Event ID - 11

Event Id11
SourceMicrosoft-Windows-Security-Kerberos
DescriptionThe Distinguished Name in the subject field of your smartcard logon certificate does not contain enough information to locate the appropriate domain on an unjoined machine. Please contact your system administrator.
Event InformationAccording to Microsoft :
Cause
This event is logged when the Distinguished Name in the subject field of your smartcard logon certificate does not contain enough information to locate the appropriate domain on an unjoined machine.
Resolution
Reissue the smart card logon certificate
To perform this procedure, you must be an enrollment agent for the domain, or you must have been delegated the appropriate authority.
Note: The user who has a smart card logon certificate that is no longer valid is identified in the event log message.
To reissue a smart card logon certificate:
1.In a Web browser, navigate to the certification authority (CA) that issues smart card certificates for your organization.
2.Click Request a certificate, and then click Advanced certificate request.
3.Click Request a certificate for a smart card on behalf of another user using the smart card certificate enrollment station. If you are prompted to accept the smart card signing certificate, click Yes.
4.On the Smart Card Certificate Enrollment Station Web page, in Certificate Template, click Smart Card Logon.
5.In Certification Authority, click the name of the CA you want to issue the smart card certificate.
6.In Cryptographic Service Provider, select the cryptographic service provider (CSP) of the smart card's manufacturer.
7.In Administrator Signing Certificate, click the Enrollment Agent certificate that will sign the enrollment request.
8.In User To Enroll, click Select User, select the appropriate user account, and then click Enroll.
9.When prompted, insert the smart card into the smart card reader on your computer, and then click OK.
10.Enter the personal identification number (PIN) for the smart card.
11.lick Yes, confirming that you want to replace the existing credentials on the smart card.
Verify
To verify that the Kerberos client is correctly configured, you should ensure that a Kerberos ticket was received from the Key Distribution Center (KDC) and cached on the local computer. You can view cached Kerberos tickets on the local computer by using the Klist command-line tool.
Note: Klist.exe is not included with Windows Vista, Windows Server 2003, Windows XP, or Windows 2000. You must download and install the Windows Server Resource Kit before you can use Klist.exe.
To view cached Kerberos tickets by using Klist:
1.Log on to the Kerberos client computer.
2.Click Start, point to All Programs, click Accessories, and then click Command Prompt.
3.Type klist tickets, and then press ENTER.
4.Verify that a cached Kerberos ticket is available.
Ensure that the Client field displays the client on which you are running Klist.
Ensure that the Server field displays the domain in which you are connecting.
5.Close the command prompt.
Reference LinksEvent ID 11 from Microsoft-Windows-Security-Kerberos

Catch threats immediately

We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.

See what we caught

Did this information help you to resolve the problem?

Yes: My problem was resolved.
No: The information was not helpful / Partially helpful.