.

KGRKJGETMRETU895U-589TY5MIGM5JGB5SDFESFREWTGR54TY
Server : Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
System : Windows NT SERVER-PC 10.0 build 26200 (Windows 11) AMD64
User : ServerPC ( 0)
PHP Version : 8.2.12
Disable Function : NONE
Directory : C:/Windows/System32/en-US/
Upload File :
Current File : C:/Windows/System32/en-US/localkdcsvc.dll.mui
MZ����@���	�!�L�!This program cannot be run in DOS mode.

$�X=��9S��9S��9S������9S���Q��9S�Rich�9S�PEL�>�@�!&�

���@ ��8.rdata�@@.rsrc�� �@@�>�@
lPP�>�@$����8.rdata8.rdata$voltmdP�.rdata$zzzdbg �.rsrc$01�!�.rsrc$02 f���kZVO���r`�'t���;�ce�>�@x�8���P�h����������������	(	8	H	X	h�!�
�X,�� -���/4������MOFDATAKDCSVCMUIFOMB�
NKDS}�T�ԤB/��B�	!%0(K��&&@�$
0/@��l0-�1����(D" �y`O���{�(D�A�0Ӝ[�	�(��PJ�
CXm8%H�83j��C�o�X0��x����e(bS�Sr�%U�X��@�n�rO����<���{�Fj�*�GbA#�h��4���p���U��!�H�+�@N��C�E�Rq�tb�e����
u�v
%� ���1C��O�x���b�H�,KH5��i�$Dc�V(�s82�f�A����i�`!c�����5���r&������_�˜�f�<�Ϫ�h���9���t�k8's����A�� �t�B8�(O!������	�!!�/'����q��|�����>:��č����
��{����yx�x�`���	(~���=~��a�È��"���@|�����{�A�(%D�N���l����Rا�g[R`P#�a�yy<�a�G�q��:����O:dZ�1���0lD�1��4��0����o<�Ɂ�P ��<�F��r�@�>#��3>0�a3�X�U��?)�5�bt�Q�0�<f�s2����#
��58U�\ʧ�7����p��w0��<9S��2��AxpA��}��qw�۹���p�� �5����!u�.��(p��p��|�����|�x���.K�)�!r��y����!�=�a����=�(0��9�C{�dS:r����
f4A��dx3|�c
G����g_<f�z̀71cF�B|^9��o�7�����w��o�Ý��w��%���	�0_.���p�^���|�nS=y�5��]�8x�����	0�p�����{�lH�G>`�B�1�2Θ@��X)e���Ϙ���{C���)�Ԁ��;d\8*����I	�)�TG��$u���6g��s�Εo7o�Ɖ�v%X8O*��]����
+T�@�E0Գ�C&;��pOtl�E#�`�ӎ5��hM��~�=��L�e�זϘ4.�	��sT�C~T���?*��4bO�}���8�p���k82b� N���8�-�85��j��D<C>D��	<D�|��u�3f��c����c��Ĩ�Lٸ�A3jp�z��?j`v��q
����2��0��q�G7ܙ���y���ȉ������N������S�|�(܇ã>6L�`
�������4�>o`���z�f����L��h�����6���3es
�]37`�3e�	�O�s��鴄;"x��>6<48(�N;�a�=t��͓<�|?P|V�Z/D���9��v�������'�%�[<̭��E߬P4����p0P��ϮA5�É�׹<�x�]^��̦��]xF0&黂�p���_u0�ǆG<���H��I��?�����V�,|�����Bq�ثC�H8�Y��+���+E���V~7@i&�q�p�XpNgƂq21��#�n3�����X�YĂs�0�YĂ1c����`��X0fa,�,~?�������p0�J|D9�4ߩ1����N�=��g\�9N��="9"���-�0��'���a����A�g#�q��wP���
� �)�F;5,�P�wG����ޗ<#�p'�ü�c�hv��7��c�:)��t.t�C9�YyG�����S�h{0�P�;��c��
>?{V�`���)#�x#��_&>PP�0�3�+���3އ-~*e�Ց���pgW�gT̙�#}Hag
��3�q����f�����d\�n^����<���lȇ+����p�w�q��>j�B�T�k(<�14z��	{��a�]6
����L�;π�`���`��	�30�rt>7`Oz���T�9-X'=�l�c=%X6��:������={��C����	������*�9�O�q�G�s�:p<��'=�d`>�zd��t����<�Ǐ3���0�Oy4�� ��=΀wJq�F�rB��N,J�O؉x�9��c�onlZ����`�QB��O
,�aP(�@�}�Þ�ĝ�qȀ;.��h�����:0��d�EOs��7�)w܄=�y�a>ρ����A_�"�'cd�D�?���O_����� N�����C��0Nf�a�3���������~x�u����ѓ�d�)�u`��"��y">b��!`/�����?4����q�{�� ��B�>5�jP�F���Tj̘=(ixh\NK)�x��id��L6@X>@�-"���4{a�׮3 L�!�f�)P´8a�$��T�N;,�'��F0��aj\�2������@��� k2���9�!r��H�D`V�"�S�ș��&kã r^ �� } ��
��й�
�>�� ��W���D@N	DU�6��QMoY�B����P�O	�:����j�<*���� r: �������~Lpl4B�����aĬX��y0_��	�֠q�����MOFDATAMUIen-US&Kerberos Local Key Distribution CenterThis service enables users to log on to the local machine using the Kerberos authentication protocol. If this service is stopped, users will be unable to log on to the local machine. If this service is disabled, any services that explicitly depend on it will fail to start.PA		�88P00hPP�pp���T���� �-�H��lHd�j��Hx�x�d�����f,�;��g����P�����
���
�����t�hThe password on the KRBTGT account was changed.

