B
Blueshift
Hi All, been receiving frequent Event 4771 failed Kerberos pre-auth events on my Domain Controller.
After some research, I discovered that these correlate with 4648 (successful logon) events happening on the client computers enacted by Outlook. This has been causing account lockouts on our DC and tons of false positives in our security auditing software.
Our exchange server is hosted offsite by a third-party, so not sure why Outlook is trying to authenticate with our domain controller.
Why is this happening, and how do I stop this from happening?
Clients are using Outlook 2016/2019 (and one on 2013 I believe)
Thanks!
Continue reading...
After some research, I discovered that these correlate with 4648 (successful logon) events happening on the client computers enacted by Outlook. This has been causing account lockouts on our DC and tons of false positives in our security auditing software.
Our exchange server is hosted offsite by a third-party, so not sure why Outlook is trying to authenticate with our domain controller.
Why is this happening, and how do I stop this from happening?
Clients are using Outlook 2016/2019 (and one on 2013 I believe)
Thanks!
Continue reading...