![](/uploads/1/2/6/5/126576840/545149365.jpg)
Discussions on Event ID 4771. EventID: 4771 Kerberos pre. If the ticket request fails Windows will either log this event, failure 4771, or 4768 if the problem arose during 'pre-authentication'. In Windows Kerberos, password verification takes place during pre-authentication. Setup PowerShell Audit Log Forwarding in 4 Minutes.
![4771 Audit Failure Microsoft-windows-security-auditing 4771 Audit Failure Microsoft-windows-security-auditing](/uploads/1/2/6/5/126576840/704185500.png)
The client sends a KRBASREQ to the KDC (specifically the Authentication Server/AS) to request a Ticket Granting Ticket (TGT). The ASREQ is built on the client machine using the current computer time and encrypting it with the users Password hash.
![Microsoft-windows-security-auditing Microsoft-windows-security-auditing](https://social.technet.microsoft.com/wiki/cfs-file.ashx/__key/communityserver-wikis-components-files/00-00-00-00-05/572253.03.png)
There is some other information within the ASREQ packet that includes the UPN of the Principal.In a typical scenario the KDC would verify the Authentication Data, respond back to the client with a KRBASREP to the client with a TGT and session key for the TGT. This process validates that the principal authenticating knows the account and password (which in this case it does not).This information is called “Authentication Data”. The 0x6 Failure (Result) Code in the Audit Failure event translates to (KDCERRCPRINCIPALUNKNOWN) “Client was not found in Kerberos database.” The Account name specified not a recognized principal name present on the userPrincipalName attribute of the account. Map certificates to AD accounts for CCS server(s) for component communication without Audit Failures.
Use the following steps to export CCS certificates for CCS components and map them to Active Directory accounts.Steps to export the CCS Certificates using MMC snap-in:1. From the Start menu on the CCS Application Server, click Run. Type mmc in the text box and click OK. An MMC snap-in Console window launches.2. Using the File menu, click Add/Remove Snap-in.3.
Select Certificates in the Snap-in list, click Add.NOTE: When you select Certificates, a dialog box appears asking you whether you would like to manage certificates for My user account, Service account, or Computer account. For this scenario, select Computer account, click Finish, and continue.4.
When prompted to Select Computer, select Local Computer, and click Finish.5. Click OK to close the Add/Remove Snap-in dialog box. The Certificates directory is now added to the MMC console.6.
Select Certificates (Local Computer) from the Console menu. This will expand the Certificates containers.7. Select SymantecComponents Certificates container.8. Right-click certificate AppServer-%MACHINENAME% and select All Tasks Export9. This will start the Welcome to the Certificate Export Wizard. Click Next.10. Select No, do not export the private key.
Click Next.11. Select DER encoded binary X.509 (.CER). Click Next.12. Specify the folder path and name of the file you want to export. Click Next.13.
Review wizard settings and click Finish.NOTE: These steps will need to be performed on each server hosting the CCS Manager role. Please note the certificate in step 8 will be unique for CCS Manager role (i.e. It is helpful to store all exported certificate files (.CER) in a folder accessible to the Domain Controller.
![](/uploads/1/2/6/5/126576840/545149365.jpg)