Classic

Start

Stop

Error

Warning

 Information

KDC

(KDC Performance

Max

0KDC Extended Audit

@Could not find principal %1

tDomain %1 propagated to us but did not authenticate.

A request failed from client realm %1 for a ticket in realm %2. This failed because a trust link between the realms is non transitive.

HThis event indicates an attempt was made to use smartcard logon, but the KDC is unable to use the PKINIT protocol because it is missing a suitable certificate.

�The currently selected KDC certificate was once valid, but now is invalid and no suitable replacement was found. Smartcard logon may not function correctly if this problem is not remedied. Have the system administrator check on the state of the domain's public key infrastructure. The chain status is in the error data.

�The client certificate for the user %1\%2 is not valid, and resulted in a failed smartcard logon. Please contact the user for more information about the certificate they're attempting to use for smartcard logon. The chain status was : %3

dThe KDC encountered a trust loop when building a list of trusted domains. This indicates that the route to the domain %1 from this KDC has more than one possible trust path.

dThe KDC received invalid messages of type %1.

tA service ticket request by client %1 for %2 was rejected because User2User was required. The KDC responds with this error when a client requests a service ticket for a user principal (a security risk). The client must support User2User in order to obtain a service ticket for the requested service principal

8The account %1 from domain %2 is attempting to use S4USelf for the target client %3, but is not allowed to perform group expansion on this client's user object. It may be necessary to adjust the ACL on the TokenGroupsGlobalAndUniversal attribute on the target client's user object to allow S4USelf to function correctly. This can also be accomplished by adding %1 to the Windows Authorization Access Group.

When generating a cross realm referral from domain %1 the KDC was not able to find the suitable key to verify the ticket. The ticket key version in the request was %2 and the available key version was %3. This most common reason for this error is a delay in replicating the keys. In order to remove this problem try forcing replication or wait for the replication of keys to occur.

�The Key Distribution Center (KDC) cannot find a suitable certificate to use for smart card logons, or the KDC certificate could not be verified. Smart card logon may not function correctly if this problem is not resolved. To correct this problem, either verify the existing KDC certificate using certutil.exe or enroll for a new KDC certificate.

