Event ID 4771

Getting hundreds of errors below with event id 4771 on windows 2012 server.

Can anyone please help?

Kerberos pre-authentication failed.

Account Information:
      Security ID:            DOMAIN\WEBSERVER$
      Account Name:            WEBSERVER$

Service Information:
      Service Name:            krbtgt/domain.com

Network Information:
      Client Address:            ::ffff:192.168.0.xxx
      Client Port:            54214

Additional Information:
      Ticket Options:            0x40810010
      Failure Code:            0x25
      Pre-Authentication Type:      2

Certificate Information:
      Certificate Issuer Name:            
      Certificate Serial Number:       
      Certificate Thumbprint:            

Certificate information is only provided if a certificate was used for pre-authentication.

Pre-authentication types, ticket options and failure codes are defined in RFC 4120.

If the ticket was malformed or damaged during transit and could not be decrypted, then many fields in this event might not be present.
dreamer123456Asked:
Who is Participating?
 
Naveen SharmaCommented:
If the ticket request fails Windows will either log this event, failure 4771, or 4768 if the problem arose during "pre-authentication". In Windows Kerberos, password verification takes place during pre-authentication. You can get the details from 4771 - Kerberos pre-authentication failed

If such error appears randomly and for different users, then we can theorise about wrong typing. In my experience, most such problems arise when an user has more than one e-mail client and an e-mail server using AD infrastructure for the user authentication. In such scenario we need to investigate a root of the problem. Get help from this article on How to troubleshoot the Kerberos error 4771 and locked user accounts.

Here is another informative post on how to identify the source of Account Lockouts in Active Directory:
https://www.lepide.com/how-to/identify-the-source-of-account-lockouts-in-active-directory.html
0
 
arnoldCommented:
Does your environment include a CA PKI infrastructure that secures the communications between/among clients and servers and servers?
0
 
arnoldCommented:
See if the following https://mivilisnet.wordpress.com/2016/03/07/how-to-troubleshoot-the-kerberos-error-4771-and-locked-user-accounts/ which includes a step by step research example to look at the possible causes/explanation.
0
 
Hello ThereSystem AdministratorCommented:
0
 
Naveen SharmaCommented:
Answered.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.