Event Details
User Activity->Logons->Failed Logons->Windows 2000-2003->EventID 672 - Authentication Ticket Request [Win 2003]
EventID 672 - Authentication Ticket Request [Win 2003]
 Sample: 
        Event Type:     Success Audit
        Event Source:   Security
        Event Category: Account Logon
        Event ID:       672
        Date:           10/26/2009
        Time:           07:31:56
        User:           NT AUTHORITY\SYSTEM
        Computer:       DC1
        Description:
        Authentication Ticket Request:
        User Name:		Paul
        Supplied Realm Name:	RESEARCH
        User ID:			{S-1-5-21-184992632-1607737289-1287950321-1178}
        Service Name:		krbtgt
        Service ID:		{S-1-5-21-184992632-1607737289-1287950321-502}
        Ticket Options:		0x40810010
        Result Code:		-
        Ticket Encryption Type:	0x17
        Pre-Authentication Type:	2
        Client Address:		127.0.0.1
        Certificate Issuer Name:
        Certificate Serial Number:
        Certificate Thumbprint:
Log Type: Windows Event Log
 Uniquely Identified By:
Log Name: Security
Filtering Field Equals to Value
OSVersion Windows 2003
Category Account Logon
Source Security
EventId 672
Type Failure Audit
Field Matching
FieldDescriptionStored inSample Value
When At what date and time a user activity originated in the system. DateTime 1/1/2000
Who Account or user name under which the activity occured. User Name Paul
What The type of activity occurred (e.g. Logon, Password Changed, etc.) "Kerberos Authentication" Kerberos Authentication
Where The name of the workstation/server where the activity was logged. Computer 10.10.10.10
Where From The name of the workstation/server where the activity was initiated from. Client Address 127.0.0.1
Severity Specify the seriousness of the event. "High" High
WhoDomain Supplied Realm Name RESEARCH
WhereDomain -
Result Successful or Failed. "Failed" Failed
Failure Reason Failure Reason - Bad user name or password, not enough privileges, etc. Result Code -
Comments
You must be logged in to comment