�The Kerberos Key Distribution Center failed to locate the forest or domain %1 to search.  Please ensure that the forest search order policy is correctly configured, and that this forest or domain is available.

hA ticket to the service %2 is issued for account %1. The size of the encrypted part of this ticket is %3 bytes, which is close or greater than the configured ticket size threshold (%4 bytes). This ticket or any additional tickets issued from this ticket might result in authentication failures if the client or server application allocates SSPI token buffers bounded by a value that is close to the threshold value.%nThe size of ticket is largely determined by the size of authorization data it carries. The size of authorization data is determined by the groups the account is member of, the claims data the account is setup for, and the resource groups resolved in the resource domain.

�The Key Distribution Center (KDC) uses a certificate without KDC Extended Key Usage (EKU) which can result in authentication failures for device certificate logon and smart card logon from non-domain-joined devices. Enrollment of a KDC certificate with KDC EKU (Kerberos Authentication template) is required to remove this warning.

�The Key Distribution Center (KDC) encountered failures when updating the krbtgt account for the Dynamic Access Control and Kerberos armoring policy capability for the domain. This update was performed so that all the domain controllers including read-only domain controllers (RODCs) in this domain could advertise support for Dynamic Access Control and Kerberos armoring. This failure indicates that there could be domain controllers that have not received updated krbtgt account values. If the update to the krbtgt account is in transit, then you can run Gpupdate /force as a possible workaround to this failure. More information about this update:%n%n  Object Rid: %1%n  Update bits: %2%n  Bitmask: %3%n  Error Code: %4%n

(The Key Distribution Center (KDC) has the Dynamic Access Control and Kerberos armoring policy configured for a level which requires a higher domain functional level. Until the domain functional level is raised, the KDC will only support the level configured as Supported.

�The Key Distribution Center (KDC) encountered a ticket-granting-ticket (TGT) from another KDC (%1) that did not contain a PAC attributes field. See https://go.microsoft.com/fwlink/?linkid=2173051 to learn more.

�The Key Distribution Center (KDC) encountered a ticket that did not contain a PAC while processing a request for another ticket. This prevented security checks from running and could open security vulnerabilities. See https://go.microsoft.com/fwlink/?linkid=2173051 to learn more.%n%n  Client: %1\\%2%n  Ticket for: %3%n

0The Key Distribution Center (KDC) encountered a ticket that did not contain information about the account that requested the ticket while processing a request for another ticket. This prevented security checks from running and could open security vulnerabilities. See https://go.microsoft.com/fwlink/?linkid=2173051 to learn more.%n%n  Ticket PAC constructed by: %1%n  Client: %2\\%3%n  Ticket for: %4%n

�The Key Distribution Center (KDC) encountered a ticket that contained inconsistent information about the account that requested the ticket. This could mean that the account has been renamed since the ticket was issued, which may have been part of an attempted exploit. See https://go.microsoft.com/fwlink/?linkid=2173051 to learn more.%n%n  Ticket PAC constructed by: %1%n  Client: %2\\%3%n  Ticket for: %4%n  Requesting Account SID from Active Directory: %5%n  Requesting Account SID from Ticket: %6%n

 The Key Distribution Center (KDC) encountered a user certificate that was valid but could not be mapped to a user in a secure way (such as via explicit mapping, key trust mapping, or a SID). Such certificates should either be replaced or mapped directly to the user via explicit mapping. See https://go.microsoft.com/fwlink/?linkid=2189925 to learn more.%n%n  User: %1%n  Certificate Subject: %2%n  Certificate Issuer: %3%n  Certificate Serial Number: %4%n  Certificate Thumbprint: %5%n  Certificate Issuance Policies: %6%n

lThe Key Distribution Center (KDC) encountered a user certificate that was valid but could not be mapped to a user in a secure way (such as via explicit mapping, key trust mapping, or a SID). The certificate also predated the user it mapped to, so it was rejected. See https://go.microsoft.com/fwlink/?linkid=2189925 to learn more.%n%n  User: %1%n  Certificate Subject: %2%n  Certificate Issuer: %3%n  Certificate Serial Number: %4%n  Certificate Thumbprint: %5%n  Certificate Issuance Policies: %6%n  Certificate Issuance Time: %7%n  Account Creation Time: %8%n

