| Event Id | 4768 |
| Source | Microsoft-Windows-Security-Auditing |
| Description | A Kerberos authentication ticket (TGT) was requested. Account Information: Account Name:<Account Name> Supplied Realm Name:<Supplied Realm Name> User ID:<User ID> Service Information: Service Name:<Service Name> Service ID: <Service ID> Network Information: Client Address:<Client Address> Client Port: <Client Port> Additional Information: Ticket Options:<Ticket Options> Result Code:<Result Code> Ticket Encryption Type:<Ticket Encryption Type> Pre-Authentication Type:<Pre-Authentication Type> Certificate Information: Certificate Issuer Name:<Certificate Issuer Name> Certificate Serial Number:<Certificate Serial Number> Certificate Thumbprint:<Certificate Thumbprint> |
| Event Information | Cause : This event is logged when a computer in the domain needs to authenticate to the DC typically when a workstation boots up or a server restarts. In these instances, you'll find a computer name in the User Name and fields. Computer generated kerberos events are always identifiable by the $ after the computer account's name. Resolution : If Authentication ticket requst granted successfully then Success audit event is Logged.In case of authentication ticket request fails Then Audit failure event is logged.Check the Result Code for the reason of failure. For more information KerBeros error codes,Refer the link Kerberos error codes. |
| Reference Links | Kerberos error |
Catch threats immediately
We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.