Event ID 4771: How to Fix Kerberos Pre-authentication Failed

Check logon audits for errors in usernames

by Claire Moraa
Claire Moraa
Claire Moraa
Author
Claire likes to think she's got a knack for solving problems and improving the quality of life for those around her. Driven by the forces of rationality, curiosity,... read more
Updated on
Reviewed by Alex Serban
Alex Serban
Alex Serban
Windows Server & Networking Expert
After moving away from the corporate work-style, Alex has found rewards in a lifestyle of constant analysis, team coordination and pestering his colleagues. Holding an MCSA Windows Server... read more
Affiliate Disclosure
  • The Kerberos pre-authentication failed error indicates that the domain controller failed to authenticate the user. 
  • This may be due to the user intentionally entering an incorrect password, or it may indicate that an unauthorized person is attempting to access your network. 
  • Always ensure you have a stable internet connection for verification to take place.

XINSTALL BY CLICKING THE DOWNLOAD FILE
To fix various PC problems, we recommend Restoro PC Repair Tool:
This software will repair common computer errors, protect you from file loss, malware, hardware failure and optimize your PC for maximum performance. Fix PC issues and remove viruses now in 3 easy steps:

  1. Download Restoro PC Repair Tool that comes with Patented Technologies (patent available here).
  2. Click Start Scan to find Windows issues that could be causing PC problems.
  3. Click Repair All to fix issues affecting your computer's security and performance
  • Restoro has been downloaded by 0 readers this month.

The Kerberos pre-authentication failed error indicates that the user cannot log in to Windows or any other network resource. This error occurs when there’s a problem with the Kerberos pre-authentication process. 

It can occur if you use an incorrect username or password, if your computer is offline or not connected to the network, or if an error occurs when connecting to a domain controller.

Why am I getting the Event ID 4771 error?

This error means that you tried to connect to a server using Kerberos pre-authentication, but the server did not respond to your request. In Windows, Kerberos pre-authentication verifies a user’s credentials before the KDC authenticates them. 

If the pre-authentication fails, the user will be prompted for their password. For some users, the error code came up as Event ID 4771 Kerberos pre-authentication failed 0x18 on their PCs. For this code, the issue is a bad password. However, for Event ID 4771, this can happen for several reasons:

  • Server clock mismatch – The likely cause is that your computer’s clock is out of sync with the server’s clock. This can happen if your computer was offline for a long period and came back online but failed to synchronize its clock
  • Incorrect password – Most users who encountered the Event ID 4771 error admitted to having recently changed their passwords. However, for unique IDs such as Event ID 4771 status 0x12, it means that the user’s credentials have been revoked.
  • Cached credentials – Cached credentials are used to reduce login times and to improve security because they’re obtained automatically from the directory server. However, when you changed passwords, they may cause conflicts.
  • Wrong domain – Make sure that you’re logging on to an account from the same domain as the computer you’re connecting from; otherwise, there will be no way for Active Directory to verify your credentials correctly.

How can I solve the Event ID 4771 error?

1. Enable failed logon auditing

  1. Hit the Windows + R keys to open the Run command.
  2. Type secpol.msc in the dialog box and hit Enter
  3. Navigate to the following location: Security settings/Local Policy/Audit Policies/Audit Logon Events
  4. Double-click on Audit logon events, select Success/Failure, then click on Apply and OK.

This will generate a security event whenever a user attempts to log into a domain-joined computer and fails. Failed logon auditing will allow you to see when users have attempted to log onto the network unsuccessfully and to identify any duplicates. 

Then, you can rename the accounts with duplicate names on one or more servers, or create new accounts for them with unique names.

2. Delete cached passwords

  1. Hit the Windows key, type cmd in the search bar and click Open.cmd-run-admin-w11 unexpected kernel mode trap windows 11
  2. Type the following commands and hit Enter after each one: psexec -i -s -d cmd.exe rundll32 keyngr.dll KRShowKeyMgr
  3. A list of stored usernames and passwords will appear. Delete them from your server and restart your PC.

The reason this happens is that the Kerberos subsystem caches the old password in memory. When you change the password, it doesn’t get cleared from memory until it expires. 

The Kerberos client then tries to use the old cached password, which doesn’t work because it has been changed on the domain controller.

3. Enable audit logon

  1. Hit the Windows key, type Powershell in the search bar and click Run as administrator.
  2. Type the following command and hit Enter: auditpol /set /subcategory:”logon” /failure:enable

When you enable logon auditing, it helps you determine if someone is trying to gain unauthorized access to your systems by guessing passwords or attempting other brute-force attacks. 

Hopefully, you have bypassed the Event ID 4771 Kerberos pre-authentication failed error with one of these methods.

You may also come across an Event ID 4768, where your Kerberos authentication ticket is requested. If so, don’t hesitate to check out our expert article.

Let us know what solution fixed this error for you in the comment section below.

Still having issues? Fix them with this tool:

SPONSORED

If the advices above haven't solved your issue, your PC may experience deeper Windows problems. We recommend downloading this PC Repair tool (rated Great on TrustPilot.com) to easily address them. After installation, simply click the Start Scan button and then press on Repair All.

This article covers:Topics: