Hi,
I have three windows server 2012 r2 domain controller on three different subnets and window 8.1 , windows 7 clients.
Frequently users domain lock automatically or thier sessions with domain controller losses automatically (RANDOM) due to which when they open internet explorer for internet (PROXY SERVER - TMG) they asked to provide authentication. i checked event viewer and found following logs.
Event ID : 4776
The computer attempted to validate the credentials for an account.
Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
Logon Account: abcd.zyx
Source Workstation: FNC-AHSAN
Error Code: 0xC0000071
Event ID : 4771
Kerberos pre-authentication failed.
Account Information:
Security ID: CSAPLHO\hasnain.abbas
Account Name: hasnain.abbas
Service Information:
Service Name: krbtgt/CSAPLHO.PK
Network Information:
Client Address: ::ffff:10.1.0.47
Client Port: 2751
Additional Information:
Ticket Options: 0x40810010
Failure Code: 0x12
Pre-Authentication Type: 2
Certificate Information:
Certificate Issuer Name:
Certificate Serial Number:
Certificate Thumbprint:
Certificate information is only provided if a certificate was used for pre-authentication.
Pre-authentication types, ticket options and failure codes are defined in RFC 4120.
If the ticket was malformed or damaged during transit and could not be decrypted, then many fields in this event might not be present.
I restarted all domain controllers but still not able to find any solution , pls help and advise.