Event ID: 4820

A Kerberos Ticket-granting-ticket (TGT) was denied because the device does not meet the access control restrictions

A Kerberos Ticket-granting-ticket (TGT) was denied because the device does not meet the access control restrictions.

Account Information:
    Account Name:       %1
    Supplied Realm Name:    %2
    User ID:            %3

Authentication Policy Information:
    Silo Name:      %16
    Policy Name:        %17
    TGT Lifetime:       %18

Device Information:
    Device Name:        %4

Service Information:
    Service Name:       %5
    Service ID:     %6

Network Information:
    Client Address:     %11
    Client Port:        %12

Additional Information:
    Ticket Options:     %7
    Result Code:        %8
    Ticket Encryption Type: %9
    Pre-Authentication Type:    %10

Certificate Information:
    Certificate Issuer Name:        %13
    Certificate Serial Number:  %14
    Certificate Thumbprint:     %15

Certificate information is only provided if a certificate was used for pre-authentication.

Pre-authentication types, ticket options, encryption types and result codes are defined in RFC 4120.



Name Field Insertion String OS Example
Ticket Encryption Type TicketEncryptionType %9 Any View Codes
Pre-Authentication Type PreAuthType %10 Any View Codes


Lookup Audit Policy Configuration Settings

C:\> AuditPol.exe /get /subcategory:"Kerberos Authentication Service"
How to enable Windows Auditing



LEFT/RIGHT arrow keys for navigation

Back to List