Kerberos Service Ticket Operations Audit Failure
Looking for some advice. We recently upgraded our Domain Controllers to Windows Server 2008 R2 and are running in the Windows Server 2008 R2 functional levels. However; we still have XP client machines. I started noticing a large number of the following audit failures: Log Name: Security Source: Microsoft-Windows-Security-Auditing Date: 4/27/2010 10:29:28 AM Event ID: 4769 Task Category: Kerberos Service Ticket Operations Level: Information Keywords: Audit Failure User: N/A Computer: Description: A Kerberos service ticket was requested. Account Information: Account Name: Account Domain: Logon GUID: {00000000-0000-0000-0000-000000000000} Service Information: Service Name: Service ID: NULL SID Network Information: Client Address: 172.16.21.44 Client Port: 1650 Additional Information: Ticket Options: 0x40800000 Ticket Encryption Type: 0xffffffff Failure Code: 0xe Transited Services: - Doing some research I found that this is the KDC granting tickets through Kerberos. It would seem that everyone is getting their tickets with no problems however it appears that the Failure Code: 0xe is related to KDC has no support for encryption type. What can I do to fix this? From what I understand encryption really changed for Kerberos in Windows Server 2008 R2. Also if this is not a issue how can I suppress these events so they will no longer fill up the event log. Any help would be greatly appreciated. Thank you
April 27th, 2010 3:06pm

Also... I am not sure if this makes any difference but we have a High Security GPO for all of our Windows XP clients that has the following setting: Network Security: LDAP client signing requiremnets Require Signing Domain controller: LDP server signing requirements Require Signing However these settings are NOT on the defualt DC policy. I imagine this means that this sitting is ingorned but thought it may be related. Thank you
Free Windows Admin Tool Kit Click here and download it now
April 27th, 2010 5:12pm

I found out how to surpress the auditing of the failure events. I used the following command on both of my DCs: auditpol /set /category:"Account Logon" /subcategory:"Kerberos Service Ticket Operations" /failure:disable However I am still not sure why these failures were showing up.
April 27th, 2010 7:40pm

Hi, This error 4768 is normal if you have new DC and old client systems. If no other problem, we can safely ignore it. The Failure Code 0xe means "KDC has no support for encryption type". This error was caused by Kerberos Enhancements in Windows Server 2008. The base Kerberos protocol in Windows Server 2008 supports AES for encryption of ticket-granting tickets (TGTs), service tickets, and session keys. But old systems don't support this new encryption type. So the first try failed and you can find a Success 4768 after this failure. For more information about Kerberos Enhancements, please refer to the following article. http://technet.microsoft.com/en-us/library/cc749438.aspx Thanks.This posting is provided "AS IS" with no warranties, and confers no rights.
Free Windows Admin Tool Kit Click here and download it now
April 29th, 2010 9:30am

What do we do if this is causing us issues? We have Mac and Linux Machines that are loosing their AD connection after a little while. I believe this is because of Kerberos Authentication issues. We are seeing the above Event on our 2008 R2 DC's for our linux / Mac computers. How can we fix this?
April 12th, 2011 11:19am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics