A user account that has been
revoked is trying to authenticate using Kerberos, in turn, failing
the Kerberos pre-authentication phase (ticket-granting ticket or
Authenticate using the
principal in the TGT, not knowing that it has been revoked.
you have issues with your Directory Sync Services failing to sync
data from Active Directory.
Check whether the attempt to use the principals (user accounts)
specified in the alert are legitimate. For example, a user or a
script that was not updated that the account has been revoked.
The lockout can be temporary, for example, in the case of
too many login attempts, and may not be visible after the account
was released. Search for Windows Event Log 4740 to
ascertain whether the account was locked out during the time of