Hello all
We are running Exchange 2010 sp2 rollup 5v2, we are currently in the middle of a migration from 2007 to 2010. I have been troubleshooting some account lockout issues for a few users, all of the users that are getting there account locked out have been migrated to 2010. When i look at the security log on one of the DC's i see the event 4771 below. The ip address in the event belongs to one of my 2010 CAS servers. I also see the same event but the ip address is the vip on the Citrix load balancer. I also notice during the day that the Outlook 2010 client will randomly prompt the user for credentials. When this happens the outlook connection status changes from TCP to HTTP. Any help on how to troubleshoot this issue is greatly appreciated.
Kerberos pre-authentication failed.
Account Information:
Security ID: ENSIGNFS\sburton
Account Name: sburton
Service Information:
Service Name: krbtgt/ensignfs
Network Information:
Client Address: ::ffff:10.200.50.52
Client Port: 21783
Additional Information:
Ticket Options: 0x40810010
Failure Code: 0x18
Pre-Authentication Type: 2
Certificate Information:
Certificate Issuer Name:
Certificate Serial Number:
Certificate Thumbprint:
Certificate information is only provided if a certificate was used for pre-authentication.
Pre-authentication types, ticket options and failure codes are defined in RFC 4120.
If the ticket was malformed or damaged during transit and could not be decrypted, then many fields in this event might not be present.
Bulls on Parade