Event ID 4769 Audit failure with Failure Code 0xC

In this case there was a two way forest trust between two forests. Forest 1 was containing single domain1, Forest 2 was containing several domain trees. Also, there was a external trust between Domain 1 and domain B.


Users from both forest we're able to login successfully on workstations that were also members in both forests. But, when users from domain B were trying to access resources (file share \\server1.domain1.local\fileshare) in Domain1, there was a credential prompt requesting for valid username and password. On domain controllers in Domain1 Audit failure was logged with following details:

Log Name:      Security
Source:        Microsoft-Windows-Security-Auditing
Task Category: Kerberos Service Ticket Operations
Level:         Information
Keywords:      Audit Failure

Description:
A Kerberos service ticket was requested.

Account Information:
 Account Name:  user@domainB.local
 Account Domain:  domainB.local
 Logon GUID:  {00000000-0000-0000-0000-000000000000}

Service Information:
 Service Name:  cifs/server1.domain1.local
 Service ID:  NULL SID

Network Information:
 Client Address:  ::ffff:a.b.c.d
 Client Port:  49783

Additional Information:
 Ticket Options:  0x40810000
 Ticket Encryption Type: 0xffffffff
 Failure Code:  0xc
 Transited Services: -

From https://technet.microsoft.com/en-us/library/bb463166.aspx Failure code 0xC is KDC_ERR_POLICY.

I have successfully resolved this issue by enabling name suffix Domainb using Trust properties, Name Suffix Routing tab in Forest 1. After enabling Domainb in Name suffix routing tab, users from DomainB were successfully accessing resources in Domain1 using Kerberos without any credential prompt.
 

How to check EMBG (Unique Master Citizen Number) using regex

In this post, I will share my implementation of how to check if some number looks like EMBG or Unique Master Citizen Number. For those of yo...