why don't I get kerberos event 4769

RR 21 Reputation points
2022-04-26T18:03:16.013+00:00

This article https://learn.microsoft.com/en-us/windows/security/threat-protection/auditing/event-4769 describes kerberos service ticket events. I am having an issue with encryption type matching and want to examine what happens with these events, yet both of my domain controllers have no such event. I get the impression that it is something that happens often; so, why aren't there any event 4769 in the security logs? The logs go back about 6 days.
Also, I thought that maybe I needed to enable event logging with the registry entry described here https://learn.microsoft.com/en-us/troubleshoot/windows-server/identity/enable-kerberos-event-logging. I created that logLevel entry set to 1 and left it for a couple hours. Still nothing.
domain controllers: Windows Server 2012 R2
domain members: Server 2008 R2 - Server 2019

Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
11,930 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Limitless Technology 39,296 Reputation points
    2022-04-28T08:02:37.58+00:00

    Hi there,

    First of all, check your auditing settings:

    In the Group Policy Management Editor, choose Computer Configuration → Go to Policies → Go to Windows Settings → Go to Security Settings → Go to Local Policies → Go to Audit Policy. Set the following audit policies:

    -Audit account management: "Success"
    -Audit directory service access: "Success"
    -Audit logon events: "Success" and "Failure"

    You can also check if you have some objects which are out of auditing policy


    --If the reply is helpful, please Upvote and Accept it as an answer–

    0 comments No comments