Audit failure: Event ID 4771

One of my user keep getting locked out and when I ran the Account Lockout Status (LockoutStatus.exe), I could not find any information related to the lockout.

Log Name:      Security

Source:        Microsoft-Windows-Security-Auditing

Date:          8/15/2013 3:06:07 AM

Event ID:      4771

Task Category: Kerberos Authentication Service

Level:         Information

Keywords:      Audit Failure

User:          N/A

Computer:      DC.domain.org

Description:

Kerberos pre-authentication failed.

Account Information:

               Security ID:                        CBPP\john

               Account Name:                 john

Service Information:

               Service Name:                   krbtgt/domain

Network Information:

               Client Address:                  ::ffff:10.0.0.33

               Client Port:                         50332

Additional Information:

               Ticket Options:                  0x40810010

               Failure Code:                     0x12

               Pre-Authentication Type:               0

Certificate Information:

               Certificate Issuer Name:               

               Certificate Serial Number:            

               Certificate Thumbprint:                 

Certificate information is only provided if a certificate was used for pre-authentication.

Pre-authentication types, ticket options and failure codes are defined in RFC 4120.

If the ticket was malformed or damaged during transit and could not be decrypted, then many fields in this event might not be present.

Event Xml:

<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">

  <System>

    <Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-A5BA-3E3B0328C30D}" />

    <EventID>4771</EventID>

    <Version>0</Version>

    <Level>0</Level>

    <Task>14339</Task>

    <Opcode>0</Opcode>

    <Keywords>0x8010000000000000</Keywords>

    <TimeCreated SystemTime="2013-08-15T07:06:07.328366400Z" />

    <EventRecordID>34664985</EventRecordID>

    <Correlation />

    <Execution ProcessID="500" ThreadID="1204" />

    <Channel>Security</Channel>

    <Computer>CBPP-DC.cbpp.org</Computer>

    <Security />

  </System>

  <EventData>

    <Data Name="TargetUserName">johnson</Data>

    <Data Name="TargetSid">S-1-5-21-1292428093-1383384898-1417001333-1138</Data>

    <Data Name="ServiceName">krbtgt/cbpp</Data>

    <Data Name="TicketOptions">0x40810010</Data>

    <Data Name="Status">0x12</Data>

    <Data Name="PreAuthType">0</Data>

    <Data Name="IpAddress">::ffff:10.0.0.33</Data>

    <Data Name="IpPort">50332</Data>

    <Data Name="CertIssuerName">

    </Data>

    <Data Name="CertSerialNumber">

    </Data>

    <Data Name="CertThumbprint">

    </Data>

  </EventData>

</Event>