From 5dbf3b30044f5c4d7c69ba5d10e638c1d367b1cc Mon Sep 17 00:00:00 2001
From: Nathan <37495851+AlbinoGazelle@users.noreply.github.com>
Date: Mon, 1 May 2023 22:05:11 -0700
Subject: [PATCH 1/3] Update event-4769.md
Remove "## Table 4. Kerberos encryption types" format issue in Ticket Options table
---
windows/security/threat-protection/auditing/event-4769.md | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/windows/security/threat-protection/auditing/event-4769.md b/windows/security/threat-protection/auditing/event-4769.md
index 98746150c6..8389aed242 100644
--- a/windows/security/threat-protection/auditing/event-4769.md
+++ b/windows/security/threat-protection/auditing/event-4769.md
@@ -179,8 +179,7 @@ The most common values:
| 28 | Enc-tkt-in-skey | No information. |
| 29 | Unused | - |
| 30 | Renew | The RENEW option indicates that the present request is for a renewal. The ticket provided is encrypted in the secret key for the server on which it is valid. This option will only be honored if the ticket to be renewed has its RENEWABLE flag set and if the time in its renew-till field hasn't passed. The ticket to be renewed is passed in the padata field as part of the authentication header. |
-| 31 | Validate | This option is used only by the ticket-granting service. The VALIDATE option indicates that the request is to validate a postdated ticket. Shouldn't be in use, because postdated tickets aren't supported by KILE. |
-| ## Table 4. Kerberos encryption types | | |
+| 31 | Validate | This option is used only by the ticket-granting service. The VALIDATE option indicates that the request is to validate a postdated ticket. Shouldn't be in use, because postdated tickets aren't supported by KILE. | |
- **Ticket Encryption Type**: \[Type = HexInt32\]: the cryptographic suite that was used for issued TGS.
From 5deaa8bfd7d63e212319b7a924012484c2d9e2b4 Mon Sep 17 00:00:00 2001
From: Vinay Pamnani <37223378+vinaypamnani-msft@users.noreply.github.com>
Date: Tue, 2 May 2023 10:06:26 -0400
Subject: [PATCH 2/3] Update event-4769.md
---
windows/security/threat-protection/auditing/event-4769.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/windows/security/threat-protection/auditing/event-4769.md b/windows/security/threat-protection/auditing/event-4769.md
index 8389aed242..e09755689b 100644
--- a/windows/security/threat-protection/auditing/event-4769.md
+++ b/windows/security/threat-protection/auditing/event-4769.md
@@ -179,7 +179,7 @@ The most common values:
| 28 | Enc-tkt-in-skey | No information. |
| 29 | Unused | - |
| 30 | Renew | The RENEW option indicates that the present request is for a renewal. The ticket provided is encrypted in the secret key for the server on which it is valid. This option will only be honored if the ticket to be renewed has its RENEWABLE flag set and if the time in its renew-till field hasn't passed. The ticket to be renewed is passed in the padata field as part of the authentication header. |
-| 31 | Validate | This option is used only by the ticket-granting service. The VALIDATE option indicates that the request is to validate a postdated ticket. Shouldn't be in use, because postdated tickets aren't supported by KILE. | |
+| 31 | Validate | This option is used only by the ticket-granting service. The VALIDATE option indicates that the request is to validate a postdated ticket. Shouldn't be in use, because postdated tickets aren't supported by KILE. |
- **Ticket Encryption Type**: \[Type = HexInt32\]: the cryptographic suite that was used for issued TGS.
From 58a0a12ee2aab1660b0a6572209329bc88b2efd9 Mon Sep 17 00:00:00 2001
From: Stephanie Savell <101299710+v-stsavell@users.noreply.github.com>
Date: Tue, 2 May 2023 10:32:48 -0500
Subject: [PATCH 3/3] Update event-4769.md
---
windows/security/threat-protection/auditing/event-4769.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/windows/security/threat-protection/auditing/event-4769.md b/windows/security/threat-protection/auditing/event-4769.md
index e09755689b..ea8fbab15b 100644
--- a/windows/security/threat-protection/auditing/event-4769.md
+++ b/windows/security/threat-protection/auditing/event-4769.md
@@ -251,7 +251,7 @@ The table below contains the list of the most common error codes for this event:
| 0x32 | KRB\_AP\_ERR\_INAPP\_CKSUM | Inappropriate type of checksum in message (checksum may be unsupported) | When KDC receives KRB\_TGS\_REQ message it decrypts it, and after the user-supplied checksum in the Authenticator MUST be verified against the contents of the request, and the message MUST be rejected if the checksums don't match (with an error code of KRB\_AP\_ERR\_MODIFIED) or if the checksum isn't collision-proof (with an error code of KRB\_AP\_ERR\_INAPP\_CKSUM). |
| 0x33 | KRB\_AP\_PATH\_NOT\_ACCEPTED | Desired path is unreachable | No information. |
| 0x34 | KRB\_ERR\_RESPONSE\_TOO\_BIG | Too much data | The size of a ticket is too large to be transmitted reliably via UDP. In a Windows environment, this message is purely informational. A computer running a Windows operating system will automatically try TCP if UDP fails. |
-| 0x3C | KRB\_ERR\_GENERIC | Generic error | Group membership has overloaded the PAC.
Multiple recent password changes hanven't propagated.
Crypto subsystem error caused by running out of memory.
SPN too long.
SPN has too many parts. |
+| 0x3C | KRB\_ERR\_GENERIC | Generic error | Group membership has overloaded the PAC.
Multiple recent password changes haven't propagated.
Crypto subsystem error caused by running out of memory.
SPN too long.
SPN has too many parts. |
| 0x3D | KRB\_ERR\_FIELD\_TOOLONG | Field is too long for this implementation | Each request (KRB\_KDC\_REQ) and response (KRB\_KDC\_REP or KRB\_ERROR) sent over the TCP stream is preceded by the length of the request as 4 octets in network byte order. The high bit of the length is reserved for future expansion and MUST currently be set to zero. If a KDC that doesn't understand how to interpret a set high bit of the length encoding receives a request with the high order bit of the length set, it MUST return a KRB-ERROR message with the error KRB\_ERR\_FIELD\_TOOLONG and MUST close the TCP stream. |
| 0x3E | KDC\_ERR\_CLIENT\_NOT\_TRUSTED | The client trust failed or is not implemented | This typically happens when user’s smart-card certificate is revoked or the root Certification Authority that issued the smart card certificate (in a chain) isn't trusted by the domain controller. |
| 0x3F | KDC\_ERR\_KDC\_NOT\_TRUSTED | The KDC server trust failed or could not be verified | The trustedCertifiers field contains a list of certification authorities trusted by the client, in the case that the client doesn't possess the KDC's public key certificate. If the KDC has no certificate signed by any of the trustedCertifiers, then it returns an error of type KDC\_ERR\_KDC\_NOT\_TRUSTED. See [RFC1510](https://www.ietf.org/proceedings/50/I-D/cat-kerberos-pk-init-13.txt) for more details. |