APPENDIX B Kerberos AS_REQ, TGS_REQ, and AP_REQ Messages Result Codes

The Kerberos Result Code field exists in security event 4768. In events 4771 and 4769 it is a named Failure Code. It represents a hexadecimal error code.

Table B-1 contains information about possible Kerberos error codes. This information is taken from multiple Kerberos-related RFCs.

Table B-1: Kerberos Error Codes

0x0 KDC_ERR_NONE No errors. Status OK.
0x1 KDC_ERR_NAME_EXP Client's entry in KDC database has expired.
0x2 KDC_ERR_SERVICE_EXP Server's entry in KDC database has expired.
0x3 KDC_ERR_BAD_PVNO Requested Kerberos version number not supported.
0x4 KDC_ERR_C_OLD_MAST_KVNO Client's key encrypted in old master key.
0x5 KDC_ERR_S_OLD_MAST_KVNO Server's key encrypted in old master key.
0x6 KDC_ERR_C_PRINCIPAL_UNKNOWN The account name doesn't exist.
0x7 KDC_ERR_S_PRINCIPAL_UNKNOWN This error can occur if the domain controller cannot find the server's name in Active Directory. This error is similar to KDC_ERR_C_PRINCIPAL_UNKNOWN except that it occurs when the server name cannot be found.
0x8 KDC_ERR_PRINCIPAL_NOT_UNIQUE This error occurs if duplicate principal names exist.
0x9 KDC_ERR_NULL_KEY No master key was found for client or server.
0xA KDC_ERR_CANNOT_POSTDATE This error can occur if a client requests postdating of a Kerberos ticket. Postdating is the act of requesting that a ticket's start time be set into the future.

It also can occur if there ...

Get Windows Security Monitoring now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.