PAC Verification Failure Rule

Run As Profiles

Name
Default

Alert Details

Message Priority Severity
PAC Verification Failure Medium Critical

Rule Knowledgebase

Summary

Kerberos failed to verify the signature on the Privilege Attribute Certificate (PAC) field in the Kerberos ticket from the Key Distribution Center (KDC). This indicates that the PAC field was modified.

This is significant because the PAC field is used to store the user’s token. It is possible that someone is attempting to break into your system.

In rare circumstances, it is possible that a memory problem on a router corrupted the packet during transmission.

Causes
This rule does not contain any causes.
Resolutions

Verify that the ticket-granting service (TGS) reply packet originated from the KDC. If it did not, investigate a possible attempt to break in to your system.

If the packet did originate from the KDC, reset the machine account password for the KDC.

External References

For more information, see:

See Also for Active Directory (AD) Monitoring Management Pack


Downloads for Active Directory (AD) Monitoring Management Pack

AZURE OPTIMIZATION ASSESSMENT GET STARTED
MIGRATION TO AZURE GET STARTED
SYSTEM CENTER MIGRATION TO AZURE GET STARTED
MIGRATION TO AZURE FOR SQL AND WINDOWS 2008 GET STARTED