Windows Security Log Event ID 677

Operating Systems Windows Server 2000
Windows 2003 and XP
CategoryAccount Logon
Type Failure
Corresponding events
in Windows 2008
and Vista		  

677: Service Ticket Request Failed

On this page

This event varies depending on the OS.

Win2000

Sometimes an attempt to acquire a service ticket fails even though the DC successfully authenticated the user and granted a TGT. In this case, Win2K logs event ID 677 (service ticket request failed) with a variety of failure codes depending on the situation. See event ID 675 for a list of failure codes.

Common example: user tries to connect from Win2K+ workstation to NT server. Generates event 677 with Failure Code 7. The workstation first asks the DC to grant a Kerberos service ticket, but that fails because the NT server doesn't support Kerberos. Thus, the DC logged event ID 677 with Failure Code 7. This type of error is transparent to the user because the workstation immediately falls back to using NTLM.

Win2003

This event is not logged by Windows Server 2003 despite MS Documentation. It is replaced by 673 type Failure Audit.

Free Security Log Resources by Randy

Description Fields in 677

  • User Name: %1  
  • User Domain: %2  
  • Service Name: %3  
  • Ticket Options: %4  
  • Failure Code: %5 (see event 675 for list of failure codes)  
  • Client Address: %6

Supercharger Enterprise


 

Examples of 677

Service Ticket Request Failed:
Description: Authentication Ticket Request Failed
User Name: %1
Supplied Realm Name: %2
Service Name: %3
Ticket Options: %4
Failure Code: %5
Client Address: %6

Top 10 Windows Security Events to Monitor

Free Tool for Windows Event Collection

Stay up-to-date on the Latest in Cybersecurity
Sign up for the Ultimate IT Security newsletter to hear about the latest webinars, patches, CVEs, attacks, and more.
Work Email:

 

Upcoming Webinars
    Additional Resources

      Go To Event ID:

      Security Log
      Quick Reference
      Chart
      Download now!