�The Key Distribution Center (KDC) encountered a user certificate that was valid but contained a different SID than the user to which it mapped. As a result, the request involving the certificate failed. See https://go.microsoft.com/fwlink/?linkid=2189925 to learn more.%n%n  User: %1%n User SID: %2%n Certificate Subject: %3%n  Certificate Issuer: %4%n  Certificate Serial Number: %5%n  Certificate Thumbprint: %6%n  Certificate Issuance Policies: %7%n  Certificate SID: %8%n

�The Kerberos Key Distribution Center lacks strong keys for account %1.%n%nYou must update the password of this account to prevent use of insecure cryptography. %n%nSee https://go.microsoft.com/fwlink/?linkid=2210019 to learn more.

�The Key Distribution Center (KDC) encountered a ticket that it could not validate the full PAC Signature. See https://go.microsoft.com/fwlink/?linkid=2210019 to learn more.%n%n  Client: %1\\%2%n

�The Key Distribution Center (KDC) encountered a ticket that did not contained the full PAC Signature. See https://go.microsoft.com/fwlink/?linkid=2210019 to learn more.%n%n  Client: %1\\%2%n

8The Key Distribution Center (KDC) encountered a client certificate that was valid but did not chain to a root in the NTAuth store. Support for certificates that do not chain to the NTAuth store is deprecated. See https://go.microsoft.com/fwlink/?linkid=2300705 to learn more.%n%n  User: %1%n  Certificate Subject: %2%n  Certificate Issuer: %3%n  Certificate Serial Number: %4%n  Certificate Thumbprint: %5%n

 Operational

0Performance Channel

lAS exchange performance: AS-REQ processing begins

�AS exchange performance: AS-REP or KRB-ERROR returned:%n%n    client domain: %1%n    client name: %2%n    server domain: %3%n    server name: %4%n    ErrorCode: %5%n    elapse: %6 milliseconds

pTGS exchange performance: TGS-REQ processing begins

�TGS exchange performance: TGS-REQ or KRB-ERROR returned:%n%n    client domain: %1%n    client name: %2%n    server domain: %3%n    server name: %4%n    ErrorCode: %5%n    elapse: %6 milliseconds

�Kerberos preauthentication by using DES or RC4 failed because the account was a member of the Protected User group.%n%nAccount Information:%n%tSecurity ID:%t%t%2%n%tAccount Name:%t%t%1%n%nService Information:%n%tService Name:%t%t%3%n%nNetwork Information:%n%tClient Address:%t%t%7%n%tClient Port:%t%t%8%n%nAdditional Information:%n%tTicket Options:%t%t%4%n%tFailure Code:%t%t%5%n%tPre-Authentication Type:%t%6%n%nCertificate Information:%n%tCertificate Issuer Name:%t%t%9%n%tCertificate Serial Number:%t%t%10%n%tCertificate Thumbprint:%t%t%11%n%nCertificate information is only provided if a certificate was used for pre-authentication.%n%nPre-authentication types, ticket options and failure codes are defined in RFC 4120.%n%nIf the ticket was malformed or damaged during transit and could not be decrypted, then many fields in this event might not be present.

�A Kerberos Ticket-granting-ticket (TGT) was denied because the device does not meet the access control restrictions.%n%nAccount Information:%n%tAccount Name:%t%t%1%n%tSupplied Realm Name:%t%2%n%tUser ID:%t%t%t%3%n%nAuthentication Policy Information:%n%tSilo Name:%t%t%16%n%tPolicy Name:%t%t%17%n%tTGT Lifetime:%t%t%18%n%nDevice Information:%n%tDevice Name:%t%t%4%n%nService Information:%n%tService Name:%t%t%5%n%tService ID:%t%t%6%n%nNetwork Information:%n%tClient Address:%t%t%11%n%tClient Port:%t%t%12%n%nAdditional Information:%n%tTicket Options:%t%t%7%n%tResult Code:%t%t%8%n%tTicket Encryption Type:%t%9%n%tPre-Authentication Type:%t%10%n%nCertificate Information:%n%tCertificate Issuer Name:%t%t%13%n%tCertificate Serial Number:%t%t%14%n%tCertificate Thumbprint:%t%t%15%n%nCertificate information is only provided if a certificate was used for pre-authentication.%n%nPre-authentication types, ticket options, encryption types and result codes are defined in RFC 4120.

