Gzipwtf.com

Something new for everyone

Contributing

What Eventcode 4768?

Diana Montgomery

What Eventcode 4768?

If the username and password are correct and the user account passes status and restriction checks, the DC grants the TGT and logs event ID 4768 (authentication ticket granted). If the ticket request fails Windows will either log this event, 4768 or 4771 with failure as the type.

How do I monitor Kerberos authentication?

Steps to view Kerberos authentication events using Event Viewer

  1. Press Start, search for Event Viewer, and click to open it.
  2. In the Event Viewer window, on the left pane, navigate to Windows log ⟶ Security.
  3. Here, you will find a list of all the Security Events that are logged in the system.

How do I configure Kerberos?

To configure the Kerberos protocol, you need to do the following:

  1. Create an Active Directory user (you can use an existing one instead).
  2. Assign the principal names with the encrypted keys on the domain controller machine.
  3. Configure Active Directory delegation.
  4. Install and configure the Kerberos client on your machine.

How do I configure NTLM authentication?

How to Configure NTLM Authentication

  1. Go to USERS > External Authentication.
  2. Click the NTLM tab.
  3. Enter the NTLM/Kerberos realm name in the Domain Realm field.
  4. Enter the Netbios Domain Name.
  5. (Optional) Enter the MS Active Directory Workgroup Name.

Where is 4768 event ID 4768 logged?

Event ID 4768 is logged only in domain controller for both success and failure instances. If the username and password are correct and the DC grants the TGT and logs the Event ID 4768 (authentication ticket granted). If the ticket request fails Windows will either log the event 4768 with failure as the type or 4771.

How do I disable or stop the audit event 4768?

You can disable or stop the audit Event 4768 by removing success and failure audit of Kerberos Authentication Service subcategory by using the following command.

How do I find the Kerberos event ID 4768?

Windows logs other instances of event ID 4768 when a computer in the domain needs to authenticate to the DC typically when a workstation boots up or a server restarts. In these instances, you’ll find a computer name in the User Name and fields. Computer generated kerberos events are always identifiable by the $ after the computer account’s name.

Why am I getting an error code 4768 in the DC?

The DC doesn’t have a certificate installed for smart cards (Domain Controller or Domain Controller Authentication templates). This error code can’t occur in event 4768, but it can occur in 4771.

Begin typing your search term above and press enter to search. Press ESC to cancel.

Back To Top