Hi there,
What is the Event code that you get? If the credentials were successfully validated, the authenticating computer logs this event ID with the Result-Code field equal to “0x0”.
If the authenticating computer fails to validate the credentials, the same event ID 4776 is logged but with the Result-Code field not equal to “0x0”
This event generates every time that a credential validation occurs using NTLM authentication. The main advantage of this event is that on domain controllers you can see all authentication attempts for domain accounts when NTLM authentication was used.
You can read more about this in the below article. Problems with Kerberos authentication when a user belongs to many groups https://learn.microsoft.com/en-us/troubleshoot/windows-server/windows-security/kerberos-authentication-problems-if-user-belongs-to-groups
4776(S, F): The computer attempted to validate the credentials for an account. https://learn.microsoft.com/en-us/windows/security/threat-protection/auditing/event-4776
-----------------------------------------------------------------------------------------------------------------------------------------------
--If the reply is helpful, please Upvote and Accept it as an answer–