krbtgt - access failure in audit log

J

John C. Weldin

I have security auditing turned on, and periodically the krbtgt shows an
logon failure in the log. One entry shows a service ticket request failed
and another one showed that a pre-authentication failed.

Also, my krbtgt user in active directory and users shows a red X.

Are these things that I need to be concerned with?

Thanks,

John Weldin
 
O

Opti_Mystic

John,

These are not usually something to be concerned about. The
Service Ticket Failure is likely an expired ticket which
is beyond it's Max lifetime, so it was deleted and a new
one issued. Normal.
Pre Authentication is a process which confirms that a user
has a valid Kerberos account, that their account is
not "locked-out", and that they have the User Right to
access that DC from the network; probably a user who
mistyped his or her username.
The user krbtgt is supposed to be Red-X'ed; we wouldn't
want someone to logon as the actual Kerberos Ticket
Granting Ticket, would we? ;) This is a system process, so
again, No Problem. Have you read RFC 1510 and RFC 3244?
Very enlightening.

HTH

The Optimist
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Events 675 676 677 1
Security Log 1
All domain Accounts being locked out 4
Repeated 675,681 and 677 error codes in security log 3
Failed Security Audit 1
Pre-Authentication Failure with Vista 1
Failure audit recurs for Vista system being merged to Win 2K domai 1
Event ID 676 5

Top