why don't I get kerberos event 4769

Question

question

RR-8418 asked Apr 26, '22 LimitlessTechnology-2700 answered Apr 28, '22

why don't I get kerberos event 4769

This article https://docs.microsoft.com/en-us/windows/security/threat-protection/auditing/event-4769 describes kerberos service ticket events. I am having an issue with encryption type matching and want to examine what happens with these events, yet both of my domain controllers have no such event. I get the impression that it is something that happens often; so, why aren't there any event 4769 in the security logs? The logs go back about 6 days.
Also, I thought that maybe I needed to enable event logging with the registry entry described here https://docs.microsoft.com/en-us/troubleshoot/windows-server/identity/enable-kerberos-event-logging. I created that logLevel entry set to 1 and left it for a couple hours. Still nothing.
domain controllers: Windows Server 2012 R2
domain members: Server 2008 R2 - Server 2019

windows-server

5 |1600 characters needed characters left characters exceeded

Attachments: Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Answer 1 · 2022-04-28T08:02:37.58Z

LimitlessTechnology-2700 answered Apr 28, '22

Hi there,

First of all, check your auditing settings:

In the Group Policy Management Editor, choose Computer Configuration → Go to Policies → Go to Windows Settings → Go to Security Settings → Go to Local Policies → Go to Audit Policy. Set the following audit policies:

-Audit account management: "Success"
-Audit directory service access: "Success"
-Audit logon events: "Success" and "Failure"

You can also check if you have some objects which are out of auditing policy

--If the reply is helpful, please Upvote and Accept it as an answer–

5 |1600 characters needed characters left characters exceeded

Attachments: Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

question