Windows Security Log Event ID 4820

Operating Systems Windows 2012 R2 and 8.1
Windows 2016 and 10
Windows Server 2019
Category
 • Subcategory		Account Logon
 • Kerberos Authentication Service
Type Failure
Corresponding events
in Windows 2003
and before		  
Discussions on Event ID 4820
Ask a question about this event

4820: A Kerberos Ticket-granting-ticket (TGT) was denied because the device does not meet the access control restrictions

On this page

This event is new to Server 2012 R2. It does not appear in earlier versions.

This event is logged when you fail to logon due to an Authentication Policy Silo restriction not being met.

Free Security Log Resources by Randy

Setup PowerShell Audit Log Forwarding in 4 Minutes

 

Examples of 4820

A Kerberos Ticket-granting-ticket (TGT) was denied because the device does not meet the access control restrictions.

Account Information:
   Account Name: bofh
   Supplied Realm Name:
   User ID: SANDBOX\bofh

Authentication Policy Information:
   Silo Name: ADAdminSilo
   Policy Name: ADAdminPolicy
   TGT Lifetime: 45

Device Information:
  Device Name: MS$

Service Information:
   Service Name: krbtgt/SANDBOX
   Service ID: S-1-5-21-1845158320-1047333904-1474639767-0

Network Information:
   Client Address: ::ffff:192.168.1.213
   Client Port: 49222

Additional Information:
   Ticket Options: 0x78
   Result Code: 0xC
   Ticket Encryption Type: 0x7
   Pre-Authentication Type: 0

Certificate Information:
   Certificate Issuer Name:
   Certificate Serial Number:
   Certificate Thumbprint:

Certificate information is only provided if a certificate was used for pre-authentication.

Pre-authentication types, ticket options, encryption types and result codes are defined in RFC 4120.

Top 10 Windows Security Events to Monitor

Free Tool for Windows Event Collection



Mini-Seminars Covering Event ID 4820
Discussions on Event ID 4820
Ask a question about this event

 

Upcoming Webinars
Additional Resources