About a month ago I reset our KRBTGT account using this script from Technet:
Everything verified and succeeded. Every since then like clockwork every Saturday almost our entire AD of User Accounts gets locked out. Computer Accounts are unaffected. I have checked and found a ton of event ID 4771's with the Failure Code 0x18 and 0x12. This is reflected in their meanings documented below:
They claim that pre-auth is failing and then causing the lockout. I've checked and a lot of our Kerberos tickets do expire on Saturday. In addition to the 4771's I also see a lot of 4768 events.
I've tried rebooting all clients, though not servers, to flush the existing tickets but that hasn't helped. Neither has bouncing the DC's or Restarting the Ticket Granting service. I've even played with some powershell scripts to use klist to flush the tickets for all users. Though I haven't gotten them to work remotely.
Still this has been going on for over a month and I can't find anyone else having a similar issue. Resetting the KRBTGT account should NOT cause this to happen from everything I've read. We are at 2012 R2 Functional for our Forest and Domain level. When going up a level in the past we never had a similar issue. It was only when I ran the above script that all heck broke loose.
I'm happy to provide any additional information requested.