Share this article

Improve this guide

What is Event ID 4769 & How to Fix It?

Change your authentication level to a more secure encryption type

4 min. read

Updated onOctober 4, 2023

updated onOctober 4, 2023

Share this article

Improve this guide

Read our disclosure page to find out how can you help Windows Report sustain the editorial teamRead more

Key notes

The Event ID 4769 Kerberoasting is a security alert. This event can be used to detect the presence of malicious users who are attempting to use Kerberos to impersonate another user or service.

It is generated every time a DC is contacted to validate the security token. The Kerberos authentication protocol is used to prove the identity of a client who wants to access a network resource on behalf of an end user. So, if you spot this particular Event ID, here is what you should do.

What causes the Event ID 4769?

What causes the Event ID 4769?

This event indicates that the server attempted to request a Kerberos service ticket for the user account specified in the Event ID. Usually, the user’s security token was sent to a domain controller (DC) for validation.

This can happen because the requested user account is not in the domain or because of an error in the KDC database. Other reasons include:

How can I fix Event ID 4769?

How can I fix Event ID 4769?

1. Raise the authentication level

It is important to change the Event ID 4769 ticket encryption type. This is because the authentication level of your encryption algorithm determines the strength of your password. The stronger the password, the more difficult it is for someone to hack into your online accounts.

2. Enable auditing

If you have enabled Kerberos auditing, you can see this event. When unauthorized users attempt to log in, you’ll get a notification. It will also list the error code for users trying to obtain tickets using the credentials of other users or services in your environment.

You can then take the necessary steps to block the users. This is especially important for the Event ID 4769 failure code 0x1b. Such errors can be hard to detect as they do not pass through client-server authentication.

3. Reset Kerberos password

Kerberoasting is a technique to harvest Kerberos tickets from Windows domain controllers. It’s one of the most effective ways to gain elevated privileges in a domain environment.

To resolve this issue, you must reset the user’s password in Active Directory Users and Computers (ADUC). Usually, these are privileges exclusive to the administrator, so you need to get in touch and request a password reset.

You may also encounter theEvent ID 4771 errorwhere Kerberos pre-authentication has failed, so don’t hesitate to check out our guide for more.

Let us know if you have been able to solve this error in the comment section below.

More about the topics:server

Claire Moraa

Windows Software Expert

Claire has a knack for solving problems and improving the quality of life for those around her. She’s driven by rationality, curiosity, and simplicity, and always eager to learn more about Microsoft’s products. With a background in teaching and reviewing, she breaks down complex topics into easily understandable articles, focusing mostly on Windows 11, errors, and software.

User forum

0 messages

Sort by:LatestOldestMost Votes

Comment*

Name*

Email*

Commenting as.Not you?

Save information for future comments

Comment

Δ

Claire Moraa

Windows Software Expert

With a background in teaching and reviewing, she breaks down complex topics into easily understandable articles, focusing mostly on Windows 11 errors.