Event ID - 24

Event Id24
SourceMicrosoft-Windows-Kerberos-Key-Distribution-Center
DescriptionA service ticket request by client %1 for %2 was rejected because User2User was required. The KDC responds with this error when a client requests a service ticket for a user principal (a security risk). The client must support User2User in order to obtain a service ticket for the requested service principal.
Event Information According to Microsoft :

Cause :

This event is logged when service ticket request by client was rejected because User2User was required.

Resolution :

Reset the service principal name

Each service principal name (SPN) must be unique. If the computer name is changed, the SPN is not automatically updated. You must reset the SPN so that it matches the computer name.

To perform this procedure, you must be a member of the Domain Admins group, or you must have been delegated the appropriate authority.

To reset the SPN:
  1. Log on to the computer referenced in the event log message. If this computer is not running Windows Server 2008, you must download and install the Windows Server 2003 Resource Kit, which includes setspn.exe.
  2. Click Start , point to All Programs , click Accessories , right-click Command Prompt , and then click Run as administrator .
  3. If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Continue .
  4. Type setspn -R , where server_name is the name of the server for which you need to reset the SPN.
Verify :

To perform this procedure, you must be a member of the Domain Admins group, or you must have been delegated the appropriate authority.

To verify that the service principal name (SPN) was configured correctly:
  1. Log on to a domain controller.
  2. Click Start , point to All Programs , click Accessories , right-click Command Prompt , and then click Run as administrator .
  3. If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Continue .
  4. Type setspn -L , where computer_name is the name of the computer referenced in the event log message.
  5. The output of this command will show the SPN configured for this computer.
  6. If there are no duplicate entries, the SPNs are configured correctly.
Reference LinksEvent ID 24 from Microsoft-Windows-Kerberos-Key-Distribution-Center

Catch threats immediately

We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.

See what we caught

Did this information help you to resolve the problem?

Yes: My problem was resolved.
No: The information was not helpful / Partially helpful.
 Refresh