�A Kerberos service ticket was denied because the user, device, or both does not meet the access control restrictions.%n%nAccount Information:%n%tAccount Name:%t%t%1%n%tAccount Domain:%t%t%2%n%tLogon GUID:%t%t%11%n%nAuthentication Policy Information:%n%tSilo Name:%t%t%13%n%tPolicy Name:%t%t%14%n%nDevice Information:%n%tDevice Name:%t%t%3%n%nService Information:%n%tService Name:%t%t%4%n%tService ID:%t%t%5%n%nNetwork Information:%n%tClient Address:%t%t%8%n%tClient Port:%t%t%9%n%nAdditional Information:%n%tTicket Options:%t%t%6%n%tTicket Encryption Type:%t%7%n%tFailure Code:%t%t%10%n%tTransited Services:%t%12%n%nThis event is generated every time access is requested to a resource such as a computer or a Windows service.  The service name indicates the resource to which access was requested.%n%nThis event can be correlated with Windows logon events by comparing the Logon GUID fields in each event.  The logon event occurs on the machine that was accessed, which is often a different machine than the domain controller which issued the service ticket.%n%nTicket options, encryption types, and failure codes are defined in RFC 4120.

xThe Key Distribution Center (KDC) failed to validate its current KDC certificate. This KDC might not be enabled for smart card or certificate authentication.%n%nKdc Certificate Information:%n  Issuer Name: %1%n  Serial Number: %2%n  Thumbprint: %3%n  Template: %4%n  Kerberos Error: %5%n  Validation Error: %6%n

0The Key Distribution Center (KDC) cannot find a suitable certificate to use. This KDC is not enabled for smart card or certificate authentication.

pThe Key Distribution Center (KDC) is being started.

�The Key Distribution Center (KDC) has stopped with error code: %1

�The Key Distribution Center (KDC) uses the below KDC certificate for smart card or certificate authentication.%n%nKdc Certificate Information:%n  Issuer Name: %1%n  Serial Number: %2%n  Thumbprint: %3%n  Template: %4%n

tA Kerberos ticket-granting-ticket (TGT) was issued for a member of the Protected User group.%n%nAccount Information:%n%tAccount Name:%t%t%1%n%tSupplied Realm Name:%t%2%n%tUser ID:%t%t%t%3%n%nAuthentication Policy Information:%n%tSilo Name:%t%t%16%n%tPolicy Name:%t%t%17%n%tTGT Lifetime:%t%t%18%n%nDevice Information:%n%tDevice Name:%t%t%4%n%nService Information:%n%tService Name:%t%t%5%n%tService ID:%t%t%6%n%nNetwork Information:%n%tClient Address:%t%t%11%n%tClient Port:%t%t%12%n%nAdditional Information:%n%tTicket Options:%t%t%7%n%tResult Code:%t%t%8%n%tTicket Encryption Type:%t%9%n%tPre-Authentication Type:%t%10%n%nCertificate Information:%n%tCertificate Issuer Name:%t%t%13%n%tCertificate Serial Number:%t%t%14%n%tCertificate Thumbprint:%t%t%15%n%nCertificate information is only provided if a certificate was used for pre-authentication.%n%nPre-authentication types, ticket options, encryption types and result codes are defined in RFC 4120.

