asked on Error 4769 Domain controller
I started working on this network. Getting failure audits with error 4769. Its windows 2012 server.
It is coming from various different workstations from various different user accounts or machine name with $
Can someone please help?
A Kerberos service ticket was requested.
Account Information:
Account Name: DESKTOP123$@domainname.COM
Account Domain: domainname.COM
Logon GUID: {00000000-0000-0000-0000-0
Service Information:
Service Name: krbtgt/domainname.COM
Service ID: NULL SID
Network Information:
Client Address: ::ffff:192.168.0.xx
Client Port: 51215
Additional Information:
Ticket Options: 0x60810010
Ticket Encryption Type: 0xFFFFFFFF
Failure Code: 0xE
Transited Services: -
This event is generated every time access is requested to a resource such as a computer or a Windows service. The service name indicates the resource to which access was requested.
This event can be correlated with Windows logon events by comparing the Logon GUID fields in each event. The logon event occurs on the machine that was accessed, which is often a different machine than the domain controller which issued the service ticket.
Ticket options, encryption types, and failure codes are defined in RFC 4120.
It is coming from various different workstations from various different user accounts or machine name with $
Can someone please help?
A Kerberos service ticket was requested.
Account Information:
Account Name: DESKTOP123$@domainname.COM
Account Domain: domainname.COM
Logon GUID: {00000000-0000-0000-0000-0
Service Information:
Service Name: krbtgt/domainname.COM
Service ID: NULL SID
Network Information:
Client Address: ::ffff:192.168.0.xx
Client Port: 51215
Additional Information:
Ticket Options: 0x60810010
Ticket Encryption Type: 0xFFFFFFFF
Failure Code: 0xE
Transited Services: -
This event is generated every time access is requested to a resource such as a computer or a Windows service. The service name indicates the resource to which access was requested.
This event can be correlated with Windows logon events by comparing the Logon GUID fields in each event. The logon event occurs on the machine that was accessed, which is often a different machine than the domain controller which issued the service ticket.
Ticket options, encryption types, and failure codes are defined in RFC 4120.
Windows Server 2012NetworkingActive DirectoryDNSWindows Server 2008
Last Comment
Seth Simmons
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
Hi,
These are windows 10 pro workstations. I am also seeing lot of these errors from domain user logins in middle of night when no users are using the computers. I am seeing hundreds of these failures every hour. I scanned with trendmicro and nothing was detected.
These are windows 10 pro workstations. I am also seeing lot of these errors from domain user logins in middle of night when no users are using the computers. I am seeing hundreds of these failures every hour. I scanned with trendmicro and nothing was detected.
SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
Which system, function facing the outside world do you have, for web using integrated security might be ...
Identifying the source, I.e the 192.168.0.xx unnecessary to hide client iOS in private networks, 10., 172.16-31.255.255 and 192.168.0-255.255
If it originates from the same system, using the outside firewall to log/restrict its external access to make ........
Identifying the source, I.e the 192.168.0.xx unnecessary to hide client iOS in private networks, 10., 172.16-31.255.255 and 192.168.0-255.255
If it originates from the same system, using the outside firewall to log/restrict its external access to make ........
SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
No comment has been added to this question in more than 21 days, so it is now classified as abandoned.
I have recommended this question be closed as follows:
Split:
-- 'arnold' (https:#a42488306)
-- 'Hello There' (https:#a42488476)
-- 'Aard Vark' (https:#a42488618)
If you feel this question should be closed differently, post an objection and the moderators will review all objections and close it as they feel fit. If no one objects, this question will be closed automatically the way described above.
seth2740
Experts-Exchange Cleanup Volunteer
I have recommended this question be closed as follows:
Split:
-- 'arnold' (https:#a42488306)
-- 'Hello There' (https:#a42488476)
-- 'Aard Vark' (https:#a42488618)
If you feel this question should be closed differently, post an objection and the moderators will review all objections and close it as they feel fit. If no one objects, this question will be closed automatically the way described above.
seth2740
Experts-Exchange Cleanup Volunteer
Alternatively, if you cannot or will not remove older clients I would say just learn to live with the errors.