Windows Security Log Event ID 4820
| Operating Systems |
Windows 2012 R2 and 8.1
Windows 2016 and 10
Windows Server 2019 and 2022
|
Category
• Subcategory | Account Logon
• Kerberos Authentication Service |
|
Type
|
Failure
|
Corresponding events
in Windows
2003
and before |
|
4820: A Kerberos Ticket-granting-ticket (TGT) was denied because the device does not meet the access control restrictions
On this page
This event is new to Server 2012 R2. It does not appear in earlier versions.
This event is logged when you fail to logon due to an Authentication Policy Silo restriction not being met.
Free Security Log Resources by Randy
Setup PowerShell Audit Log Forwarding in 4 Minutes
A Kerberos Ticket-granting-ticket (TGT) was denied because the device does not meet the access control restrictions.
Account Information:
Account Name: bofh
Supplied Realm Name:
User ID: SANDBOX\bofh
Authentication Policy Information:
Silo Name: ADAdminSilo
Policy Name: ADAdminPolicy
TGT Lifetime: 45
Device Information:
Device Name: MS$
Service Information:
Service Name: krbtgt/SANDBOX
Service ID: S-1-5-21-1845158320-1047333904-1474639767-0
Network Information:
Client Address: ::ffff:192.168.1.213
Client Port: 49222
Additional Information:
Ticket Options: 0x78
Result Code: 0xC
Ticket Encryption Type: 0x7
Pre-Authentication Type: 0
Certificate Information:
Certificate Issuer Name:
Certificate Serial Number:
Certificate Thumbprint:
Certificate information is only provided if a certificate was used for pre-authentication.
Pre-authentication types, ticket options, encryption types and result codes are defined in RFC 4120.
Top 10 Windows Security Events to Monitor
Free Tool for Windows Event Collection