so many event id 16 on DC. 'while processing a TGT...'

  • 146 Views
  • Last Post 28 November 2017
MatCollins posted this 22 November 2017

hello,

in our domain controllers there are so many event 16 which indicates 'while processin a TGS request for the target server XXX the account YYY did not have a suitable ..... '

we do not have configured des to disable and i have no idea why is that generating so much. 

have you guys experienc this?

the YYY acount i mentioned can be computer acc or user.

Order By: Standard | Newest | Votes
MatCollins posted this 23 November 2017

update:

take a look below. this error is strange!

While processing a TGS request for the target server krbtgt/CONTOSO.COM, the account J.Doe@ROOT.CONTOSO.COM did not have a suitable key for generating a Kerberos ticket (the missing key has an ID of 8). The requested etypes were 18  17. The accounts available etypes were 18  17  23  -133  -128  24  -135. Changing or resetting the password of CONTOSO.COM will generate a proper key.

there is a logic problem here. error says the requested type were 18,17, but also says the available types were 18,17,23,... . If 18,17 were available, then why this error generated?

ElasticSky posted this 23 November 2017

Hi Mat,

 

Just wondering if you could give some more background like:

 

1.      

Were there any changes recently in the domain, i.e. did you just install 2008 R2 domain controllers?

2.      

Do you still have 2000/2003 DCs in the environment?

3.      

Did you recently increase the DFL/FFL of the domain?

 

Thanks in advance and sorry to be asking dumb questions.

 

Glen

 

show

MatCollins posted this 28 November 2017

thanks for the reply. but the answer to all of them is no.

our environment is 2012 R2. dfl and ffl both.

 

Close