Windows System Event: 4821

Active Directory Auditing Tool

The Who, Where and When information is very important for an administrator to have complete knowledge of all activities that occur on their Active Directory. This helps them identify any desired / undesired activity happening. ADAudit Plus assists an administrator with this information in the form of reports. In real-time, ensure critical resources in the network like the Domain Controllers are audited, monitored and reported with the entire information on AD objects - Users, Groups, GPO, Computer, OU, DNS, AD Schema and Configuration changes with 200+ detailed event specific GUI reports and email alerts.

System Event » Windows System Event: 4821

Event ID 4821: A Kerberos service ticket was denied because the user, device, or both does not meet the access control restrictions.

Description A Kerberos service ticket was denied because the user, device, or both does not meet the access control restrictions.This event is generated every time access is requested to a resource such as a computer or a Windows service.
Category Account logon
Subcategory Kerberos service ticket operation

The event logs the following information:

Account information
  • Account Name
  • Account Domain
  • Logon ID
Device information
  • Device name
Service information
  • Service name
  • Service ID
Authentication policy information
  • Silo name
  • Policy name
Network Information
  • Client address
  • Client port
Additional information
  • Ticket information
  • Ticket encryption type
  • Failure code
  • Transit services

Information:

  • This event can be correlated with Windows logon events by comparing the Logon GUID fields in each event.
  • The logon event occurs on the machine that was accessed, which is often a different machine than the domain controller which issued the service ticket.
  • Ticket options, encryption types, and failure codes are defined in RFC 4120.

Event 4821 applies to the following operating systems:

  • Windows Server 2012 R2 and 8.1
  • Windows Server 2016 and 10