Error Id 4769
Contents |
in Windows 2003 and before 673 Discussions on Event ID 4769 • 4769 Domain controllers and service names matching • Ticket Options RFC event id 4769 4120 5.4.1 • Event id 4769 error code 0x1d • Initial event id 4769 0x1b logon: same logon GUID for 3 service tickets? 4769: A Kerberos service ticket was requested On this event id 4769 0xe page Description of this event Field level details Examples Discuss this event Mini-seminars on this event Windows uses this event ID for both successful and failed service ticket requests.
Event Id 4769 Failure Code 0xe
If it is a failure event see Failure Code: below. Whereas event ID 4768 lets you track initial logons through the granting of TGTs, this lets you monitor the granting of service tickets. Service tickets are obtained whenever a user or computer accesses a server on the network. For example, when a user maps a drive to a event id 4768 file server, the resulting service ticket request generates event ID4769 on the DC. Result codes: Result code Kerberos RFC description Notes on common failure codes 0x1 Client's entry in database has expired 0x2 Server's entry in database has expired 0x3 Requested protocol version # not supported 0x4 Client's key encrypted in old master key 0x5 Server's key encrypted in old master key 0x6 Client not found in Kerberos database Bad user name, or new computer/user account has not replicated to DC yet 0x7 Server not found in Kerberos database New computer account has not replicated yet or computer is pre-w2k 0x8 Multiple principal entries in database 0x9 The client or server has a null key administrator should reset the password on the account 0xA Ticket not eligible for postdating 0xB Requested start time is later than end time 0xC KDC policy rejects request Workstation restriction 0xD KDC cannot accommodate requested option 0xE KDC has no support for encryption type 0xF
requested by user or computer. It will be logged in Domain Controller for both Success and Failure instances. In this article, I am going to explain about how to enable Event 4769 through Default Domain Controller event id 4770 Policy GPO and Auditpol.exe, and how to disable Event ID 4769. Summary: Event ID
Ticket Encryption Type: 0xffffffff
4769 Source Enable Event 4769 through Group Policy Enable Event 4769 via Auditpol Stop Event 4769 via GPO and Auditpol
Kdc Has No Support For Encryption Type
Event ID 4769 Source: Log Name: Security Source: Microsoft-Windows-Security-Auditing Date: 11/17/2014 4:48:29 PM Event ID: 4769 Task Category: Kerberos Service Ticket Operations Keywords: Audit Success Computer: MTSDC1.TestDomain.local Description: A Kerberos service ticket was requested. https://www.ultimatewindowssecurity.com/securitylog/encyclopedia/event.aspx?eventID=4769 Account Information: Account Name: Morgan$@TESTDOMAIN.LOCAL Account Domain: TESTDOMAIN.LOCAL Logon GUID: {77a5de7f-8fc6-0cb6-f468-ab81a180ff0e} Service Information: Service Name: MTSDC1$ Service ID: TESTDOMAIN\MTSDC1$ Network Information: Client Address: ::1 Client Port: 0 Additional Information: Ticket Options: 0x40810000 Ticket Encryption Type: 0x12 Failure Code: 0x0 Transited Services: - This event is generated every time access is requested to a resource such as a computer or a Windows service. The service name indicates the resource http://www.morgantechspace.com/2014/11/Event-4769-A-Kerberos-service-ticket-was-requested..html to which access was requested. This event can be correlated with Windows logon events by comparing the Logon GUID fields in each event. The logon event occurs on the machine that was accessed, which is often a different machine than the domain controller which issued the service ticket. Ticket options, encryption types, and failure codes are defined in RFC 4120. Enable Event 4769 via Group Policy To enable event id 4769 in every Domain Controller, We need to configure audit settings inDefault Domain Controllers Policy,or you can create new GPO and links it to the Domain Controllers OU via GPMC console, or else you can configure the corresponding policies onLocal Security Policyof each and every Domain Controller.. Follow the below steps to enable event 4769 via Default Domain Controllers Policy. 1. Press the key 'Window' + 'R' 2. Type the command gpmc.msc, and click OK. Note:Skip the above steps by clickingStart -->Administrative Tools -->Group Policy Management. 3. Expand the domain node and Domain Controllers OU, right-clickon the Default Domain Controllers Policy, then click Edit. - refer the be
about 25 Windows 7 Pro clients. I am receiving many Security Log events with Failure Code: 0xe My users are experiencing some minor issues listed here: Login script which maps drives is not running consistantly - works most of http://www.networksteve.com/forum/topic.php/Security_Logs_Windows_Server_2008_R2_many_Audit_Failures_Event_I/?TopicId=36936&Posts=4 the time but sometimes fails Network printer showing off line - power cycling the printer resolves the issue A few user accounts indicate they are locked out - however waiting a few minutes allows a login Access to network resources requires credentials when it normally should not Thanks in advance for any help. November 29th, 2012 5:08pm Windows uses this event 4769 for both successful and failed service ticket requests. In your case the error code 0xe event id is recorded and it may be because of KDC has no support for encryption type. For more details refer:http://www.ultimatewindowssecurity.com/securitylog/encyclopedia/event.aspx?eventid=4769Regards, Ravikumar P Free Windows Admin Tool Kit Click here and download it now November 29th, 2012 10:28pm From research I have done on this, the issue seems to occur when a 2008 R2 domain controller is in place with Windows XP clients. That is not the case for me as my client machines are all running Windows 7 Pro. event id 4769 Does it matter that my Domain is running at the 2003 functionality level? I can elevate it to 2008 if needed. Also, is this a possible explaination for the minor issues listed in my original post. Thanks November 30th, 2012 12:56pm I would like to get some more help on this. Please direct me to the correct forum. Thanks Free Windows Admin Tool Kit Click here and download it now December 3rd, 2012 5:21pm Hello, As Ravikumar mentions, 0xe error type this is related to encryption problem in KDC. Have you recently changed or reset any passwords that belong to accounts that may be used to run services, scripts or programs? Have you recently changed the admin account password? Has this always been like this or when did it start? If so, what changed prior to the problem begin? If you reset a user password from ADUC, does the client PC get the change right away, later on? Here's a link with some info. Try changing the user's password and the KDC Service account PW: http://technet.microsoft.com/en-us/library/cc733991.aspx Another possibility is that if there is a virus in the network submitting dictionary attacks, some hosts experience a password lockout and that might explain the erratic behavior where restarting a printer or a PC clears things up. Check the network hosts for signs of malware. Miguel Fra | Falcon IT Services, Miami, FL w