryption types and result codes are defined in RFC 4120.