Share via

Many Event 4768, Ms Windows security auditing with Event id 1108 error log

EcoAxis 376 Reputation points
2024-10-25T07:43:41.68+00:00

Many Event 4768, Ms Windows security auditing with Event id 1108 error log are found on Server 2022 standard (OS build: 20348.2762) which is applied with latest win update.

ms1

https://www.reddit.com/r/sysadmin/comments/1dyu3ia/comment/ldntqu4/

Have google the problem but still not find the solution. Please help and advise.

Windows Server 2019
Windows Server 2019
A Microsoft server operating system that supports enterprise-level management updated to data storage.
3,804 questions
Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
13,267 questions
Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
6,666 questions
Windows Server Management
Windows Server Management
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.Management: The act or process of organizing, handling, directing or controlling something.
442 questions
Windows Server Security
Windows Server Security
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
1,856 questions
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Yanhong Liu 12,505 Reputation points Microsoft Vendor
    2024-10-28T02:59:57.02+00:00

    Hello,

    Here’s a breakdown of what these events mean and some potential solutions:

    Event ID 4768

    This event indicates that a Kerberos Ticket Granting Ticket (TGT) was requested. It’s typically logged on domain controllers and can indicate issues if the ticket request fails. If you're seeing failures, check the Result Code in the event details, a non-zero code indicates a problem.

    Please refer to the official link description of event 4768: 4768(S, F) A Kerberos authentication ticket (TGT) was requested. - Windows 10 | Microsoft Learn

    Event ID 1108

    This event usually signifies that the event logging service encountered an error while processing an incoming event. It can often be linked to issues with Event ID 4688, which logs process creation events.

    To resolve this issue, install the November 29, 2022 - KB5020044 (OS Build 22621.900) Preview Cumulative Update. After updating to 22621.900, the 1108 events should stop.

    Please refer to similar threads: Windows 11 EVENT 1108 The event logging service encountered an error - Microsoft Community

    I hope the information above is helpful.

    Best Regards,

    Yanhong Liu

    ============================================

    If the Answer is helpful, please click "Accept Answer" and upvote it.

    0 comments
  2. EcoAxis 376 Reputation points
    2024-10-30T04:12:54.4066667+00:00

    @Yanhong Liu

    Thanks for your reply. KB5020044 does not apply to Server 2022.

    https://www.reddit.com/r/sysadmin/comments/1e67q6y/security_event_4768_empty_post_upgrade_of_dcs/

    https://www.reddit.com/r/sysadmin/comments/1fda3gu/comment/lmm4vdp/?utm_source=embedv2&utm_medium=comment_embed&utm_content=action_bar&embed_host_url=https%3A%2F%2Fpublish.reddit.com%2Fembed

    Found that above are the closet solution but it seems related to Microsoft Bug. Don't want to take risk to solve it manually as the machine is at remote site. Will Microsoft release update to solve this issue later?

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.