No Suitable Encryption Key Found For Generating Kerberos Ticket

calendar Sep 22, 2025 · attack.credential-access attack.t1558.003  ·
Share on: linkedin copy

Detects errors when a target server doesn't have suitable keys for generating kerberos tickets. This issue can occur for example when a service uses a user account or a computer account that is configured for only DES encryption on a computer that is running Windows 7 which has DES encryption for Kerberos authentication disabled.

Sigma rule (View on GitHub)

 1title: No Suitable Encryption Key Found For Generating Kerberos Ticket
 2id: b1e0b3f5-b62e-41be-886a-daffde446ad4
 3status: test
 4description: |
 5    Detects errors when a target server doesn't have suitable keys for generating kerberos tickets.
 6    This issue can occur for example when a service uses a user account or a computer account that is configured for only DES encryption on a computer that is running Windows 7 which has DES encryption for Kerberos authentication disabled.    
 7references:
 8    - https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/dd348773(v=ws.10)
 9    - https://learn.microsoft.com/en-us/troubleshoot/windows-server/windows-security/kdc-event-16-27-des-encryption-disabled
10author: '@SerkinValery'
11date: 2024-03-07
12modified: 2025-09-22
13tags:
14    - attack.credential-access
15    - attack.t1558.003
16logsource:
17    product: windows
18    service: system
19detection:
20    selection:
21        Provider_Name:
22            - 'Kerberos-Key-Distribution-Center'
23            - 'Microsoft-Windows-Kerberos-Key-Distribution-Center'
24        EventID:
25            - 16 # KDCEVENT_NO_KEY_INTERSECTION_TGS
26            - 27 # KDCEVENT_UNSUPPORTED_ETYPE_REQUEST_TGS
27    condition: selection
28falsepositives:
29    - Unknown
30level: low

References

Related rules

to-top