![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(112.00000000000001, 32%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EP%3C/text%3E%3C/svg%3E)
In case you didn't find it already there is an update in the known issues section of the KB: https://support.microsoft.com/en-us/topic/kb5008380-authentication-updates-cve-2021-42287-9dafac11-e0d0-4cb8-959a-143bd0201041
Event ID 37 - Kerberos-Key-Distribution-Center
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(249.60000000000002, 17%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECG%3C/text%3E%3C/svg%3E)
Computer Gladiator
111
Reputation points
Hello,
the events 35 and 37 started to appear in the event logs a couple of weeks ago and from what I researched, Microsoft should be providing a Windows Update for this issue. Can anyone confirm or have further insight on this issue?
Event Id 37
The Key Distribution Center (KDC) encountered a ticket that did not contain information about the account that requested the ticket while processing a request for another ticket. This prevented security checks from running and could open security vulnerabilities. See https://go.microsoft.com/fwlink/?linkid=2173051 to learn more.
Ticket PAC constructed by: <domain controller>
Client: <domain>\<computername>
Ticket for: krbtgt
Event ID 35
The Key Distribution Center (KDC) encountered a ticket-granting-ticket (TGT) from another KDC (<domain controller>) that did not contain a PAC attributes field. See https://go.microsoft.com/fwlink/?linkid=2173051 to learn more.
Thank you
Windows for business | Windows Server | User experience | Other
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(313.6, 1%, 40%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPM%3C/text%3E%3C/svg%3E)
Pablo Ma Za 11 Reputation points2022-04-28T11:59:53.097+00:00 April's update is supposed to address the Event ID 37 issues: https://support.microsoft.com/en-us/topic/april-12-2022-kb5012639-security-only-update-c10b9e81-83aa-4c78-9f05-9e7faffbedcb
Sign in to comment
12 answers
Sort by: Most helpful
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Anonymous2021-12-06T20:08:10.337+00:00 Once all the members have been patched fully with latest cumulative update the event log warnings should go away.
--please don't forget to
upvoteandAccept as answerif the reply is helpful---
Anonymous
2021-12-07T13:48:31.47+00:00 Just checking if there's any progress or updates?
--please don't forget to
upvoteandAccept as answerif the reply is helpful--
Sign in to comment -
-
Computer Gladiator 111 Reputation points
2021-12-09T00:30:42.26+00:00 Here is a sample of Event ID 37 I am talking about.
The Key Distribution Center (KDC) encountered a ticket that did not contain information about the account that requested the ticket while processing a request for another ticket. This prevented security checks from running and could open security vulnerabilities. See https://go.microsoft.com/fwlink/?linkid=2173051 to learn more.
Ticket PAC constructed by: <domaincontroller>
Client: domain.local\<username>
Ticket for: krbtgtThanks
-
Anonymous
2021-12-09T00:53:07.453+00:00 Looks like you may get one warning for every user.
https://support.microsoft.com/en-us/topic/kb5008380-authentication-updates-cve-2021-42287-9dafac11-e0d0-4cb8-959a-143bd0201041
Adds the new PAC to users who authenticated using an Active Directory domain controller that has the November 9, 2021 or later updates installed. When authenticating, if the user has the new PAC, the PAC is validated.--please don't forget to
upvoteandAccept as answerif the reply is helpful--
Sign in to comment -
-
Anonymous
2021-12-08T19:26:45.853+00:00 They all stopped for me about two weeks ago.
One log indicates a users username
can you post it?
-
Computer Gladiator 111 Reputation points
2021-12-08T17:44:46.99+00:00 Hi, thank you for this confirmation. I manually ran updates on couple of systems but still appears to show up in the domain controller event logs. One log indicates a users username and not the system computer. Do you have an explanation for this?
Thank you