4820: A Kerberos Ticket-granting-ticket (TGT) was denied because the device does not meet the access control restrictions
On this page
This event is new to Server 2012 R2. It does not appear in earlier versions.
This event is logged when you fail to logon due to an Authentication Policy Silo restriction not being met.
A Kerberos Ticket-granting-ticket (TGT) was denied because the device does not meet the access control restrictions. Account Information: Account Name: bofh Supplied Realm Name: User ID: SANDBOX\bofh Authentication Policy Information: Silo Name: ADAdminSilo Policy Name: ADAdminPolicy TGT Lifetime: 45 Device Information: Device Name: MS$ Service Information: Service Name: krbtgt/SANDBOX Service ID: S-1-5-21-1845158320-1047333904-1474639767-0 Network Information: Client Address: ::ffff:192.168.1.213 Client Port: 49222 Additional Information: Ticket Options: 0x78 Result Code: 0xC Ticket Encryption Type: 0x7 Pre-Authentication Type: 0 Certificate Information: Certificate Issuer Name: Certificate Serial Number: Certificate Thumbprint: Certificate information is only provided if a certificate was used for pre-authentication. Pre-authentication types, ticket options, encryption types and result codes are defined in RFC 4120.
Keep me up-to-date on the Windows Security Log. Email*: *We will NOT share this
Top 10 Windows Security Events to Monitor
Free Tool for Windows Event Collection
Go To Event ID:
Security Log Quick Reference Chart Download now!