M
mattreade
Hello,
On a network I was asked to review, I am getting numerous (50+ per hour) Microsoft-Windows-Security-Auditing event ID 4768 Audit Failures on the domain controller (Server 2016, 192.168.16.2).
See Event Text Below
Some interesting points about these errors.
Do these errors signify a problem with my domain or configuration error?
Besides the fact I am getting all these errors, everything seems to be running fine.
Thanks
Matt Reed
EVENT LOG
Log Name: Security
Source: Microsoft-Windows-Security-Auditing
Date: 7/18/2018 10:46:17 AM
Event ID: 4768
Task Category: Kerberos Authentication Service
Level: Information
Keywords: Audit Failure
User: N/A
Computer: fileserver.domian.local
Description:
A Kerberos authentication ticket (TGT) was requested.
Account Information:
Account Name: S-1-5-21-xxxxxxxxxx-xxxxxxxx-xxxxxxxxxx-xxxx
Supplied Realm Name: DOMAIN.LOCAL
User ID: NULL SID
Service Information:
Service Name: krbtgt/DOMAIN.LOCAL
Service ID: NULL SID
Network Information:
Client Address: ::ffff:192.168.16.3
Client Port: 49680
Additional Information:
Ticket Options: 0x40810010
Result Code: 0x6
Ticket Encryption Type: 0xFFFFFFFF
Pre-Authentication Type: -
Certificate Information:
Certificate Issuer Name:
Certificate Serial Number:
Certificate Thumbprint:
Certificate information is only provided if a certificate was used for pre-authentication.
Continue reading...
On a network I was asked to review, I am getting numerous (50+ per hour) Microsoft-Windows-Security-Auditing event ID 4768 Audit Failures on the domain controller (Server 2016, 192.168.16.2).
See Event Text Below
Some interesting points about these errors.
- The Account Name listed in the event is the SID from one of the computers on the network. This particular PC has an IP Address of 192.168.16.75
- This happens on a regular basis for each of the 15 client PCs on the network.
- The Client Address in the Event Log is the IP address of the Server 2016 with Essentials Role installed (192.168.16.3)
Do these errors signify a problem with my domain or configuration error?
Besides the fact I am getting all these errors, everything seems to be running fine.
Thanks
Matt Reed
EVENT LOG
Log Name: Security
Source: Microsoft-Windows-Security-Auditing
Date: 7/18/2018 10:46:17 AM
Event ID: 4768
Task Category: Kerberos Authentication Service
Level: Information
Keywords: Audit Failure
User: N/A
Computer: fileserver.domian.local
Description:
A Kerberos authentication ticket (TGT) was requested.
Account Information:
Account Name: S-1-5-21-xxxxxxxxxx-xxxxxxxx-xxxxxxxxxx-xxxx
Supplied Realm Name: DOMAIN.LOCAL
User ID: NULL SID
Service Information:
Service Name: krbtgt/DOMAIN.LOCAL
Service ID: NULL SID
Network Information:
Client Address: ::ffff:192.168.16.3
Client Port: 49680
Additional Information:
Ticket Options: 0x40810010
Result Code: 0x6
Ticket Encryption Type: 0xFFFFFFFF
Pre-Authentication Type: -
Certificate Information:
Certificate Issuer Name:
Certificate Serial Number:
Certificate Thumbprint:
Certificate information is only provided if a certificate was used for pre-authentication.
Continue reading...