krbtgt - access failure in audit log

  • Thread starter Thread starter John C. Weldin
  • Start date Start date
J

John C. Weldin

I have security auditing turned on, and periodically the krbtgt shows an
logon failure in the log. One entry shows a service ticket request failed
and another one showed that a pre-authentication failed.

Also, my krbtgt user in active directory and users shows a red X.

Are these things that I need to be concerned with?

Thanks,

John Weldin
 
John,

These are not usually something to be concerned about. The
Service Ticket Failure is likely an expired ticket which
is beyond it's Max lifetime, so it was deleted and a new
one issued. Normal.
Pre Authentication is a process which confirms that a user
has a valid Kerberos account, that their account is
not "locked-out", and that they have the User Right to
access that DC from the network; probably a user who
mistyped his or her username.
The user krbtgt is supposed to be Red-X'ed; we wouldn't
want someone to logon as the actual Kerberos Ticket
Granting Ticket, would we? ;) This is a system process, so
again, No Problem. Have you read RFC 1510 and RFC 3244?
Very enlightening.

HTH

The Optimist
 
Back
Top