Event ID 4821: A Kerberos service ticket was denied because the user, device, or both does not meet the access control restrictions.
|Description||A Kerberos service ticket was denied because the user, device, or both does not meet the access control restrictions.This event is generated every time access is requested to a resource such as a computer or a Windows service.|
|Subcategory||Kerberos service ticket operation|
The event logs the following information:
|Authentication policy information||
- This event can be correlated with Windows logon events by comparing the Logon GUID fields in each event.
- The logon event occurs on the machine that was accessed, which is often a different machine than the domain controller which issued the service ticket.
- Ticket options, encryption types, and failure codes are defined in RFC 4120.
Event 4821 applies to the following operating systems:
- Windows Server 2012 R2 and 8.1
- Windows Server 2016 and 10