question

RR-8418 avatar image
0 Votes"
RR-8418 asked LimitlessTechnology-2700 answered

why don't I get kerberos event 4769

This article https://docs.microsoft.com/en-us/windows/security/threat-protection/auditing/event-4769 describes kerberos service ticket events. I am having an issue with encryption type matching and want to examine what happens with these events, yet both of my domain controllers have no such event. I get the impression that it is something that happens often; so, why aren't there any event 4769 in the security logs? The logs go back about 6 days.
Also, I thought that maybe I needed to enable event logging with the registry entry described here https://docs.microsoft.com/en-us/troubleshoot/windows-server/identity/enable-kerberos-event-logging. I created that logLevel entry set to 1 and left it for a couple hours. Still nothing.
domain controllers: Windows Server 2012 R2
domain members: Server 2008 R2 - Server 2019

windows-server
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

LimitlessTechnology-2700 avatar image
0 Votes"
LimitlessTechnology-2700 answered

Hi there,

First of all, check your auditing settings:

In the Group Policy Management Editor, choose Computer Configuration → Go to Policies → Go to Windows Settings → Go to Security Settings → Go to Local Policies → Go to Audit Policy. Set the following audit policies:

-Audit account management: "Success"
-Audit directory service access: "Success"
-Audit logon events: "Success" and "Failure"

You can also check if you have some objects which are out of auditing policy



--If the reply is helpful, please Upvote and Accept it as an answer–

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.