Windows Security Log Event ID 4820

Operating Systems	Windows 2012 R2 and 8.1 Windows 2016 and 10
Category • Subcategory	Account Logon • Kerberos Authentication Service
Type	Failure
Corresponding events in Windows 2003 and before

Discussions on Event ID 4820

Ask a question about this event

4820: A Kerberos Ticket-granting-ticket (TGT) was denied because the device does not meet the access control restrictions

On this page

Description of this event
Field level details
Examples
Discuss this event
Mini-seminars on this event

This event is new to Server 2012 R2. It does not appear in earlier versions.

This event is logged when you fail to logon due to an Authentication Policy Silo restriction not being met.

Free Security Log Resources by Randy

Supercharger Free Edition

Centrally manage WEC subscriptions.

Free.

Examples of 4820

A Kerberos Ticket-granting-ticket (TGT) was denied because the device does not meet the access control restrictions.

Account Information:
   Account Name: bofh
   Supplied Realm Name:
   User ID: SANDBOX\bofh

Authentication Policy Information:
   Silo Name: ADAdminSilo
   Policy Name: ADAdminPolicy
   TGT Lifetime: 45

Device Information:
  Device Name: MS$

Service Information:
   Service Name: krbtgt/SANDBOX
   Service ID: S-1-5-21-1845158320-1047333904-1474639767-0

Network Information:
   Client Address: ::ffff:192.168.1.213
   Client Port: 49222

Additional Information:
   Ticket Options: 0x78
   Result Code: 0xC
   Ticket Encryption Type: 0x7
   Pre-Authentication Type: 0

Certificate Information:
   Certificate Issuer Name:
   Certificate Serial Number:
   Certificate Thumbprint:

Certificate information is only provided if a certificate was used for pre-authentication.

Pre-authentication types, ticket options, encryption types and result codes are defined in RFC 4120.

Keep me up-to-date on the Windows Security Log.
Email*:
*We will NOT share this

Top 10 Windows Security Events to Monitor

Free Tool for Windows Event Collection

Mini-Seminars Covering Event ID 4820

Discussions on Event ID 4820

Ask a question about this event

Upcoming Webinars

Building MITRE ATT&CK Technique Detection into Your Security Monitoring Environment

Additional Resources

Security Log Quick Reference Chart

Encyclopedia

•	All Event IDs
•	Audit Policy

Go To Event ID:

Security Log
Quick Reference
Chart
Download now!

User name:
Password:
	/ Forgot?
	Register

December 2018 Patch Tuesday	"Patch Tuesday: Flash and Windows Kernal Vulnerabilities Exploited " - sponsored by LOGbinder

Follow @randyfsmith

Home

Follow @randyfsmith

About | Newsletter | Contact

Ultimate Windows Security is a division of Monterey Technology Group, Inc. ©2006-2018 Monterey Technology Group, Inc. All rights reserved.
Disclaimer: We do our best to provide quality information and expert commentary but use all information at your own risk.