Share this article

Improve this guide

Event ID 4771: How to Fix Kerberos Pre-authentication Failed

Check logon audits for errors in usernames

4 min. read

Updated onJuly 23, 2024

updated onJuly 23, 2024

Share this article

Improve this guide

Read our disclosure page to find out how can you help Windows Report sustain the editorial teamRead more

Key notes

Resolve multiple Windows PC issues and speed up your PC effortlessly with specialized software.

The Kerberos pre-authentication failed error indicates that the user cannot log in to Windows or any other network resource. This error occurs when there’s a problem with the Kerberos pre-authentication process.

It can occur if you use an incorrect username or password if your computer is offline or not connected to the network, or if an error occurs when connecting to a domain controller.

Why am I getting the Event ID 4771 error?

Why am I getting the Event ID 4771 error?

This error means that you tried to connect to a server using Kerberos pre-authentication, but the server did not respond to your request. In Windows, Kerberos pre-authentication verifies a user’s credentials before the KDC authenticates them.

If the pre-authentication fails, the user will be prompted for their password. For some users, the error code was Event ID 4771. Kerberos pre-authentication failed 0x18 on their PCs. For this code, the issue is a bad password. However, for Event ID 4771, this can happen for several reasons:

How can I solve the Event ID 4771 error?

How can I solve the Event ID 4771 error?

1. Enable failed logon auditing

This will generate a security event whenever a user attempts to log into a domain-joined computer and fails. Failed logon auditing will allow you to see when users have attempted to log onto the network unsuccessfully and to identify any duplicates.

Then, you can rename the accounts with duplicate names on one or more servers, or create new accounts for them with unique names.

2. Delete cached passwords

This happens because the Kerberos subsystem caches the old password in memory. When you change the password, it doesn’t get cleared from memory until it expires.

The Kerberos client then tries to use the old cached password, which doesn’t work because it has been changed on the domain controller.

3. Enable audit logon

When you enable logon auditing, it helps you determine if someone is trying to gain unauthorized access to your systems by guessing passwords or attempting other brute-force attacks.

Hopefully, you have bypassed the Event ID 4771 Kerberos pre-authentication failed error with one of these methods.

You may also come across anEvent ID 4768, where your Kerberos authentication ticket is requested. If so, don’t hesitate to check out our expert article.

In the comment section below, let us know what solution fixed this error for you.

More about the topics:windows server

Claire Moraa

Windows Software Expert

Claire has a knack for solving problems and improving the quality of life for those around her. She’s driven by rationality, curiosity, and simplicity, and always eager to learn more about Microsoft’s products. With a background in teaching and reviewing, she breaks down complex topics into easily understandable articles, focusing mostly on Windows 11, errors, and software.

User forum

0 messages

Sort by:LatestOldestMost Votes

Comment*

Name*

Email*

Commenting as.Not you?

Save information for future comments

Comment

Δ

Claire Moraa

Windows Software Expert

With a background in teaching and reviewing, she breaks down complex topics into easily understandable articles, focusing mostly on Windows 11 errors.