�A Kerberos service ticket was issued for a member of the Protected User group.%n%nAccount Information:%n%tAccount Name:%t%t%1%n%tAccount Domain:%t%t%2%n%tLogon GUID:%t%t%11%n%nAuthentication Policy Information:%n%tSilo Name:%t%t%13%n%tPolicy Name:%t%t%14%n%nDevice Information:%n%tDevice Name:%t%t%3%n%nService Information:%n%tService Name:%t%t%4%n%tService ID:%t%t%5%n%nNetwork Information:%n%tClient Address:%t%t%8%n%tClient Port:%t%t%9%n%nAdditional Information:%n%tTicket Options:%t%t%6%n%tTicket Encryption Type:%t%7%n%tFailure Code:%t%t%10%n%tTransited Services:%t%12%n%nThis event is generated every time access is requested to a resource such as a computer or a Windows service.  The service name indicates the resource to which access was requested.%n%nThis event can be correlated with Windows logon events by comparing the Logon GUID fields in each event.  The logon event occurs on the machine that was accessed, which is often a different machine than the domain controller which issued the service ticket.%n%nTicket options, encryption types, and failure codes are defined in RFC 4120.

 A Kerberos ticket-granting-ticket (TGT) was issued, but it will be denied when Authentication Policy is enforced because the device does not meet the access control restrictions.%n%nAccount Information:%n%tAccount Name:%t%t%1%n%tSupplied Realm Name:%t%2%n%tUser ID:%t%t%t%3%n%nAuthentication Policy Information:%n%tSilo Name:%t%t%16%n%tPolicy Name:%t%t%17%n%tTGT Lifetime:%t%t%18%n%nDevice Information:%n%tDevice Name:%t%t%4%n%nService Information:%n%tService Name:%t%t%5%n%tService ID:%t%t%6%n%nNetwork Information:%n%tClient Address:%t%t%11%n%tClient Port:%t%t%12%n%nAdditional Information:%n%tTicket Options:%t%t%7%n%tResult Code:%t%t%8%n%tTicket Encryption Type:%t%9%n%tPre-Authentication Type:%t%10%n%nCertificate Information:%n%tCertificate Issuer Name:%t%t%13%n%tCertificate Serial Number:%t%t%14%n%tCertificate Thumbprint:%t%t%15%n%nCertificate information is only provided if a certificate was used for pre-authentication.%n%nPre-authentication types, ticket options, encryption types and result codes are defined in RFC 4120.

�	A Kerberos service ticket was issued, but it will be denied when Authentication Policy is enforced for a member of the Protected User group because the user, device, or both does not meet the access control restrictions.%n%nAccount Information:%n%tAccount Name:%t%t%1%n%tAccount Domain:%t%t%2%n%tLogon GUID:%t%t%11%n%nAuthentication Policy Information:%n%tSilo Name:%t%t%13%n%tPolicy Name:%t%t%14%n%nDevice Information:%n%tDevice Name:%t%t%3%n%nService Information:%n%tService Name:%t%t%4%n%tService ID:%t%t%5%n%nNetwork Information:%n%tClient Address:%t%t%8%n%tClient Port:%t%t%9%n%nAdditional Information:%n%tTicket Options:%t%t%6%n%tTicket Encryption Type:%t%7%n%tFailure Code:%t%t%10%n%tTransited Services:%t%12%n%nThis event is generated every time access is requested to a resource such as a computer or a Windows service.  The service name indicates the resource to which access was requested.%n%nThis event can be correlated with Windows logon events by comparing the Logon GUID fields in each event.  The logon event occurs on the machine that was accessed, which is often a different machine than the domain controller which issued the service ticket.%n%nTicket options, encryption types, and failure codes are defined in RFC 4120.

�The Key Distribution Center (KDC) used the PKINIT protocol with encryption mode for the client %1.

8The Key Distribution Center (KDC) is unable to use the PKINIT protocol because the client %1 requested encryption mode and the KDC does not support it.

�The kerberos client used a hash algorithm for the PKINIT protocol that is being audited: %1.

�The kerberos client used a hash algorithm for the PKINIT protocol that is not suppported: %1.

