Windows Security Log Event ID 673

Operating Systems Windows Server 2000
Windows 2003 and XP
CategoryAccount Logon
Type Success
Failure
Corresponding events
in Windows 2008
and Vista
4769 , 4773  

673: Service Ticket Granted

On this page

This event varies depending on the OS.

Win2000

Whereas event ID 672 lets you track initial logons through the granting of TGTs, this lets you monitor the granting of service tickets. Service tickets are obtained whenever a user or computer accesses a server on the network. For example, when a user maps a drive to a file server, the resulting service ticket request generates event ID 673 on the DC.

User Name and User Domain identify the user.
Service Name corresponds the computer name of the server the user accessed.
Client Address specifies the IP address where the user resides.

Win2003

W3 uses this event ID for both successful and failed service ticket requests.

Whereas event ID 672 lets you track initial logons through the granting of TGTs, this lets you monitor the granting of service tickets. Service tickets are obtained whenever a user or computer accesses a server on the network. For example, when a user maps a drive to a file server, the resulting service ticket request generates event ID 673 on the DC.

User Name and User Domain identify the user.
Service Name corresponds the computer name of the server the user accessed.
Client Address specifies the IP address where the user resides.

The reason for a failed service ticket request is specified in Failure Code.

This event is logged only on domain controllers.

Free Security Log Resources by Randy

Description Fields in 673

  •  User Name:  %1
  •  User Domain:  %2
  •  Service Name:  %3
  •  Service ID:  %4
  •  Ticket Options:  %5
  •  Ticket Encryption Type: %6
  •  Client Address:  %7
  •  Failure Code:  %8
  •  Logon GUID:  %9
  •  Transited Services: %10

Supercharger Enterprise


 

Examples of 673

Win2000

Service Ticket Granted
User Name: %1
User Domain: %2
Service Name: %3
Service ID: %4
Ticket Options: %5
Ticket Encryption Type: %6
Client Address: %7

Win2003

Service Ticket Request:
User Name:
User Domain:SERVER.APPLEADV.COM
Service Name:host/server1.server.appleadv.com
Service ID:-
Ticket Options:0x40830000
Ticket Encryption Type:-
Client Address:127.0.0.1
Failure Code:0xD
Logon GUID:-
Transited Services:-

Top 10 Windows Security Events to Monitor

Free Tool for Windows Event Collection



 

Upcoming Webinars
    Additional Resources