Event ID 4771

Getting hundreds of errors below with event id 4771 on windows 2012 server.

Can anyone please help?

Kerberos pre-authentication failed.

Account Information:
      Security ID:            DOMAIN\WEBSERVER$
      Account Name:            WEBSERVER$

Service Information:
      Service Name:            krbtgt/domain.com

Network Information:
      Client Address:            ::ffff:192.168.0.xxx
      Client Port:            54214

Additional Information:
      Ticket Options:            0x40810010
      Failure Code:            0x25
      Pre-Authentication Type:      2

Certificate Information:
      Certificate Issuer Name:            
      Certificate Serial Number:       
      Certificate Thumbprint:            

Certificate information is only provided if a certificate was used for pre-authentication.

Pre-authentication types, ticket options and failure codes are defined in RFC 4120.

If the ticket was malformed or damaged during transit and could not be decrypted, then many fields in this event might not be present.
dreamer123456Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

arnoldCommented:
Does your environment include a CA PKI infrastructure that secures the communications between/among clients and servers and servers?
0
arnoldCommented:
See if the following https://mivilisnet.wordpress.com/2016/03/07/how-to-troubleshoot-the-kerberos-error-4771-and-locked-user-accounts/ which includes a step by step research example to look at the possible causes/explanation.
0
Hello ThereSystem AdministratorCommented:
0
Naveen SharmaCommented:
If the ticket request fails Windows will either log this event, failure 4771, or 4768 if the problem arose during "pre-authentication". In Windows Kerberos, password verification takes place during pre-authentication. You can get the details from 4771 - Kerberos pre-authentication failed

If such error appears randomly and for different users, then we can theorise about wrong typing. In my experience, most such problems arise when an user has more than one e-mail client and an e-mail server using AD infrastructure for the user authentication. In such scenario we need to investigate a root of the problem. Get help from this article on How to troubleshoot the Kerberos error 4771 and locked user accounts.

Here is another informative post on how to identify the source of Account Lockouts in Active Directory:
https://www.lepide.com/how-to/identify-the-source-of-account-lockouts-in-active-directory.html
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Naveen SharmaCommented:
Answered.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2012

From novice to tech pro — start learning today.