�The Kerberos client did not supply a supported encryption type for use with the PKINIT protocol using encryption mode.%n Client Principal Name: %1%n Client IP Address: %2%n Client Supplied NetBIOS Name: %3

The Key Distribution Center (KDC) has an invalid hash algorithm configuration for PKINIT. This might result in PKINIT failures.

�The Key Distribution Center (KDC) encountered invalid certificate strong name match policy.%n%n Faulting line: %1%n

An unauthorized Kerberos client attempted to fetch DMSA keys.%n%nError code: %1%nMachine: %2%nDMSA: %3%nMigration State: %4%n

�A Kerberos client attempted to fetch DMSA keys.%n%nDMSA: %1%nMachine: %2%nError Code: %3%n

�A Kerberos authentication ticket (TGT) was requested.%n%nAccount Information:%n%tAccount Name:%t%t%1%n%tSupplied Realm Name:%t%2%n%tUser ID:%t%t%t%3%n%nService Information:%n%tService Name:%t%t%4%n%tService ID:%t%t%5%n%n

�A Kerberos service ticket was requested.%n%nAccount Information:%n%tAccount Name:%t%t%1%n%tAccount Domain:%t%t%2%n%tLogon GUID:%t%t%10%n%nService Information:%n%tService Name:%t%t%3%n%tService ID:%t%t%4%n%n

�The KDC failed to update policy class %1. The error is in the data.

�The KDC failed to update the trusted domain list. The error is in the data.

0The Security Account Manager failed a KDC request in an unexpected way. The error is in the data field. The account name was %1 and lookup type %2.

�The account %1 did not have a suitable key for generating a Kerberos ticket. If the encryption type is supported, changing or setting the password will generate a proper key.  The missing key type may be in the data field.

�The attempt to change the password on the KRBTGT account failed. The error code is in the data field

LThe KDC encountered duplicate names while processing a Kerberos authentication request. The duplicate name is %1 (of type %2). This may result in authentication failures or downgrades to NTLM. In order to prevent this from occurring remove the duplicate entries for %1 in Active Directory.

�The account for %1 has corrupt keys stored in the DS. Changing or setting the password should restore correct keys.

\While processing an AS request for target service %1, the account %2 did not have a suitable key for generating a Kerberos ticket (the missing key has an ID of %3). The requested etypes : %4. The accounts available etypes : %5. Changing or resetting the password of %6 will generate a proper key.

�The request for an AS ticket for client %1 was forwarded to the PDC. An invalid response to this forwarded request was detected and could indicate an attempt to spoof your PDC. There may be additional information in the data field.

lWhile processing a TGS request for the target server %1, the account %2 did not have a suitable key for generating a Kerberos ticket (the missing key has an ID of %3). The requested etypes were %4. The accounts available etypes were %5. Changing or resetting the password of %6 will generate a proper key.

�When updating policy class %1, the KDC encountered invalid policy data and has failed to update the policy.

During TGS processing, the KDC was unable to verify the signature on the PAC from %1. This indicates the PAC was modified.

�While processing an AS request for target service %1, the account %2 did not have a suitable key for generating a Kerberos ticket (the missing key has an ID of %3). The requested etypes were %4. The accounts available etypes were %5.

�While processing a TGS request for the target server %1, the account %2 did not have a suitable key for generating a Kerberos ticket (the missing key has an ID of %3). The requested etypes were %4. The accounts available etypes were %5.

�4VS_VERSION_INFO��
j�e
j�e?StringFileInfo�040904B0LCompanyNameMicrosoft CorporationLFileDescriptionLocal KDC Servicen'FileVersion10.0.26100.4202 (WinBuild.160101.0800)@InternalNamelocalkdcsvc.dll�.LegalCopyright� Microsoft Corporation. All rights reserved.POriginalFilenamelocalkdcsvc.dll.muij%ProductNameMicrosoft� Windows� Operating SystemDProductVersion10.0.26100.4202DVarFileInfo$Translation	�PADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGX
Anon7 - 2021