System Event » Windows System Event: 4821
Event ID 4821: A Kerberos service ticket was denied because the user, device, or both does not meet the access control restrictions.
Description | A Kerberos service ticket was denied because the user, device, or both does not meet the access control restrictions.This event is generated every time access is requested to a resource such as a computer or a Windows service. |
Category | Account logon |
Subcategory | Kerberos service ticket operation |
The event logs the following information:
Account information |
|
Device information |
|
Service information |
|
Authentication policy information |
|
Network Information |
|
Additional information |
|
Information:
- This event can be correlated with Windows logon events by comparing the Logon GUID fields in each event.
- The logon event occurs on the machine that was accessed, which is often a different machine than the domain controller which issued the service ticket.
- Ticket options, encryption types, and failure codes are defined in RFC 4120.
Event 4821 applies to the following operating systems:
- Windows Server 2012 R2 and 8.1
- Windows Server 2016 and 10
Explore Active Directory auditing and reporting with ADAudit Plus.
Account Management Auditing
Active Directory Auditing
Windows Server Auditing
- Related Products
- ADManager Plus Active Directory Management & Reporting
- ADAudit Plus Real-time Active Directory Auditing and UBA
- EventLog Analyzer Real-time Log Analysis & Reporting
- ADSelfService Plus Self-Service Password Management
- AD360 Integrated Identity & Access Management
- Log360 (On-Premise | Cloud) Comprehensive SIEM and UEBA
- AD Free Tools Active Directory FREE Tools