Kerberos authentication ticket


4768: A Kerberos authentication ticket (TGT) was requested

4771: Kerberos pre-authentication failed

Result codes:

Result code

Kerberos RFC description

Notes on common failure codes

0x1

Client’s entry in database has expired

  

0x2

Server’s entry in database has expired

  

0x3

Requested protocol version # not supported

  

0x4

Client’s key encrypted in old master key

  

0x5

Server’s key encrypted in old master key

  

0x6

Client not found in Kerberos database

Bad user name, or new computer/user account has not replicated to DC yet

0x7

Server not found in Kerberos database

 New computer account has not replicated yet or computer is pre-w2k

0x8

Multiple principal entries in database

  

0x9

The client or server has a null key

 administrator should reset the password on the account

0xA

Ticket not eligible for postdating

  

0xB

Requested start time is later than end time

  

0xC

KDC policy rejects request

Workstation restriction

0xD

KDC cannot accommodate requested option

  

0xE

KDC has no support for encryption type

  

0xF

KDC has no support for checksum type

  

0x10

KDC has no support for padata type

  

0x11

KDC has no support for transited type

  

0x12

Clients credentials have been revoked

Account disabled, expired, locked out, logon hours.

0x13

Credentials for server have been revoked

  

0x14

TGT has been revoked

  

0x15

Client not yet valid – try again later

  

0x16

Server not yet valid – try again later

  

0x17

Password has expired

The user’s password has expired.

0x18

Pre-authentication information was invalid

Usually means bad password

0x19

Additional pre-authentication required*

  

0x1F

Integrity check on decrypted field failed

  

0x20

Ticket expired

Frequently logged by computer accounts

0x21

Ticket not yet valid

  

0x21

Ticket not yet valid

  

0x22

Request is a replay

  

0x23

The ticket isn’t for us

  

0x24

Ticket and authenticator don’t match

  

0x25

Clock skew too great

Workstation’s clock too far out of sync with the DC’s

0x26

Incorrect net address

 IP address change?

0x27

Protocol version mismatch

  

0x28

Invalid msg type

  

0x29

Message stream modified

  

0x2A

Message out of order

  

0x2C

Specified version of key is not available

  

0x2D

Service key not available

  

0x2E

Mutual authentication failed

 may be a memory allocation failure

0x2F

Incorrect message direction

  

0x30

Alternative authentication method required*

  

0x31

Incorrect sequence number in message

  

0x32

Inappropriate type of checksum in message

  

0x3C

Generic error (description in e-text)

  

0x3D

Field is too long for this implementation

  

Free Security Log Quick Reference Chart

Ref: https://www.ultimatewindowssecurity.com/securitylog/encyclopedia/event.aspx?eventID=4768

Ref: https://www.ultimatewindowssecurity.com/securitylog/encyclopedia/event.aspx?eventID=4771

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s