Windows Security Log Event ID 673

Operating Systems	Windows Server 2000 Windows 2003 and XP
Category	Account Logon
Type	Success Failure
Corresponding events in Windows 2008 and Vista	4769 , 4773

673: Service Ticket Granted

On this page

Description of this event
Field level details
Examples

This event varies depending on the OS.

Win2000

Whereas event ID 672 lets you track initial logons through the granting of TGTs, this lets you monitor the granting of service tickets. Service tickets are obtained whenever a user or computer accesses a server on the network. For example, when a user maps a drive to a file server, the resulting service ticket request generates event ID 673 on the DC.

User Name and User Domain identify the user.
Service Name corresponds the computer name of the server the user accessed.
Client Address specifies the IP address where the user resides.

Win2003

W3 uses this event ID for both successful and failed service ticket requests.

Whereas event ID 672 lets you track initial logons through the granting of TGTs, this lets you monitor the granting of service tickets. Service tickets are obtained whenever a user or computer accesses a server on the network. For example, when a user maps a drive to a file server, the resulting service ticket request generates event ID 673 on the DC.

User Name and User Domain identify the user.
Service Name corresponds the computer name of the server the user accessed.
Client Address specifies the IP address where the user resides.

The reason for a failed service ticket request is specified in Failure Code.

This event is logged only on domain controllers.

Free Security Log Resources by Randy

Description Fields in 673

User Name: %1
User Domain: %2
Service Name: %3
Service ID: %4
Ticket Options: %5
Ticket Encryption Type: %6
Client Address: %7
Failure Code: %8
Logon GUID: %9
Transited Services: %10

Supercharger Free Edition

Examples of 673

Win2000

Service Ticket Granted
User Name: %1
User Domain: %2
Service Name: %3
Service ID: %4
Ticket Options: %5
Ticket Encryption Type: %6
Client Address: %7

Win2003

Service Ticket Request:
User Name:
User Domain:SERVER.APPLEADV.COM
Service Name:host/server1.server.appleadv.com
Service ID:-
Ticket Options:0x40830000
Ticket Encryption Type:-
Client Address:127.0.0.1
Failure Code:0xD
Logon GUID:-
Transited Services:-

Top 10 Windows Security Events to Monitor

Free Tool for Windows Event Collection

Mini-Seminars Covering Event ID 673

Insider Gone Bad: Tracking Their Steps and Building Your Case with the Security Log

Upcoming Webinars

Additional Resources

Encyclopedia

•	Event IDs
•	All Event IDs
•	Audit Policy

Go To Event ID:

Must be a 1-5 digit number No such event ID

Security Log
Quick Reference
Chart
Download now!

User name:
Password:
	/ Forgot?
	Register

October 2025 Patch Tuesday	"Patch Tuesday - 172 Updates Today and 6 Zero-Days! " - sponsored by LOGbinder

Follow @randyfsmith

About | Newsletter | Contact

Ultimate IT Security is a division of Monterey Technology Group, Inc. ©2006-2025 Monterey Technology Group, Inc. All rights reserved.
Disclaimer: We do our best to provide quality information and expert commentary but use all information at your own risk. For complaints, please contact abuse@ultimatewindowssecurity.com.