Event ID 4821: A Kerberos service ticket was denied because the user, device, or both does not meet the access control restrictions.
|Description||A Kerberos service ticket was denied because the user, device, or both does not meet the access control restrictions.This event is generated every time access is requested to a resource such as a computer or a Windows service.|
|Subcategory||Kerberos service ticket operation|
The event logs the following information:
|Authentication policy information||
- This event can be correlated with Windows logon events by comparing the Logon GUID fields in each event.
- The logon event occurs on the machine that was accessed, which is often a different machine than the domain controller which issued the service ticket.
- Ticket options, encryption types, and failure codes are defined in RFC 4120.
Event 4821 applies to the following operating systems:
- Windows Server 2012 R2 and 8.1
- Windows Server 2016 and 10
Explore Active Directory auditing and reporting with ADAudit Plus.
- Related Products
- ADManager Plus Active Directory Management & Reporting
- ADAudit Plus Real-time Active Directory Auditing and UBA
- EventLog Analyzer Real-time Log Analysis & Reporting
- ADSelfService Plus Self-Service Password Management
- AD360 Integrated Identity & Access Management
- Log360 Comprehensive SIEM and UEBA
- AD Free Tools Active Directory FREE Tools