Windows Security Log Event ID 677

677: Service Ticket Request Failed

On this page

• Description of this event
• Field level details
• Examples
• Mini-seminars on this event

This event varies depending on the OS.

Win2000

Sometimes an attempt to acquire a service ticket fails even though the DC successfully authenticated the user and granted a TGT. In this case, Win2K logs event ID 677 (service ticket request failed) with a variety of failure codes depending on the situation. See event ID 675 for a list of failure codes.

Common example: user tries to connect from Win2K+ workstation to NT server. Generates event 677 with Failure Code 7. The workstation first asks the DC to grant a Kerberos service ticket, but that fails because the NT server doesn't support Kerberos. Thus, the DC logged event ID 677 with Failure Code 7. This type of error is transparent to the user because the workstation immediately falls back to using NTLM.

Win2003

This event is not logged by Windows Server 2003 despite MS Documentation. It is replaced by 673 type Failure Audit.

Free Security Log Resources by Randy

• Free Security Log Quick Reference Chart
• Windows Event Collection: Supercharger Free Edtion
• Free Active Directory Change Auditing Solution
• Free Course: Security Log Secrets

Description Fields in 677

• User Name: %1  
• User Domain: %2  
• Service Name: %3  
• Ticket Options: %4  
• Failure Code: %5 (see event 675 for list of failure codes)  
• Client Address: %6

Supercharger Free Edition

Centrally manage WEC subscriptions.

Free.

 

 

Upcoming Webinars Anatomy of a Cloud Hack: The Cloudflare/Okta Compromise – A Story of Tokens, Lateral Movement, Persistence and the Salvation of Zero Trust and Hard MFA Tokens

Additional Resources

•	Event IDs
•	All Event IDs
•	Audit Policy