Windows System Event: 4824

Active Directory Auditing Tool

The Who, Where and When information is very important for an administrator to have complete knowledge of all activities that occur on their Active Directory. This helps them identify any desired / undesired activity happening. ADAudit Plus assists an administrator with this information in the form of reports. In real-time, ensure critical resources in the network like the Domain Controllers are audited, monitored and reported with the entire information on AD objects - Users, Groups, GPO, Computer, OU, DNS, AD Schema and Configuration changes with 200+ detailed event specific GUI reports and email alerts.

System Event » Windows System Event: 4824

Event ID 4824 - Kerberos pre-authentication by using DES or RC4 failed because the account was a member of the Protected User group.

Description Kerberos pre-authentication by using DES or RC4 failed because the account was a member of the Protected User group.
Category Account logon
Subcategory Kerberos authentication service

This event logs the following information:

Account information
  • Security ID
  • Account Domain
Service information
  • Service name
Network Information
  • Client address
  • Client port
Additional information
  • Ticket options
  • Failure code
  • Pre-authentication type
Certificate information
  • Certificate Issuer Name
  • Certificate Serial Number
  • Certificate Thumbprint

Information:

  • Certificate information is only provided if a certificate was used for pre-authentication.
  • Pre-authentication types, ticket options and failure codes are defined in RFC 41.
  • If the ticket was malformed or damaged during transit and could not be decrypted, then many fields in this event might not be present.

Event 4824 applies to the following operating systems:

  • Windows Server 2012 R2 and 8.1
  • Windows Server 2016 and 10